The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Weirdest IP Block

Discussion in 'General Discussion' started by Hines, Apr 28, 2010.

  1. Hines

    Hines Active Member

    Joined:
    Apr 23, 2010
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    SOLVED!!! (Weirdest IP Block)

    Somehow WHM or cPanel is blocking my home IP. This affects only one of my accounts on my virtual server. It affects the domain and all sub-domains.

    I can connect to WHM. I can NOT connect to cPanel (unless I go to it through WHM).


    1.) In WHM--I don't have HulkBruteForce enabled.
    2.) In cPanel--There are no IPs in "IP Deny Manager."
    3.) I contacted my server host and they said it's not them: i can connect to WHM and via SSH....and can get a traceroute.

    However, I cannot visit my website from my home IP. I know the website is working because I can view it through a proxy server. This occurs irrespective of what browser i use, and even with my home pc firewall turned off.

    Every once in a while I can connect, then i can't. I do make quite a few connections because I'm working on the site.

    Anyone have a clue what's going on? :(


    UPDATE: From home, I pinged the server: I got through. I went through a proxy server: I could view the website. Totally befuddled as to why only 'MY" ip address can't see the front-end of the website, i called my internet service provider. They said it's not them either. I am TOTALLY befuddled! Some genius help me here!!!


    UPDATE: SOLVED!!! What a strange problem and equally strange solution!
     
    #1 Hines, Apr 28, 2010
    Last edited: Apr 28, 2010
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I'm guessing you have CSF firewall installed --- temporary blocking?
     
  3. kuldeep_

    kuldeep_ Well-Known Member

    Joined:
    Apr 24, 2010
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    It seem firewall is installed on server and which is restricting you from accessing cpanel and domain.

    If you have csf and lfd firewall installed on server then you can check firewall logs which will show exact reason of blocking your IP.

    check if Ip is block in CSF.

    HTML:
    csf -l | grep youripaddress
    
    Check LFD log:

    HTML:
    grep youripaddress /var/log/lfd.log
    
    If your ip is blocked for any login failure attempts then lfd logs will show you.

    If you find out what is exactly blocking you, then you can avoid it from happening it again :)
     
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I don't know if you realize this but csf has a built in "grep" flag ---

    Code:
    # csf -g youripaddress
    
    A little bit quicker and save a few keystrokes there ;)
     
  5. Hines

    Hines Active Member

    Joined:
    Apr 23, 2010
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    Thanx, guys. No, I'm pretty sure my server doesn't have a firewall...(at least I can't see any settings in WHM for a firewall).

    Beleive it or not, it was my local machine! I don't know much Linux but I consider myself an XP expert, having built and configure many rigs. The fact that my own computer was blocking my access was WEIRD!

    Somehow I was getting a loopback connection through "localhost," which every computer identifies as 127.0.0.1. This caused a DNS conflict.

    The fix? Modify a file called "hosts" in Windows / System32. As soon as I did that, I got immediate access to the website. Weird, I tell you.
     
  6. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    You really do scare me sometimes ... :p ;)

    Did you upload any files just a bit before having the connection problem?

    What you just described sounds very much like what will happen if you
    transfer files via FTP to your server but fail to use "Passive Mode" which
    will cause your home computer to mistake your outbound FTP connection
    as an incoming hacker attack and usually cut access to your own site
    because your home computer doesn't know the difference.

    For XP systems, you need the first line "127.0.0.1 localhost" towards the
    top of your hosts file and this line must be present for your computer to
    function properly but lines after that are usually expendable.

    Incidentally, a common technique used with hackers is to substitute the
    sites you visit but routing sites to 127.0.0.1 where a local trojaned proxy
    server filters and / or records what you are doing or can redirect you to
    the wrong websites without your knowing.

    If you are getting IP routing or stale caching conflict issues, you can clear the
    routing cache using "ipconfig /flushdns" and you can turn the IP cache off
    completely by running "services.msc" and disabling the "DNS Client" service
     
  7. Hines

    Hines Active Member

    Joined:
    Apr 23, 2010
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    Ur an angel. :p
     
Loading...

Share This Page