The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Unable To Access VPS Server or Site

Discussion in 'Security' started by Brian Johnson, Mar 27, 2015.

  1. Brian Johnson

    Brian Johnson Member

    Joined:
    Mar 2, 2015
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Lakeville, Minnesota, United S
    cPanel Access Level:
    Website Owner
    I am currently completely unable to access my VPS server or website. The following methods ALL timeout every single time:

    Browser access to the website
    Direct Browser access to the WHM interface
    FTP
    SFTP
    SSH

    I recently did some security updates on the server (to achieve PCI compliance), all successfully. It had been weeks since I changed anything, and then I also of the sudden got locked out. Note that I am the only one who can't access it, and every device on my network (same IP) is similarly unable to access it.

    I figured I was just blacklisted, but my host (Godaddy) has gone in and cleared the blacklist and added me to the whitelist, and still nothing.

    A traceroute when pinging the server IP reveals that the request gets out of my network just fine, and then times out when trying to access secureserver.net (A godaddy domain).

    I have spoken to Godaddy server support, and they say they are looking in to it, and that possible I was blocked by Godaddy on a deeper level. Haven't heard anything back yet though and it's been more than a week.

    Any ideas? If there is a specific security setting or module that may be locking me out and Godaddy wouldn't have thought of it, that would be a good place to look. I can probably access it temporarily using my phone as a hotspot to get a different IP address.
     
  2. LostNerd

    LostNerd Well-Known Member

    Joined:
    Mar 12, 2014
    Messages:
    258
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Hastings, East Sussex, UK
    cPanel Access Level:
    Root Administrator
    Twitter:
    Being honest, that sounds like a hardware firewall at GoDaddy that is blocking you, but don't quote me on that! I may be wrong...
     
  3. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    A whole week of no access that's some real fine support there :(
    Do you have console or vnc access so you can trace from your server back to your ip and disable your firewall

    LostNerd may be correct your ip may be nulled to the godaddy network
    do a trace from an IP you can access your server from then do a trace from your blocked ip and compare the traces to see if its blocked at the router level or at the server level.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,452
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Probably? I think that would be something I'd check 5 minutes after I realized I may have locked myself out.
     
  5. LostNerd

    LostNerd Well-Known Member

    Joined:
    Mar 12, 2014
    Messages:
    258
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Hastings, East Sussex, UK
    cPanel Access Level:
    Root Administrator
    Twitter:
    Can you run a traceroute from your blocked IP and post it? I'm quite interested in working out the issue as I'm sure dalem is too!
     
  6. Brian Johnson

    Brian Johnson Member

    Joined:
    Mar 2, 2015
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Lakeville, Minnesota, United S
    cPanel Access Level:
    Website Owner
    Okay, I tested whether I can use my phone as a hotspot and connect to the server and the answer is yes. However, I was unable to actually get in to WHM because logging in from the Godaddy admin brought up some page about being down for maintenance, and then logging in directly didn't work because for some reason none of my user names or passwords work anymore.

    On a related note, after about 4 failed WHM login attempts, I appear to be blocked at that IP as well. So I guess that bridge is burned...

    Before that, I got in to the domain's cpanel just fine. I noticed that I had the option to disable mod security. Is this something I should try briefly to see if I can get in?

    Anyway, here are the requested traceroutes. The first one is from the blocked IP, the second one is from the mobile hotspot:

    Code:
    Tracing route to ip-166-62-37-xxx.ip.secureserver.net [166.62.37.xxx]
    over a maximum of 30 hops:
    
