/ Register

Join the community today
Become a Member

Getting firewall *tcp_in blocked*

Discussion in 'Other Centmin Mod Installed software' started by quicksalad, Jun 4, 2015.

Previous Thread Next Thread
Loading...
  1. Jun 4, 2015 #1
    quicksalad

    quicksalad Member

    159
    9
    18
    May 31, 2015
    Ratings:
    +13
    Local Time:
    10:55 AM
    Please advise why I get this error? Couldn't access ftp and my server ip as well.
     
  2. Jun 4, 2015 #2
    eva2000

    eva2000 Administrator Staff Member

    40,645
    9,028
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,900
    Local Time:
    3:25 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    CSF firewall related CSF - CSF Firewall info | Centmin Mod Community and CSF Firewall - Centmin Mod - Menu based Nginx installer for CentOS servers

    more info might be helpful
    1. What version of Centmin Mod ? .07 stable or .08 beta ? If .08 beta when was it installed and when was last time you updated the .08 beta code (there's constant updates to the code).
    2. What's your VPS/Server hardware specifications ? Xen/KVM/OpenVZ ? cpu type ? memory available ? disk space ? OS and version ? i.e. CentOS 6.6 or 7.1 ?
    3. Who's your web host ?
    4. Your ISP ip address static/dynamic ?
    5. What were you doing connection wise to your server leading up to the blockage ?
     
  3. Jun 4, 2015 #3
    eva2000

    eva2000 Administrator Staff Member

    40,645
    9,028
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,900
    Local Time:
    3:25 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    style="display:inline-block;min-width:400px;max-width:970px;width:95%;height:90px" data-ad-client="ca-pub-6669518204467592" data-ad-slot="4024536743" data-ad-format="auto">
  4. Jun 4, 2015 #4
    quicksalad

    quicksalad Member

    159
    9
    18
    May 31, 2015
    Ratings:
    +13
    Local Time:
    10:55 AM
    1. .07 stable
    2. 1GB RAM - 30GB SSD (where can I see that info?) OS CentOS 6.6
    3.DigitalOcean
    4.Dynamic
    5.I'm connected on FTP, and putty.. browsing directory, then suddenly it stops.
     
  5. Jun 4, 2015 #5
    eva2000

    eva2000 Administrator Staff Member

    40,645
    9,028
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,900
    Local Time:
    3:25 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Can you access SSH via DigitalOcean VNC Console ? If you can, check if you ips are blocked using csf -g grep command
    Code:
    csf -g YOURIPADDRESS
    commands you can see for csf via
    Code:
    csf -h
    whitelist your ISP range of ips if you know the range
    Code:
    csf -a IPADDRESSORRANGE
    remove temp and permanent blocks from csf
    Code:
    csf -tr IPADDRESS
csf -dr IPADDRESS
    also check CSF /var/log/lfd.log for clues
    Code:
    tail -50 /var/log/lfd.log
    If you're on dynamic ip, you may need additional steps CSF Firewall as per Getting Started Guide step 4
     
    Last edited: Jun 4, 2015
  6. Jun 4, 2015 #6
    quicksalad

    quicksalad Member

    159
    9
    18
    May 31, 2015
    Ratings:
    +13
    Local Time:
    10:55 AM
    very active firewall :), why was block triggered? I switched to static, and whitelisted my dynamic, dunno the range but using commands above says no matches records on my last acquired dynamic ip.
     
  7. Jun 4, 2015 #7
    eva2000

    eva2000 Administrator Staff Member

    40,645
    9,028
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,900
    Local Time:
    3:25 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yeah you'd need to investigate further with the logs and csf/lfd logs

    another log is /var/log/messages you can grep it for your ips
    Code:
    grep IPADDRESS /var/log/messages
     
    • Informative Informative x 1
  8. Jun 4, 2015 #8
    quicksalad

    quicksalad Member

    159
    9
    18
    May 31, 2015
    Ratings:
    +13
    Local Time:
    10:55 AM
    Code:
    Jun  4 11:52:31 fast lfd[22807]: (sshd) Failed SSH login from 117.xxx.42.246 (IN                                                                                                                     /India/-): 5 in the last 3600 secs - *Blocked in csf* [LF_SSHD]
Jun  4 12:04:11 fast lfd[22725]: (sshd) Failed SSH login from 61.xx.220.124 (KR/                                                                                                                     Korea, Republic of/-): 5 in the last 3600 secs - *Blocked in csf* [LF_SSHD]
    see result after firing above command please advise? thanks
     
  9. Jun 4, 2015 #9
    eva2000

    eva2000 Administrator Staff Member

    40,645
    9,028
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,900
    Local Time:
    3:25 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    that's normal CSF lfd blocks failed SSH log in attempts after so many attempts.. unless those ips are you ip address then you don't need to worry about that
     
    • Informative Informative x 1
  10. Jun 4, 2015 #10
    quicksalad

    quicksalad Member

    159
    9
    18
    May 31, 2015
    Ratings:
    +13
    Local Time:
    10:55 AM
    above is not my IP address, seeing russia IP also in same format response.
     
  11. Jun 4, 2015 #11
    quicksalad

    quicksalad Member

    159
    9
    18
    May 31, 2015
    Ratings:
    +13
    Local Time:
    10:55 AM
    Code:
     10:58:10 fast lfd[3426]: 90.xxx.xxx.247 (RU/Russian Federation/247.122-157-90.telenet.ru), 5 distributed sshd attacks on account [admin] in the last 3600 secs - *Blocked in csf* [LF_DISTATTACK]
    see above for reference..
     
Previous Thread Next Thread
Loading...

.