Learn about Centmin Mod LEMP Stack today
Become a Member

Sysadmin Uptimerobot issues

Discussion in 'System Administration' started by denellum, Jan 29, 2017.

  1. denellum

    denellum Member Premium Member

    87
    21
    8
    May 11, 2016
    Dallas
    Ratings:
    +27
    Local Time:
    6:22 PM
    1.13.7
    10.1.29
    Speaking of uptimerobot, on one of my servers I can not for the life of me get it to work...I have verified I can ping the server, and I've checked to make sure none of their IP's are banned with :
    Code:
    [root@WEB01 ~]# csf -g 69.162.124.226
    Chain            num   pkts bytes target     prot opt in     out     source               destination       
    No matches found for 69.162.124.226 in iptables
    IPSET: No matches found for 69.162.124.226
    I have also set all of their IP's in
    Code:
    /etc/csf/csf.ignore
    The only thing that is different with this server VS all of my others, is this server has DDOS protection, but, to combat any rules they may have set up I am using the non-DDOS IP...

    Any ideas?

    My heads starting to hurt, I thought this was going to be a simple huge project... ended up making me learn a ton >_<
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,835
    6,903
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,393
    Local Time:
    10:22 AM
    Nginx 1.13.x
    MariaDB 5.5
    learning is good though :)

    If your monitor domain name then dns is the ddos protected ip, monitor the non-ddos protected ip instead

    but what do you mean can't get it to work ?
     
    • Like Like x 1
  3. eva2000

    eva2000 Administrator Staff Member

    30,835
    6,903
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,393
    Local Time:
    10:22 AM
    Nginx 1.13.x
    MariaDB 5.5
    also did you whitelist all uptimerobot's ips https://uptimerobot.com/locations ?

    i.e.
    Code (Text):
    curl -s https://uptimerobot.com/inc/files/ips/IPv4andIPv6.txt | while read i; do echo "csf -a ${i}"; done
    

    output from command
    Code (Text):
     
    csf -a 69.162.124.226
    csf -a 69.162.124.227
    csf -a 69.162.124.228
    csf -a 69.162.124.229
    csf -a 69.162.124.230
    csf -a 69.162.124.231
    csf -a 69.162.124.232
    csf -a 69.162.124.233
    csf -a 69.162.124.234
    csf -a 69.162.124.235
    csf -a 69.162.124.236
    csf -a 69.162.124.237
    csf -a 69.162.124.238
    csf -a 63.143.42.242
    csf -a 63.143.42.243
    csf -a 63.143.42.244
    csf -a 63.143.42.245
    csf -a 63.143.42.246
    csf -a 63.143.42.247
    csf -a 63.143.42.248
    csf -a 63.143.42.249
    csf -a 63.143.42.250
    csf -a 63.143.42.251
    csf -a 63.143.42.252
    csf -a 46.137.190.132
    csf -a 122.248.234.23
    csf -a 188.226.183.141
    csf -a 178.62.52.237
    csf -a 54.79.28.129
    csf -a 54.94.142.218
    csf -a 104.131.107.63
    csf -a 54.67.10.127
    csf -a 54.64.67.106
    csf -a 159.203.30.41
    csf -a 46.101.250.135
    csf -a 2607:ff68:107::3
    csf -a 2607:ff68:107::4
    csf -a 2607:ff68:107::5
    csf -a 2607:ff68:107::6
    csf -a 2607:ff68:107::7
    csf -a 2607:ff68:107::8
    csf -a 2607:ff68:107::9
    csf -a 2607:ff68:107::10
    csf -a 2607:ff68:107::11
    csf -a 2607:ff68:107::12
    csf -a 2607:ff68:107::13
    csf -a 2607:ff68:107::14
    csf -a 2607:ff68:107::15
    csf -a 2607:ff68:107::16
    csf -a 2607:ff68:107::17
    csf -a 2607:ff68:107::18
    csf -a 2607:ff68:107::19
    csf -a 2607:ff68:107::20
    csf -a 2607:ff68:107::21
    csf -a 2607:ff68:107::22
    csf -a 2607:ff68:107::23
    csf -a 2607:ff68:107::24
    csf -a 2607:ff68:107::25
    csf -a 2607:ff68:107::26
    csf -a 2a03:b0c0:0:1010::832:1
    csf -a 2a03:b0c0:1:d0::e54:a001
    csf -a 2604:a880:800:10::4e6:f001
    csf -a 2604:a880:cad:d0::122:7001
    csf -a 2a03:b0c0:3:d0::33e:4001
     