      1     1 ms     1 ms     1 ms  YourWifiMadeMeS [192.168.1.1]
      2     9 ms    10 ms    10 ms  96.120.48.109
      3    10 ms    11 ms    18 ms  te-0-0-0-5-sur02.smpls.mn.minn.comcast.net [68.8
    5.165.9]
      4    11 ms    15 ms    13 ms  te-0-4-0-2-ar01.roseville.mn.minn.comcast.net [1
    62.151.54.189]
      5    20 ms    19 ms    19 ms  he-1-11-0-0-cr01.350ecermak.il.ibone.comcast.net
    [68.86.94.73]
      6    19 ms    19 ms    19 ms  he-0-10-0-0-pe04.350ecermak.il.ibone.comcast.net
    [68.86.83.50]
      7    19 ms    19 ms    19 ms  as26496-1-c.350ecermak.il.ibone.comcast.net [23.
    30.207.222]
      8    82 ms    77 ms    77 ms  be39.trmc0215-01.ars.mgmt.phx3.gdg [184.168.0.73
    ]
      9    76 ms    76 ms    77 ms  be39.trmc0215-01.ars.mgmt.phx3.gdg [184.168.0.73
    ]
    10    78 ms    77 ms    77 ms  ip-208-109-112-121.ip.secureserver.net [208.109.
    112.121]
    11     *        *        *     Request timed out.
    12     *        *        *     Request timed out.
    13     *        *        *     Request timed out.
    14     *        *        *     Request timed out.
    15     *        *        *     Request timed out.
    16     *        *        *     Request timed out.
    17     *        *        *     Request timed out.
    18     *        *        *     Request timed out.
    19     *        *        *     Request timed out.
    20     *        *        *     Request timed out.
    21     *        *        *     Request timed out.
    22     *        *        *     Request timed out.
    23     *        *        *     Request timed out.
    24     *        *        *     Request timed out.
    25     *        *        *     Request timed out.
    26     *        *        *     Request timed out.
    27     *        *        *     Request timed out.
    28     *        *        *     Request timed out.
    29     *        *        *     Request timed out.
    30     *        *        *     Request timed out.
    
    Trace complete.
    
    
    
    Second one:
    
    
    Tracing route to ip-166-62-37-xxx.ip.secureserver.net [166.62.37.xxx]
    over a maximum of 30 hops:
    
      1     4 ms     3 ms     4 ms  192.168.1.1
      2     *        *        *     Request timed out.
      3    36 ms    40 ms    39 ms  10.156.23.91
      4    53 ms    52 ms    36 ms  10.156.20.198
      5    41 ms    31 ms    42 ms  10.156.20.193
      6    62 ms    31 ms    60 ms  66.1.20.243
      7    34 ms    27 ms    31 ms  sl-crs2-msp-.sprintlink.net [144.223.70.185]
      8    38 ms    50 ms    64 ms  144.232.10.182
      9    68 ms    68 ms    69 ms  144.232.1.104
    10    44 ms    47 ms    42 ms  chp-brdr-04.inet.qwest.net [63.146.26.113]
    11     *        *        *     Request timed out.
    12   112 ms    98 ms    88 ms  63-232-81-254.dia.static.qwest.net [63.232.81.25
    4]
    13   102 ms    99 ms    99 ms  be38.trmc0215-01.ars.mgmt.phx3.gdg [184.168.0.69
    ]
    14    98 ms    98 ms   102 ms  be38.trmc0215-01.ars.mgmt.phx3.gdg [184.168.0.69
    ]
    15   155 ms   102 ms   105 ms  ip-208-109-112-121.ip.secureserver.net [208.109.
    112.121]
    16   103 ms    96 ms    89 ms  ip-166-62-37-xxx.ip.secureserver.net [166.62.37.
    xxx]
    
    Trace complete.
    
     
    #6 Brian Johnson, Mar 30, 2015
    Last edited by a moderator: Mar 30, 2015
  7. Brian Johnson

    Brian Johnson Member

    Joined:
    Mar 2, 2015
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Lakeville, Minnesota, United S
    cPanel Access Level:
    Website Owner
    Based on the fact that I got locked out in the same manner, again, after failing to log in 4 or 5 times to WHM, I think this may actually be just a normal Server security lockout.

    The people at Godaddy checked the most common, standard blacklist on the server to make sure I wasn't blocked. But remember, I just hardened the server for PCI compliance. I added some standard security features.

    What other typical security plugins or protocols could have locked me out? I think that would be the first place to look.
     
  8. Brian Johnson

    Brian Johnson Member

    Joined:
    Mar 2, 2015
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Lakeville, Minnesota, United S
    cPanel Access Level:
    Website Owner
    SOLVED! Using my phone as an access point again, I was able to finally get into the server and poke around a bit. Using my hunch that it was just a normal plugin or module, I looked for anything security related.

    Eventually I looked at ConfigServer Security & Firewall. Turns out my IP was listed in its block table. Removing it, and adding myself to the whitelist solved the problem.

    Godaddy probably saw CPHulk and added me to the whitelist there, but CSF was still blocking me. Simple fix! One I wish I would have known about 2 weeks ago :/
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  10. georgeb

    georgeb Well-Known Member

    Joined:
    May 23, 2010
    Messages:
    48
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Montreal, QC, Canada
    cPanel Access Level:
    Root Administrator

    To avoid this problem in the future add your IP to ignore list (csf.ignore) not to allow (csf.allow - with this you're IP will still be blocked) list.

    Look here: http://www.configserver.com/techfaq/faqlist.php?catid=6&faqid=3
     
Loading...

Share This Page