Welcome to Centmin Mod Community
Become a Member

Sysadmin Locked myself out due to CSF? How long is the IP blocked?

Discussion in 'System Administration' started by SneakyDave, Oct 2, 2018.

Tags:
  1. SneakyDave

    SneakyDave Member

    84
    14
    8
    Jul 24, 2014
    Ratings:
    +22
    Local Time:
    11:35 AM
    1.0.15
    Well, I tried to setup a new ftp account on my centminmod server, but I locked down sshd enough so that I only allow certain accounts to access the server.


    So then, after repeated SFTP attempts that failed to access the server, I think CSF blocked my wi-fi IP address.

    Is there a default time limit on this IP block from CSF? If I can get in through the provider's admin interface, what is it that I'm looking for to lift the block?
     
  2. eva2000

    eva2000 Administrator Staff Member

    54,583
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    3:35 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Depends on the block type. CSF firewall related CSF - CSF Firewall info
    1. If you're on dynamic ip, you may need additional steps CSF Firewall as per Getting Started Guide step 4
    2. Other steps: Does your web host offer out of band VNC/KVM/IPMI Console access? If you can, check if you ips are blocked using csf -g grep command
      Code:
      csf -g YOURIPADDRESS
      commands you can see for csf via
      Code:
      csf -h
      whitelist your ISP range of ips if you know the range
      Code:
      csf -a IPADDRESSORRANGE
      remove temp and permanent blocks from csf
      Code:
      csf -tr IPADDRESS
      csf -dr IPADDRESS
      also check CSF /var/log/lfd.log for clues
      Code:
      tail -50 /var/log/lfd.log
      another log is /var/log/messages you can grep it for your ips
      Code:
      grep IPADDRESS /var/log/messages
      and your /var/log/secure
      Code:
      tail -20 /var/log/secure
    Do you have a VPN connection you can use ? Try using that to SSH into your server. If you have VPN like private one with dedicated IP, you can also whitelist that VPN IP in CSF Firewall. That's what i usually do so have multiple avenues to connect to server via SSH.

    If you use DigitalOcean or solusVM based web host VPS they have consoles you can use to connect to your server out of band so you can access your server SSH and unblock yourself from CSF Firewall if needed. Once SSH'd in via console, check if your ISP IP has been blocked by

    grepping csf firewall ips
    Code (Text):
    csf -g ISPIPADDRRESS

    if blocked remove your ISP IP address from /etc/csf/csf.deny and restart CSF Firewall
    or via command
    Code (Text):
    csf -dr ISPIPADDRESS


     
  3. SneakyDave

    SneakyDave Member

    84
    14
    8
    Jul 24, 2014
    Ratings:
    +22
    Local Time:
    11:35 AM
    1.0.15
    Quick response, thanks Eva. I'm using RamNode, not sure if they have console access. I'm looking into that. i didn't think about using a VPN, that would be my next choice. Great suggestions, thanks.
     
  4. eva2000

    eva2000 Administrator Staff Member

    54,583
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    3:35 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah RamNode has console access in their SolusVM CP area = serial console.

    upload_2018-10-2_12-24-36.png
     
  5. eva2000

    eva2000 Administrator Staff Member

    54,583
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    3:35 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    serial console was for OpenVZ

    for KVM they have VNC

    upload_2018-10-2_12-26-15.png
     
  6. SneakyDave

    SneakyDave Member

    84
    14
    8
    Jul 24, 2014
    Ratings:
    +22
    Local Time:
    11:35 AM
    1.0.15
  7. eva2000

    eva2000 Administrator Staff Member

    54,583
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    3:35 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yup that's the place :)