Weirdest IP Block

[Hines]

SOLVED!!! (Weirdest IP Block)

Somehow WHM or cPanel is blocking my home IP. This affects only one of my accounts on my virtual server. It affects the domain and all sub-domains.

I can connect to WHM. I can NOT connect to cPanel (unless I go to it through WHM).


1.) In WHM--I don't have HulkBruteForce enabled.
2.) In cPanel--There are no IPs in "IP Deny Manager."
3.) I contacted my server host and they said it's not them: i can connect to WHM and via SSH....and can get a traceroute.

However, I cannot visit my website from my home IP. I know the website is working because I can view it through a proxy server. This occurs irrespective of what browser i use, and even with my home pc firewall turned off.

Every once in a while I can connect, then i can't. I do make quite a few connections because I'm working on the site.

Anyone have a clue what's going on?


UPDATE: From home, I pinged the server: I got through. I went through a proxy server: I could view the website. Totally befuddled as to why only 'MY" ip address can't see the front-end of the website, i called my internet service provider. They said it's not them either. I am TOTALLY befuddled! Some genius help me here!!!


UPDATE: SOLVED!!! What a strange problem and equally strange solution!

 

[Spiral]

I'm guessing you have CSF firewall installed --- temporary blocking?

 

[kuldeep_]

It seem firewall is installed on server and which is restricting you from accessing cpanel and domain.

If you have csf and lfd firewall installed on server then you can check firewall logs which will show exact reason of blocking your IP.

check if Ip is block in CSF.

csf -l | grep youripaddress

Check LFD log:

grep youripaddress /var/log/lfd.log

If your ip is blocked for any login failure attempts then lfd logs will show you.

If you find out what is exactly blocking you, then you can avoid it from happening it again

 

[Spiral]

check if Ip is block in CSF.

csf -l | grep youripaddress

I don't know if you realize this but csf has a built in "grep" flag ---

# csf -g youripaddress

A little bit quicker and save a few keystrokes there

 

[Hines]

Thanx, guys. No, I'm pretty sure my server doesn't have a firewall...(at least I can't see any settings in WHM for a firewall).

Beleive it or not, it was my local machine! I don't know much Linux but I consider myself an XP expert, having built and configure many rigs. The fact that my own computer was blocking my access was WEIRD!

Somehow I was getting a loopback connection through "localhost," which every computer identifies as 127.0.0.1. This caused a DNS conflict.

The fix? Modify a file called "hosts" in Windows / System32. As soon as I did that, I got immediate access to the website. Weird, I tell you.

 

[Spiral]

Thanx, guys. No, I'm pretty sure my server doesn't have a firewall...(at least I can't see any settings in WHM for a firewall).

You really do scare me sometimes ... :p

Believe it or not, it was my local machine! I don't know much Linux but I
consider myself an XP expert, having built and configure many rigs. The
fact that my own computer was blocking my access was WEIRD!

Did you upload any files just a bit before having the connection problem?

What you just described sounds very much like what will happen if you
transfer files via FTP to your server but fail to use "Passive Mode" which
will cause your home computer to mistake your outbound FTP connection
as an incoming hacker attack and usually cut access to your own site
because your home computer doesn't know the difference.

Somehow I was getting a loopback connection through "localhost," which
every computer identifies as 127.0.0.1. This caused a DNS conflict.

The fix? Modify a file called "hosts" in Windows / System32. As soon as I
did that, I got immediate access to the website. Weird, I tell you.

For XP systems, you need the first line "127.0.0.1 localhost" towards the
top of your hosts file and this line must be present for your computer to
function properly but lines after that are usually expendable.

Incidentally, a common technique used with hackers is to substitute the
sites you visit but routing sites to 127.0.0.1 where a local trojaned proxy
server filters and / or records what you are doing or can redirect you to
the wrong websites without your knowing.

If you are getting IP routing or stale caching conflict issues, you can clear the
routing cache using "ipconfig /flushdns" and you can turn the IP cache off
completely by running "services.msc" and disabling the "DNS Client" service

 

[Hines]

Ur an angel. :p