Unable To Access VPS Server or Site

[Brian Johnson]

I am currently completely unable to access my VPS server or website. The following methods ALL timeout every single time:

Browser access to the website
Direct Browser access to the WHM interface
FTP
SFTP
SSH

I recently did some security updates on the server (to achieve PCI compliance), all successfully. It had been weeks since I changed anything, and then I also of the sudden got locked out. Note that I am the only one who can't access it, and every device on my network (same IP) is similarly unable to access it.

I figured I was just blacklisted, but my host (Godaddy) has gone in and cleared the blacklist and added me to the whitelist, and still nothing.

A traceroute when pinging the server IP reveals that the request gets out of my network just fine, and then times out when trying to access secureserver.net (A godaddy domain).

I have spoken to Godaddy server support, and they say they are looking in to it, and that possible I was blocked by Godaddy on a deeper level. Haven't heard anything back yet though and it's been more than a week.

Any ideas? If there is a specific security setting or module that may be locking me out and Godaddy wouldn't have thought of it, that would be a good place to look. I can probably access it temporarily using my phone as a hotspot to get a different IP address.

 

[LostNerd]

Being honest, that sounds like a hardware firewall at GoDaddy that is blocking you, but don't quote me on that! I may be wrong...

 

[dalem]

A whole week of no access that's some real fine support there
Do you have console or vnc access so you can trace from your server back to your ip and disable your firewall

LostNerd may be correct your ip may be nulled to the godaddy network
do a trace from an IP you can access your server from then do a trace from your blocked ip and compare the traces to see if its blocked at the router level or at the server level.

 

[Infopro]

I can probably access it temporarily using my phone as a hotspot to get a different IP address.

Probably? I think that would be something I'd check 5 minutes after I realized I may have locked myself out.

 

[LostNerd]

Can you run a traceroute from your blocked IP and post it? I'm quite interested in working out the issue as I'm sure dalem is too!

 

[Brian Johnson]

Okay, I tested whether I can use my phone as a hotspot and connect to the server and the answer is yes. However, I was unable to actually get in to WHM because logging in from the Godaddy admin brought up some page about being down for maintenance, and then logging in directly didn't work because for some reason none of my user names or passwords work anymore.

On a related note, after about 4 failed WHM login attempts, I appear to be blocked at that IP as well. So I guess that bridge is burned...

Before that, I got in to the domain's cpanel just fine. I noticed that I had the option to disable mod security. Is this something I should try briefly to see if I can get in?

Anyway, here are the requested traceroutes. The first one is from the blocked IP, the second one is from the mobile hotspot:

Tracing route to ip-166-62-37-xxx.ip.secureserver.net [166.62.37.xxx]
over a maximum of 30 hops:

  1     1 ms     1 ms     1 ms  YourWifiMadeMeS [192.168.1.1]
  2     9 ms    10 ms    10 ms  96.120.48.109
  3    10 ms    11 ms    18 ms  te-0-0-0-5-sur02.smpls.mn.minn.comcast.net [68.8
5.165.9]
  4    11 ms    15 ms    13 ms  te-0-4-0-2-ar01.roseville.mn.minn.comcast.net [1
62.151.54.189]
  5    20 ms    19 ms    19 ms  he-1-11-0-0-cr01.350ecermak.il.ibone.comcast.net
[68.86.94.73]
  6    19 ms    19 ms    19 ms  he-0-10-0-0-pe04.350ecermak.il.ibone.comcast.net
[68.86.83.50]
  7    19 ms    19 ms    19 ms  as26496-1-c.350ecermak.il.ibone.comcast.net [23.
30.207.222]
  8    82 ms    77 ms    77 ms  be39.trmc0215-01.ars.mgmt.phx3.gdg [184.168.0.73
]
  9    76 ms    76 ms    77 ms  be39.trmc0215-01.ars.mgmt.phx3.gdg [184.168.0.73
]
10    78 ms    77 ms    77 ms  ip-208-109-112-121.ip.secureserver.net [208.109.
112.121]
11     *        *        *     Request timed out.
12     *        *        *     Request timed out.
13     *        *        *     Request timed out.
14     *        *        *     Request timed out.
15     *        *        *     Request timed out.
16     *        *        *     Request timed out.
17     *        *        *     Request timed out.
18     *        *        *     Request timed out.
19     *        *        *     Request timed out.
20     *        *        *     Request timed out.
21     *        *        *     Request timed out.
22     *        *        *     Request timed out.
23     *        *        *     Request timed out.
24     *        *        *     Request timed out.
25     *        *        *     Request timed out.
26     *        *        *     Request timed out.
27     *        *        *     Request timed out.
28     *        *        *     Request timed out.
29     *        *        *     Request timed out.
30     *        *        *     Request timed out.

