Announcement

Collapse
No announcement yet.

Server down?

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • bdh
    replied
    Re: Server down?

    a 2005 thread ... yup "necroposting" is an apt term

    There is a modsecurity rule that causes this - it happens only (it seems, as you say) in Joomla and Wordpress Control panels. If I remember correctly it has to do with the admin user where in a POST or GET to the server it has something like "1=1" and one of the rules in modsecurity objects to that.

    Two fixes:

    1. create another admin user and never use the first one
    2. We can turn off that specific rule for your website.


    ..."necroposting" that got me

    Leave a comment:


  • bdh
    replied
    If you want a really neat FTP application, you need FileZilla. IMO, it's a bazillion times better than all the rest put together.

    It's free and you can get it here

    Leave a comment:


  • Guest's Avatar
    Guest replied
    It was during the FTP session that I was kicked off. I had never used SmartFTP before. It kept telling me to use the "Global Function" to download the files, and I clicked that a few times but nothing was happening, so I looked at options and the "silmutaneous connections" was set to 0, so I set it to 10 and there was a KB per second setting that was 0 and I set it to 30. I went back to work on my roof leak problem and about 30 minutes later the program was halted and the connection was gone. That's when I was unable to see the site in the browsers. The IP's that are assigned to my connection are a rather broad range. This is the first time this has happened. I'll not use SmartFTP anymore and I'll send you the IP range that in use right now just in case.

    Thanks

    Leave a comment:


  • bdh
    replied
    btw ...

    We flush out all blocked IP's every month or two months (depending on how big the file gets) except for

    1. a few hundred known hackers on fixed IP addresses
    2. We also use the Dshield list. This is automatically downloaded live by our servers every few hours. The Dshield list is a collaboration of server administrators worldwide that track and report "bad" IP addresses and add it to the list. Sometimes an IP will be listed for a few hours, sometimes for days - depending on reports from other server admins. You can learn more about how Dshield works here and also check your own IP address here.

    Leave a comment:


  • bdh
    replied
    Originally posted by Ed(D)
    Perhaps those repeated reconnects to the server created the rule to block.
    I don't think it would do that. (I'm only 99.9% sure though) - what the firewall software does is to look in the main server log file for failed login attempts from the same IP and/or dropped ports (ports that are explicitly closed that an IP tries to connect to).

    It also checks for SYN flood attempts -- a bizillion connections from the same IP.

    All of the above are indicitave of a hack or Denial of service attempt.

    I guess if your FTP software had 100 connections open to the server at once it could happen.

    I reformatted and installed my Operating System fresh just last week on one machine, but today I couldn't get to the site from any of three different computers in the house.
    They all use the same router to connect except when using dial-up. It's good to know you have the safeguards in place.
    If this happens on a regular basis, email me with your current IP address, and I'll remove all blocks in the iptables file for your ISP so that all your ISP's IP's will be "clean" again. (I'll need to know what just one of them are to identify the rest)

    Leave a comment:


  • Guest's Avatar
    Guest replied
    Much obliged for the info, Brent...

    Qwest technicians thought that would be the case as well, a firewall that was blocking my ip. I am dynamic on both the DSL and the Dial-up. I renew the connections two or three times a day. But I observed that the SmartFTP program was "reconnecting" repeatedly while backing up the files. Perhaps those repeated reconnects to the server created the rule to block. Anyway, I won't do that again. I'll do my backups with FrontPage through http as I always have.

    I reformatted and installed my Operating System fresh just last week on one machine, but today I couldn't get to the site from any of three different computers in the house.
    They all use the same router to connect except when using dial-up. It's good to know you have the safeguards in place.

    Leave a comment:


  • bdh
    replied
    Hi Ed,

    Here's what happened: -

    How a dynamic firewall works

    We run a firewall system on our servers that checks for several signature activities of hackers and unauthorized break in attempts to our customers sites.

    For example, if more than "n" attempts are made to access an illegal port in "N" minutes by a specific IP address, that triggers a rule that will get it banned from accessing any port, website, anything at all on that particular server.

    What happened in your case

    Because you were are on dial up (in your case when your DSL failed), you do not have a fixed IP address. That means, every time you dial up, you get a different IP.

    Your original IP was a "good" one -- not blocked. When you lost your connection, you got a "bad" (one that is blocked by that server because it violated some rules in the past) IP when you reconnected and were denied access.

    Very important to understand

    If your story played out differently -- you got thrown off while you were downloading that could mean one of two things:
    1. You yourself are a hacker and are trying to hack into the server (obviously not the case in your case)
    2. Your PC has been zombied. This is very bad. What it means is that a hacker form elsewhere has control of your PC and is using it (your PC) to launch attacks against the sites you visit. In a case like this, your machine has been "rooted" and you need to give this immediate attention - usually by formatting your hard drive and re-installing everything if your antivirus software is unable to find and fix the problem.
    What to do?
    1. If you want us to unblock the IP you are using, we firstly need to know what it is. To find out what you IP is, click here. If this does not work (because the link is on one of our servers and your IP may be blocked there as well!), you can use this link instead.
    2. You need to get the IP to us. There are several ways:
      • Email us directly - our email address is in your welcome letter or you can get it from any previous correspondence
      • Email us online from here.
      • Post a message here on the board with the details - in the tech forums.
      • If you are acting on behalf of someone and have an account on the board, send a PM to bdh
      • If you can see the "contact us" link at the bottom of this page, you can use that (only as a last resort because this email does not get checked as often)
    3. If you have a dynamic IP address (Dial-up and most DSL accounts are), simply disconnecting for 60 seconds and re-connecting should get you a new IP and you're on your way.
    4. NOTE: We need to know the IP that is being blocked. If you hangup your modem and dialup again, you most likely get a NEW IP that is not blocked. Please make sure that when you report the IP, you report the one that is blocked.
    Also see this announcement on SMF Message Board and Firefox: http://bibleforums.org/showthread.ph...659#post696659

    Leave a comment:


  • Guilo
    replied
    What Happened was when you lost your connection you met certain conditions in our firewall blacklist conditions, so no you didn't break anything....

    or option 2. when you lost your connection and re-connected your isp assighned you the ip-address of someone who our server had blacklisted.

    both of these would explain your problem.

    Leave a comment:


  • Guest's Avatar
    Guest replied
    After shutting the modem off for a half-hour, I am now able to go to my site. It was just my own site that I couldn't go to...well, I asked the Lord to take care of it while the machines were shut off, and he is faithful to answer.

    Leave a comment:


  • Guest's Avatar
    Guest replied
    I use DSL now primarily, the dial up is for back-up and to keep my email address from before I had DSL - it's only 3.25 a month.

    Leave a comment:


  • LindaJ
    replied
    while your changing isp...get rid of dial up...not only is it more expensive in the long term it takes forever to view things.

    Leave a comment:


  • Guest's Avatar
    Guest replied
    Well, that's it - I can get on the site through ISP West dial-up but not on Qwest DSL - so it's Qwest that has the problem....so never mind....!

    Leave a comment:


  • Guest's Avatar
    Guest replied
    Thanks for looking - I can go to it through a proxy server at megaproxy.com but I can't get in to the email or the control panel. It's really weird! Firefox won't load it from here either - it's gotta be the Qwest network. I'm going to switch to dial up on a different network and see if I can get in...

    Leave a comment:


  • LindaJ
    replied
    I can see the site fine....i dont know what browser you are using but i have firefox...try that and see if it works for you.

    Leave a comment:


  • Guest's Avatar
    Guest replied
    If you can see the site, let me know -

    Leave a comment:

Working...
X