Welcome to Centmin Mod Community
Register Now

Centminmod is blocked from China?

Discussion in 'System Administration' started by Andy, May 5, 2015.

  1. Andy

    Andy Active Member

    542
    89
    28
    Aug 6, 2014
    Ratings:
    +132
    Local Time:
    10:22 PM
    I have a lot of members from China and they told me recently that they can't open the site. The only way they can open it is to buy a VPN services somewhere.
    They report that when not using VPN, it will check a long time to load the page and will result in a blank page.

    [​IMG]

    I tried to test it via this website
    Website Test behind the Great Firewall of China

    When I tested my site and this site (both use HTTPS and same SSL cipher suite, I believe), I got this error
    Tested From: Shanghai, China
    Tested At: 2015-05-05
    11:46:13 (GMT +00:00)
    URL Tested: Centmin Mod Community
    Resolved As: 173.230.147.144
    Status: Unknown SSL protocol error in connection to community.centminmod.com:443
    Response Time: 28.316 sec
    DNS: 14.016 sec
    Connect: 0.142 sec
    Redirect: 0.000 sec
    First Byte: 0.000 sec
    Last Byte: 14.158 sec
    Size: 0 bytes


    @eva2000 can you please take a look into this?
     
  2. eva2000

    eva2000 Administrator Staff Member

    53,853
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    2:22 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    what web browser and browser version are these users using ? could be their os, browser and/or browser version do not support ssl ciphers that our servers prefer/specify see SSL Server Test: community.centminmod.com (Powered by Qualys SSL Labs)

    is problem only for https / ssl sites or non-https too like centminmod.com

    Due to poodle SSLv3 attacks, latest SPDY/3.1 SSL config for Centmin Mod disables SSLv3, so this forum doesn't support Windows XP with below <IE8. If you're using WinXP would need latest Firefox browser AFAIK.

    If you want to support WinXP users, then you will have to open your site's SSL configure less secure SSLv3 support too

    ssllabs_clients_supported.png
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,853
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    2:22 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Also no probs with that site test

    chinatest_webpulse1.png
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,853
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    2:22 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Only other possibility is those China users are residing on shared IPs which have been blocked in CSF Firewall for brute force login scanning against our servers

    you can check /etc/csf/csf.deny log for blocked ips from china

    Code:
    grep -i china /etc/csf/csf.deny
    grep -i china /etc/csf/csf.deny | awk '{print $1}' | sort -u | uniq -c | sort -r
    i.e.

    Code:
    grep -i china /etc/csf/csf.deny | awk '{print $1}' | sort -u | uniq -c | sort -r
          1 61.174.51.220
          1 61.174.51.198
          1 61.155.203.56
          1 58.215.172.27
          1 221.3.83.27
          1 220.177.198.62
          1 218.24.93.67
          1 116.10.191.238
          1 116.10.191.237
          1 116.10.191.225
          1 116.10.191.221
          1 116.10.191.219
          1 116.10.191.217
          1 116.10.191.216
          1 116.10.191.215
          1 116.10.191.208
          1 116.10.191.207
          1 116.10.191.203
          1 116.10.191.201
          1 116.10.191.195
          1 116.10.191.184
          1 116.10.191.181
          1 116.10.191.180
          1 116.10.191.177
          1 116.10.191.173
          1 116.10.191.165
          1 116.10.191.163
     
  5. Andy

    Andy Active Member

    542
    89
    28
    Aug 6, 2014
    Ratings:
    +132
    Local Time:
    10:22 PM
    I checked the IP the OP was posting from and it's 113.24.xxx which is not in any of the blocked IP
    I will ask the OP for the browser version.

    Code:
    grep -i china /etc/csf/csf.deny | awk '{print $1}' | sort -u | uniq -c | sort -r
          1 61.183.1.14
          1 61.174.51.225
          1 61.174.51.223
          1 61.174.51.221
          1 61.174.51.218
          1 61.174.51.210
          1 61.174.51.208
          1 61.174.50.195
          1 61.174.50.165
          1 61.174.50.164
          1 61.174.50.163
          1 61.160.223.66
          1 61.160.223.63
          1 61.160.212.244
          1 61.147.103.138
          1 61.136.171.198
          1 60.173.9.26
          1 60.173.8.73
          1 60.173.26.206
          1 60.173.14.18
          1 60.173.14.14
          1 60.173.10.69
          1 60.169.80.10
          1 58.246.146.186
          1 36.250.13.67
          1 222.43.119.242
          1 222.240.193.154
          1 222.187.222.231
          1 222.186.58.205
          1 222.186.56.40
          1 222.186.52.110
          1 222.186.50.229
          1 222.186.34.244
          1 222.186.34.121
          1 222.186.34.116
          1 221.228.205.196
          1 220.177.198.40
          1 220.177.198.32
          1 219.153.15.121
          1 218.26.11.118
          1 218.2.0.135
          1 218.2.0.133
          1 218.2.0.129
          1 218.2.0.128
          1 218.2.0.127
          1 218.2.0.126
          1 218.2.0.123
          1 218.106.254.121
          1 211.140.19.217
          1 210.30.190.124
          1 203.100.83.32
          1 1.93.34.211
          1 183.136.202.38
          1 183.129.170.194
          1 180.210.234.87
          1 180.153.151.182
          1 175.22.14.71
          1 171.92.208.245
          1 144.0.0.60
          1 123.127.36.162
          1 123.125.219.130
          1 122.225.97.96
          1 122.225.97.91
          1 122.225.97.87
          1 122.225.97.82
          1 122.225.97.81
          1 122.225.97.79
          1 122.225.97.76
          1 122.225.97.74
          1 122.225.97.73
          1 122.225.97.71
          1 122.225.97.70
          1 122.225.97.66
          1 122.225.97.121
          1 122.225.97.120
          1 122.225.97.117
          1 122.225.97.114
          1 122.225.97.113
          1 122.225.97.109
          1 122.225.97.106
          1 122.225.97.100
          1 122.225.109.99
          1 122.225.109.98
          1 122.225.109.222
          1 122.225.109.219
          1 122.225.109.215
          1 122.225.109.214
          1 122.225.109.212
          1 122.225.109.211
          1 122.225.109.207
          1 122.225.109.206
          1 122.225.109.205
          1 122.225.109.204
          1 122.225.109.202
          1 122.225.109.201
          1 122.225.109.198
          1 122.225.109.196
          1 122.225.109.195
          1 122.225.109.194
          1 122.225.109.121
          1 122.225.109.120
          1 122.225.109.108
          1 122.225.109.106
          1 122.224.188.222
          1 122.141.251.42
          1 121.8.187.25
          1 118.123.206.70
          1 117.41.187.201
          1 117.40.239.54
          1 117.27.158.91
          1 117.27.158.76
          1 117.27.158.71
          1 117.27.158.69
          1 117.21.191.209
          1 116.255.152.101
          1 115.239.248.85
          1 115.238.55.163
          1 113.200.188.55
          1 113.142.37.210
          1 113.107.233.165
          1 112.64.138.126
          1 112.126.64.1
          1 111.74.238.155
          1 111.161.126.234
          1 106.120.78.169
          1 101.4.63.2