The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

User banned On A Daily Basis

Discussion in 'General Discussion' started by leec, Aug 1, 2004.

  1. leec

    leec Active Member

    Joined:
    Aug 19, 2002
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    Done a search but nothing
    I have 2 users who IP's are banned automatically on a daily basis. This includes when theyre PC is off. I go in and drop the line with theyre IP's in it but 24 hours later or less they get banned again. I am the only one who has access to the box.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I think we're going to need a bit more information. In what way do you mean their IP's are banned? By your iptables firewall? Do you use APF? OR are you referring to something else?
     
  3. leec

    leec Active Member

    Joined:
    Aug 19, 2002
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    its in iptables rules heres the commands i use to look them up. i do use apf

    iptables -L INPUT --line-numbers
    iptables -D INPUT 9
    /etc/init.d/iptables restart
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Since you use APF, I'd suggest searching your messages log for the IP address. It should show you how those IP's are getting themselves blocked (e.g. bouncing off of a blocked port):

    grep 11.22.33.44 /var/log/messages

    Just had another thought - If it's coming back every day. Then the problem is most likely that they're in an APF block file and you're manually deleting them from iptables (APF re-applies its rules daily).

    Check the following for the IP address:

    /etc/apf/deny_hosts.rules
    /etc/apf/ad/ad.rules

    If you modify those, do:

    apf -r
     
  5. leec

    leec Active Member

    Joined:
    Aug 19, 2002
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    thanx chirpy. that may have worked. both ips were in the deny file, I deleted them so now im gonna see what happends now
     
Loading...

Share This Page