    • Informative Informative x 1
  4. denellum

    denellum Member Premium Member

    87
    21
    8
    May 11, 2016
    Dallas
    Ratings:
    +27
    Local Time:
    6:22 PM
    1.13.7
    10.1.29
    Attached image, it's stating the server is down, and yes i did white list the IP's.
    I did set it to be the main IP (non-ddos)

    I can ping it from my laptop && other servers.
     

    Attached Files:

  5. eva2000

    eva2000 Administrator Staff Member

    30,835
    6,903
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,393
    Local Time:
    10:22 AM
    Nginx 1.13.x
    MariaDB 5.5
    have you checked if any of the uptimerobot's ips have been blocked ?
    Code (Text):
    csf -g IPaddress
    

    where IPaddress is uptimerobot ip, it would return by deny or block listings if it has
    i.e.
    Code (Text):
    csf -g 178.218.96.4 | grep -i 'deny'
    IPSET: Set:chain_DENY Match:178.218.96.4 Setting: File:/etc/csf/csf.deny
    csf.deny: 178.218.96.4 # lfd: (sshd) Failed SSH login from 178.218.96.4 (RU/Russian Federation/-): 5 in the last 3600 secs - Sat Jan 28 19:12:53 2017
    

    here's command line to go through all ips to check
    Code (Text):
    curl -s https://uptimerobot.com/inc/files/ips/IPv4andIPv6.txt | while read i; do csf -g ${i} | grep -i 'deny'; done
    

    would return blank/empty if no ips are blocked
     
    • Like Like x 1
  6. denellum

    denellum Member Premium Member

    87
    21
    8
    May 11, 2016
    Dallas
    Ratings:
    +27
    Local Time:
    6:22 PM
    1.13.7
    10.1.29
    Code:
    [root@WEB01 ~]# curl -s https://uptimerobot.com/inc/files/ips/IPv4andIPv6.txt | while read i; do csf -g ${i} | grep -i 'deny'; done
    
    [root@WEB01 ~]# 
    

    Nothing :/
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,835
    6,903
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,393
    Local Time:
    10:22 AM
    Nginx 1.13.x
    MariaDB 5.5
    so not blocked at least
     
    • Like Like x 1
  8. denellum

    denellum Member Premium Member

    87
    21
    8
    May 11, 2016
    Dallas
    Ratings:
    +27
    Local Time:
    6:22 PM
    1.13.7
    10.1.29
    yeah :( i can ping it from my laptop or other computers however
     
  9. eva2000

    eva2000 Administrator Staff Member

    30,835
    6,903
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,393
    Local Time:
    10:22 AM
    Nginx 1.13.x
    MariaDB 5.5
    you should as csf by default whitelists the isp ip you used from initial install
     
    • Like Like x 1
  10. denellum

    denellum Member Premium Member

    87
    21
    8
    May 11, 2016
    Dallas
    Ratings:
    +27
    Local Time:
    6:22 PM
    1.13.7
    10.1.29
    Maybe I should open a ticket with uptime. Maybe the previous owner of the IP did something
     
  11. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    2:22 AM
    1
    10
    I had the same issue with uptimerobot a few weeks ago, it just happened suddenly and at the time i had made no changes to the site/server. I figured it was blocked but to be honest I didn't bother trying to whitelist their ips as I also use cloudflare and didn't want to even bother with this. I sorted it out by removing the site from the uptimerobot control panel and adding the ip instead.
     
