Welcome to Centmin Mod Community
Become a Member

Centminmod is blocked from China?

Discussion in 'System Administration' started by Andy, May 5, 2015.

  1. Andy

    Andy Active Member

    314
    45
    28
    Aug 6, 2014
    Ratings:
    +54
    Local Time:
    3:37 PM
    I have a lot of members from China and they told me recently that they can't open the site. The only way they can open it is to buy a VPN services somewhere.
    They report that when not using VPN, it will check a long time to load the page and will result in a blank page.

    [​IMG]

    I tried to test it via this website
    Website Test behind the Great Firewall of China

    When I tested my site and this site (both use HTTPS and same SSL cipher suite, I believe), I got this error
    Tested From: Shanghai, China
    Tested At: 2015-05-05
    11:46:13 (GMT +00:00)
    URL Tested: Centmin Mod Community
    Resolved As: 173.230.147.144
    Status: Unknown SSL protocol error in connection to community.centminmod.com:443
    Response Time: 28.316 sec
    DNS: 14.016 sec
    Connect: 0.142 sec
    Redirect: 0.000 sec
    First Byte: 0.000 sec
    Last Byte: 14.158 sec
    Size: 0 bytes

    @eva2000 can you please take a look into this?
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,165
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    5:37 AM
    Nginx 1.13.x
    MariaDB 5.5
    what web browser and browser version are these users using ? could be their os, browser and/or browser version do not support ssl ciphers that our servers prefer/specify see SSL Server Test: community.centminmod.com (Powered by Qualys SSL Labs)

    is problem only for https / ssl sites or non-https too like centminmod.com

    Due to poodle SSLv3 attacks, latest SPDY/3.1 SSL config for Centmin Mod disables SSLv3, so this forum doesn't support Windows XP with below <IE8. If you're using WinXP would need latest Firefox browser AFAIK.

    If you want to support WinXP users, then you will have to open your site's SSL configure less secure SSLv3 support too

    ssllabs_clients_supported.png
     
  3. eva2000

    eva2000 Administrator Staff Member

    30,165
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    5:37 AM
    Nginx 1.13.x
    MariaDB 5.5
    Also no probs with that site test

    chinatest_webpulse1.png
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,165
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    5:37 AM
    Nginx 1.13.x
    MariaDB 5.5
    Only other possibility is those China users are residing on shared IPs which have been blocked in CSF Firewall for brute force login scanning against our servers

    you can check /etc/csf/csf.deny log for blocked ips from china

    Code:
    grep -i china /etc/csf/csf.deny
    grep -i china /etc/csf/csf.deny | awk '{print $1}' | sort -u | uniq -c | sort -r
    i.e.

    Code:
    grep -i china /etc/csf/csf.deny | awk '{print $1}' | sort -u | uniq -c | sort -r
          1 61.174.51.220
          1 61.174.51.198
          1 61.155.203.56
          1 58.215.172.27
          1 221.3.83.27
          1 220.177.198.62
          1 218.24.93.67
          1 116.10.191.238
          1 116.10.191.237
          1 116.10.191.225
          1 116.10.191.221
          1 116.10.191.219
          1 116.10.191.217
          1 116.10.191.216
          1 116.10.191.215
          1 116.10.191.208
          1 116.10.191.207
          1 116.10.191.203
          1 116.10.191.201
          1 116.10.191.195
          1 116.10.191.184
          1 116.10.191.181
          1 116.10.191.180
          1 116.10.191.177
          1 116.10.191.173
          1 116.10.191.165
          1 116.10.191.163
     
    • Like Like x 1
  5. Andy

    Andy Active Member

    314
    45
    28
    Aug 6, 2014
    Ratings:
    +54
    Local Time:
    3:37 PM
    I checked the IP the OP was posting from and it's 113.24.xxx which is not in any of the blocked IP
    I will ask the OP for the browser version.

    Code:
    grep -i china /etc/csf/csf.deny | awk '{print $1}' | sort -u | uniq -c | sort -r
          1 61.183.1.14
          1 61.174.51.225
          1 61.174.51.223
          1 61.174.51.221
          1 61.174.51.218
          1 61.174.51.210
          1 61.174.51.208
          1 61.174.50.195
          1 61.174.50.165
          1 61.174.50.164
          1 61.174.50.163
          1 61.160.223.66
          1 61.160.223.63
          1 61.160.212.244
          1 61.147.103.138
          1 61.136.171.198
          1 60.173.9.26
          1 60.173.8.73
          1 60.173.26.206
          1 60.173.14.18
          1 60.173.14.14
          1 60.173.10.69
          1 60.169.80.10
          1 58.246.146.186
          1 36.250.13.67
          1 222.43.119.242
          1 222.240.193.154
          1 222.187.222.231
          1 222.186.58.205
          1 222.186.56.40
          1 222.186.52.110
          1 222.186.50.229
          1 222.186.34.244
          1 222.186.34.121
          1 222.186.34.116
          1 221.228.205.196
          1 220.177.198.40
          1 220.177.198.32
          1 219.153.15.121
          1 218.26.11.118
          1 218.2.0.135
          1 218.2.0.133
          1 218.2.0.129
          1 218.2.0.128
          1 218.2.0.127
          1 218.2.0.126
          1 218.2.0.123
          1 218.106.254.121
          1 211.140.19.217
          1 210.30.190.124
          1 203.100.83.32
          1 1.93.34.211
          1 183.136.202.38
          1 183.129.170.194
          1 180.210.234.87
          1 180.153.151.182
          1 175.22.14.71
          1 171.92.208.245
          1 144.0.0.60
          1 123.127.36.162
          1 123.125.219.130
          1 122.225.97.96
          1 122.225.97.91
          1 122.225.97.87
          1 122.225.97.82
          1 122.225.97.81
          1 122.225.97.79
          1 122.225.97.76
          1 122.225.97.74
          1 122.225.97.73
          1 122.225.97.71
          1 122.225.97.70
          1 122.225.97.66
          1 122.225.97.121
          1 122.225.97.120
          1 122.225.97.117
          1 122.225.97.114
          1 122.225.97.113
          1 122.225.97.109
          1 122.225.97.106
          1 122.225.97.100
          1 122.225.109.99
          1 122.225.109.98
          1 122.225.109.222
          1 122.225.109.219
          1 122.225.109.215
          1 122.225.109.214
          1 122.225.109.212
          1 122.225.109.211
          1 122.225.109.207
          1 122.225.109.206
          1 122.225.109.205
          1 122.225.109.204
          1 122.225.109.202
          1 122.225.109.201
          1 122.225.109.198
          1 122.225.109.196
          1 122.225.109.195
          1 122.225.109.194
          1 122.225.109.121
          1 122.225.109.120
          1 122.225.109.108
          1 122.225.109.106
          1 122.224.188.222
          1 122.141.251.42
          1 121.8.187.25
          1 118.123.206.70
          1 117.41.187.201
          1 117.40.239.54
          1 117.27.158.91
          1 117.27.158.76
          1 117.27.158.71
          1 117.27.158.69
          1 117.21.191.209
          1 116.255.152.101
          1 115.239.248.85
          1 115.238.55.163
          1 113.200.188.55
          1 113.142.37.210
          1 113.107.233.165
          1 112.64.138.126
          1 112.126.64.1
          1 111.74.238.155
          1 111.161.126.234
          1 106.120.78.169
          1 101.4.63.2