edit: Nevermind, Paypal had rate limited my site. We had to go through their whitelist process. --------------------- Please fill in any relevant information that applies to you: CentOS Version: CentOS 7 Centmin Mod Version Installed: 123.09beta01 Nginx Version Installed: 1.17.10 PHP Version Installed: 7.4.6 MariaDB MySQL Version Installed: 10.3.23 When was last time updated Centmin Mod code base ? : today Persistent Config: Code (Text): NGXDYNAMIC_NGXPAGESPEED='y' NGINX_PAGESPEED='y' LETSENCRYPT_DETECT='y' AUDITD_ENABLE='y' AUDIT_MARIADB=n PHP_ARGON='y' NGINX_LIBBROTLI='y' NGXDYNAMIC_BROTLI='y' PHP_PGO='y' PHPFINFO='y' MARIADB_INSTALLTENTHREE='y' A couple days ago, users were unable to use paypal to sign up for products on our site. Not all the time, but frequently enough to cause alarm. I was able to confirm that certain paypal notify IPs were blocked, I couldn't even ping them. They weren't in csf.deny, csf --temp was clear, however I whitelisted them in csf.allow and csf.ignore and they began working again. My temporary solution is to whitelist all of Paypal's IPs, but I'm curious what caused these blocks in the first place.
Strange CSF Firewall wouldn't block Paypal IP addresses usually. If you try CSF grep service the IP addresses to see if they returned a result as they can list why they were banned. As per CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS check IP address Code (Text): csf -g ISPIPADDRRESS Example output from blocked IP = 119.249.54.86 blocked due to failed SSH login attacks Code (Text): csf -g 119.249.54.86 Chain num pkts bytes target prot opt in out source destination No matches found for 119.249.54.86 in iptables IPSET: Set:chain_DENY Match:119.249.54.86 Setting: File:/etc/csf/csf.deny ip6tables: Chain num pkts bytes target prot opt in out source destination No matches found for 119.249.54.86 in ip6tables csf.deny: 119.249.54.86 # lfd: (sshd) Failed SSH login from 119.249.54.86 (CN/China/-): 5 in the last 3600 secs - Sat Sep 10 04:56:25 2016
I dunno, I'm at a loss. This is a Paypal API ip: Code (Text): ping -c 10 173.0.84.66 PING 173.0.84.66 (173.0.84.66) 56(84) bytes of data. --- 173.0.84.66 ping statistics --- 10 packets transmitted, 0 received, 100% packet loss, time 8999ms Code (Text): csf -g 173.0.84.66 Table Chain num pkts bytes target prot opt in out source destination No matches found for 173.0.84.66 in iptables IPSET: No matches found for 173.0.84.66
update: This doesn't appear to have anything to do with CSF. Even after whitelisting I can't ping the IPs, even though I could a few minutes ago. It's intermittent. When whitelisting appeared to clear up an IP earlier, it must have been coincidence.
do you have fail2ban setup ? maybe some rules are being triggered to block ? check fail2ban logs via grep i.e. for 149.xxx.xxx.xxx Code (Text): grep '149\.xxx\.xxx\.xxx' /var/log/fail2ban.log
Nope, fail2ban isn't installed. This could be on Paypal's end. I'll update after I talk to their tech people.
Marking this solved, Paypal had rate limited our server and we had to go through the whitelist process.
Ah learnt something new today. Congrats on getting that many sales/purchases that Paypal rate limited you !