Author Topic: cannot access anymore  (Read 4000 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
cannot access anymore
« on: April 06, 2020, 09:37:48 AM »
hello, since few hours i can't access the server anymore. My cwp is on a vps. I restarted the vps from the console but still nothing. I tried to enter with the terminal in the vps and i get a lot of Firewall: *UDP_IN Blocked * IN=eth0 OUT=MAC ...


what can it be? how to fix? everything is down... can't accesso to any website nor the panel

Re: cannot access anymore
« Reply #1 on: April 06, 2020, 09:51:00 AM »
ssh to your VPS.
Code: [Select]
csf -f
csf -r

If you have a dynamic IP address, signup for a dyndns service eg. no-ip.org
  • add your new domain to /etc/csf/csf.dyndns
  • edit /etc/csf/csf.conf to update dyndns every 600 seconds
  • edit /etc/csf/csf.conf to ignore dyndns (it's beside the entry above)
  • restart csf
If a static IP then add your IP to /etc/csf/csf.ignore

Turn off all unnecessary services on your PC (particularly Windoze/Mac) as you're consuming connections to the server. If you're managing servers then your PC is no longer a toy: compromise your PC, compromise your server.
Opening CWP Admin, plus say the CWP user panel, plus the user website, will get you close to the normal connection limit. Add an FTP connection and you're liable to get blocked either temporarily or permanently depending on your firewall settings. At this point, your only connection may be through your server provider's VNC console, for example.
« Last Edit: April 06, 2020, 10:04:37 AM by ejsolutions »

Offline
*
Re: cannot access anymore
« Reply #2 on: April 06, 2020, 05:57:26 PM »
i did as u said and it worked. i still get a lot of firewall alert but at least is working. thanks ejsolutions

Re: cannot access anymore
« Reply #3 on: April 06, 2020, 06:16:30 PM »
Good that you got back working again.
Your/anybody's console will likely be saturated by firewall messages on a frequent basis. This is due to two things, equally bad: external hacking attempts and idiots on the same network who can't configure servers properly - sending broadcast messages/probes.
Everyone should complain to their hosting provider about LAN probing (provider's often list it as banned in Terms Of Service) but no-one appears to care!

I devised some iptables code that I add to csfpost.sh, which blocks broadcasts and port scans from servers on the same network. This reduces considerably the amount of logged traffic that fills your disc and if I got nasty I could respond with REJECT messages, thus affecting the idiots.
Here's one line of it, that may inspire others:
Code: [Select]
/usr/sbin/iptables -I INPUT 3 -d 255.255.255.255 -m comment --comment "Noisy neighbours" -j INVDROP