    • Like Like x 2
  12. eva2000

    eva2000 Administrator Staff Member

    30,835
    6,903
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,393
    Local Time:
    10:22 AM
    Nginx 1.13.x
    MariaDB 5.5
    interesting ... maybe @denellum can try the same
     
    • Like Like x 1
  13. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    2:22 AM
    1
    10
    Ya I just don't really see the advantage of uptimerobot checking every site on my server separately, but that's for my specific situation, given that they're all on one server anyway, requirements, of course, may differ for others
     
    • Like Like x 1
  14. denellum

    denellum Member Premium Member

    87
    21
    8
    May 11, 2016
    Dallas
    Ratings:
    +27
    Local Time:
    6:22 PM
    1.13.7
    10.1.29
    Yeah, I am only doing server IPs. Sadly I am currently using the IP and not the host name of the server :/
     
  15. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    2:22 AM
    1
    10
    On the bright side, if this is actually the case at the end, take that as a good sign of security, get pinged over and over and the source is blocked, for me, I like this, as I constantly see random weird shit in my logs every day for possible attempted attacks of all kinds from china, russia etc..., I'm glad I don't run government websites or sites of large companies.
     
    • Like Like x 1
  16. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    2:22 AM
    1
    10
    But I've had bad experiences before. I use to run Apache on Plesk on a VPS that I basically didn't use for anything, other than 1 website that had literally nothing on it. I set up Plesk with 2-factor auth and my email is definitely secured as I also use 2-factor auth for it and change my passwords on a weekly basis and as far as I'm concerned this should be overkill already. Somehow someone likely from Russia, based on what was in the logs, somehow got in, disabled the 2 factor auth (still to this day don't know how they pulled this off) and put up some phishing shit on my site. This basically right away got both that old domain and server IP burned, as it got put on a shitload of lists online etc... I ultimately got rid of the server/ip and domain and blamed it on Plesk for being the issue and swore never to use Plesk again. I used cpanel after but it's too bloated, Cpanel may work for some people but unless I'm running a huge cluster of servers and hundreds of sites, I don't see the purpose of a product like that, with hundreds of options etc... half of which aren't clear on what their exact purpose is.

    Eventually, after searching online for lemp and seeing all that needed to be done to set it up, I just knew there has to be a smart man/company that has developed something to deal with this, and I found him, @eva2000 with his amazing and beyond impressive product, centminmod. Thanks for saving each of us countless hours of configurations and setups and for keeping your product both cutting edge and easy to secure. I know server security falls on the sys admin, but centminmod's straightforward and well-documented approach, help a lot. What a nice feeling I get, when I login to ssh and don't see a message that says 912395 failed login attempts. I've recommended this product to many of my friends so far. Let's all join forces to promote centminmod and expand this community so we can take over the interwebs, 1 server at a time :)
     
    • Like Like x 1
    • Winner Winner x 1
    • Informative Informative x 1
  17. RB1

    RB1 Active Member

    281
    72
    28
    Nov 11, 2016
    California
    Ratings:
    +119
    Local Time:
    4:22 PM
    Nginx 1.13.x
    MariaDB 10.1.x
    I used to get 750+ login attempts per day until I changed my SSH port :)
     
    • Like Like x 1
  18. denellum

    denellum Member Premium Member

    87
    21
    8
    May 11, 2016
    Dallas
    Ratings:
    +27
    Local Time:
    6:22 PM
    1.13.7
    10.1.29
    Sent uptimerobot a link to this thread, lets see what happens :)
     
    • Like Like x 1
  19. eva2000

    eva2000 Administrator Staff Member

    30,835
    6,903
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,393
    Local Time:
    10:22 AM
    Nginx 1.13.x
    MariaDB 5.5
    Thanks for the support!
    ok.. hopefully you can get to the bottom of this, i have no problems using uptimerobot for my forums here or centminmod.com site itself.

    upload_2017-1-30_4-56-16.png
     
    • Like Like x 1
  20. denellum

    denellum Member Premium Member

    87
    21
    8
    May 11, 2016
    Dallas
    Ratings:
    +27
    Local Time:
    6:22 PM
    1.13.7
    10.1.29
    Dito, it works flawlessly on all of my other servers. I just wish I could see the error output :/ or a MTR