Trace complete.



Second one:


Tracing route to ip-166-62-37-xxx.ip.secureserver.net [166.62.37.xxx]
over a maximum of 30 hops:

  1     4 ms     3 ms     4 ms  192.168.1.1
  2     *        *        *     Request timed out.
  3    36 ms    40 ms    39 ms  10.156.23.91
  4    53 ms    52 ms    36 ms  10.156.20.198
  5    41 ms    31 ms    42 ms  10.156.20.193
  6    62 ms    31 ms    60 ms  66.1.20.243
  7    34 ms    27 ms    31 ms  sl-crs2-msp-.sprintlink.net [144.223.70.185]
  8    38 ms    50 ms    64 ms  144.232.10.182
  9    68 ms    68 ms    69 ms  144.232.1.104
10    44 ms    47 ms    42 ms  chp-brdr-04.inet.qwest.net [63.146.26.113]
11     *        *        *     Request timed out.
12   112 ms    98 ms    88 ms  63-232-81-254.dia.static.qwest.net [63.232.81.25
4]
13   102 ms    99 ms    99 ms  be38.trmc0215-01.ars.mgmt.phx3.gdg [184.168.0.69
]
14    98 ms    98 ms   102 ms  be38.trmc0215-01.ars.mgmt.phx3.gdg [184.168.0.69
]
15   155 ms   102 ms   105 ms  ip-208-109-112-121.ip.secureserver.net [208.109.
112.121]
16   103 ms    96 ms    89 ms  ip-166-62-37-xxx.ip.secureserver.net [166.62.37.
xxx]

Trace complete.

 

[Brian Johnson]

Based on the fact that I got locked out in the same manner, again, after failing to log in 4 or 5 times to WHM, I think this may actually be just a normal Server security lockout.

The people at Godaddy checked the most common, standard blacklist on the server to make sure I wasn't blocked. But remember, I just hardened the server for PCI compliance. I added some standard security features.

What other typical security plugins or protocols could have locked me out? I think that would be the first place to look.

 

[Brian Johnson]

SOLVED! Using my phone as an access point again, I was able to finally get into the server and poke around a bit. Using my hunch that it was just a normal plugin or module, I looked for anything security related.

Eventually I looked at ConfigServer Security & Firewall. Turns out my IP was listed in its block table. Removing it, and adding myself to the whitelist solved the problem.

Godaddy probably saw CPHulk and added me to the whitelist there, but CSF was still blocking me. Simple fix! One I wish I would have known about 2 weeks ago :/

 

[cPanelMichael]

Hello,

I am happy to see the issue is now resolved. Thank you for updating us with the outcome.

 

[georgeb]

SOLVED! Using my phone as an access point again, I was able to finally get into the server and poke around a bit. Using my hunch that it was just a normal plugin or module, I looked for anything security related.

Eventually I looked at ConfigServer Security & Firewall. Turns out my IP was listed in its block table. Removing it, and adding myself to the whitelist solved the problem.

Godaddy probably saw CPHulk and added me to the whitelist there, but CSF was still blocking me. Simple fix! One I wish I would have known about 2 weeks ago :/

To avoid this problem in the future add your IP to ignore list (csf.ignore) not to allow (csf.allow - with this you're IP will still be blocked) list.

Look here: http://www.configserver.com/techfaq/faqlist.php?catid=6&faqid=3