The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

strange temp ban?

Discussion in 'General Discussion' started by Zion Ahead, Mar 1, 2008.

  1. Zion Ahead

    Zion Ahead Well-Known Member

    Joined:
    Nov 10, 2006
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    I'm not sure what's going on. But the past couple of days I've been noticing this strange, what appears to be a temp ban from my own personal site (yet other domains on the same server of mine can be accessed without an issue during the temp ban). I *can* see the site via proxy without a problem, while unable during the temp ban which seems to last about 5-10 minutes. Its a vbulletin forum too.

    I am using CSF firewal. I even logged and saw the temp ip ban list empty. My ip was not listed in the main block of course. What could cause this? It only started about a day or two ago and I did not do anything to the configuration.

    Is it possible that it would be dos deflate? I'm using Apache 2.2, PHP 5.2.5 and MySQL 5.
     
  2. dflteche

    dflteche Member

    Joined:
    Dec 30, 2007
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Hey,

    check with your .htaccess file and see if there are any deny IP's in it, if so remove them....
     
  3. Zion Ahead

    Zion Ahead Well-Known Member

    Joined:
    Nov 10, 2006
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    That makes no sense at all. What part of "temporary" did you not understand???
     
  4. darren.nolan

    darren.nolan Well-Known Member

    Joined:
    Oct 4, 2007
    Messages:
    259
    Likes Received:
    0
    Trophy Points:
    16
    I believe when it came to my setup with CSF - any login-fail, mod_security break etc. that CSF would do a "temp" ban permanently. Sounds like you've fixed that up however.

    CSF will block anyone that does hits mod_security too often. I know that with things like vbulletin, phpMyAdmin and more - they often use long URLs - which mod_security doesn't like and takes as an "attempted attack".

    Check your mod_security log, check for breaks on your site, find the rule that's causing the error and remove it if it's safe to do so.

    Cheers,
     
  5. Zion Ahead

    Zion Ahead Well-Known Member

    Joined:
    Nov 10, 2006
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    "No entries found in /usr/local/apache/logs/modsec_audit.log"

    Nothing in the logs.
     
  6. darren.nolan

    darren.nolan Well-Known Member

    Joined:
    Oct 4, 2007
    Messages:
    259
    Likes Received:
    0
    Trophy Points:
    16
    Strange.

    When you get a temp ban - in CSF you can ask to be notified of email - is this your current setup?

    If so it should tell you why the ban is occurring. Maybe check the log for CSF for any clues.
     
  7. gtgeorge

    gtgeorge Well-Known Member

    Joined:
    Feb 28, 2007
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    CSF would block you from the entire server, not just your site. You must have something running on that particular site that is blocking you. Any scripts running there?
     
Loading...

Share This Page