I went and got myself blocked - help please!

qbacca

Member
May 2, 2002
6
0
301
I'm a CPanel newbie, so be nice...;)

I know that there is a command, /usr/sbin/killroute that adds an IP address to some sort of &ignore& list.

Well, somehow I have managed to get myself placed on that ignore list. I have broadband with a static IP, so I can't just renew my IP address.

Where is this &ignore& list, and how do I get my IP address off of it??? Currently I do not have any access to my own webserver :(

Thanks!
 

qbacca

Member
May 2, 2002
6
0
301
no go

I just ran /scripts/unblockip, and I get:

What ip do you want to unblock? XX.XXX.XXX.XXX
SIOCDELRT: No such process

Any other ideas or suggestions?
 

qbacca

Member
May 2, 2002
6
0
301
hosts.deny is empty

Other than a commented out message, hosts.deny is empty.

I really appreciate your taking the time to help me... any other suggestions?

Marc
 

feanor

Well-Known Member
Aug 13, 2001
836
0
316
How are you deeming yourself &blacklisted& or &blocked& ?

Can you connect to any service at all, on your machine?
If not there is definitely something in the routing table on your server that is blocking you completely.
 

qbacca

Member
May 2, 2002
6
0
301
No connections of any type

I cannot connect in any way shape or form - I have tried ping, tracert, http, ssh, pop, smtp... I always get host not found, or host not available. For tracert, the last hop that is shown is the router right before the server.

I don't think the router is the problem, as I can connect to other servers behind the same router.

If I go to anonymizer.com I can get in to the server via http... my dialup allows me to connect, my partner can connect, and the various tracert tools around the internet can all connect...

Thanks,
Marc
 

Mat

Well-Known Member
Sep 26, 2001
55
0
306
You might check ipchains...


ipchains -L

If your listed in the input... You can flush it by:

ipchains -F input
 

jdatwood

Active Member
May 10, 2002
32
0
306
IP chains not the prob

That was tried 2 days ago. Not the prob unfortunately
 

jdatwood

Active Member
May 10, 2002
32
0
306
DIR doesn't exist

I can't find
/var/portsentry

It's not listed....

I was able to find
/var/log/portsentry

If I find the IP in one of these logs, how can I unban the IP via portsentry?
 

qbacca

Member
May 2, 2002
6
0
301
re: /var/portsentry

We definately do not have a /var/portsentry directory:

[email protected] [/]# cd /var/portsentry
bash: cd: /var/portsentry: No such file or directory

If it's supposed to be there, could that be the problem? Would an uninstall and reinstall of Cpanel help? (I'm a Windoze guy, so that's how my brain works ;-)


(jdatwood and I are together, btw)
 

Dotcoms

Active Member
Dec 17, 2001
25
0
301
Do the following:-

vi /etc/portsentry/portsentry.conf

Find the following lines:

# 0 = Do not block UDP/TCP scans.
# 1 = Block UDP/TCP scans.
# 2 = Run external command only (KILL_RUN_CMD)

BLOCK_UDP=&0&
BLOCK_TCP=&0&

Make sure the values are &0& else if you ping your box you will be blocked.

Exit and save portsentry.conf

Do:-

/etc/rc.d/init.d/portsentry stop

route del -n xxx.xxx.xxx.xxx (Your IP address)

/etc/rc.d/init.d/portsentry start

Hope that helps

Steve
 

Drake

Well-Known Member
Nov 9, 2001
83
0
306
New Jersey
cPanel Access Level
DataCenter Provider
Please tell... What did you do to get yourself blocked?

...And... what service(s) are you blocked from?

Your IP could usually be being blocked from 2 different places:

/var/portsentry/portsentry.blocked.tcp (and or blocked.udp)

or /etc/hosts.deny

You should first locate those files and see if your IP # is in there.
If so, edit it and take your IP out of there.

Hey.. if you're totally blocked, how are you even gaining telnet or ssh access to the box to even check if you have those files?

If you can get in to shell access, you aren't blocked by your IP.

Another thought: Are you remotely accessing the box from a static IP or from a dial up? Dial ups are usually not static, therefore you get a new IP every time you dial it up.
 

qbacca

Member
May 2, 2002
6
0
301
Problem solved - bug in cpanel?

Ok, here's the deal -

our server has 4 IP addresses, one in the 209.x.x.x block, and 3 from the 66.x.x.x block.

There was something about the default ipaliases script that caused (I don't know exactly what - my network guy figured this out) all traffic from 66.*.*.* to be ignored.

The fix was to SSH in and do

service network restart

This fixes the problem every time. So, every time we reboot the server, cpanel's ipaliases script runs, and kills traffic from 66.*.*.* - we do the service network restart, and I have access again.

Weird bug? Who knows - I'm just glad I have access again.

Marc