User Tools

Site Tools


control-panels:cpanel-whm:i-cannot-access-sites-or-server-looks-like-my-ip-address-got-blocked-on-server-what-can-be-done

I cannot access my server - I think my IP got blocked by the firewall

Difficulty
Hard

If your public-facing IP address has been blocked in the firewall, the firewall block will need to be removed before you will be able to access the server normally. On a VPS, there is a Console available to you for this purpose. But if your server is a Dedicated Server,1) you will need to open a Support Ticket for assistance.

In order to unblock your IP address, you will first need to know what IP address to be checking for. If you need us to check the firewall for you, we also will need to know your IP address. Here are examples of websites that will tell you your current public-facing IP address:

If you have a VPS, the first step is to open the VPS Console. This article explains how to do that.

Once you are logged in via the VPS Console, it is time to remove the firewall block. First, check whether your server has csf installed. Most of our servers do, but if you are not sure, you can check using which. If you have csf installed in your server, the results should look like this:

[email protected] [/]# which csf
/usr/sbin/csf

Checking via CSF

If you have csf, then you can use the csf commandline options to unblock your IP, once you know whether it is a temporary or permanent block. That can be done with the -g option. Remember to replace the IP address in the command with your current public-facing IP address2)

Temporary Blocks

If the block is a temporary block, the results will look like this:

[email protected] [/]# csf -g 185.141.24.73

Chain            num   pkts bytes target     prot opt in     out     source               destination         

DENYIN           4     3640  218K DROP       all  --  !lo    *       185.141.24.73        0.0.0.0/0

Temporary Blocks: IP:185.141.24.73 Port: Dir:in TTL:604800 (lfd - 185.141.24.73 (RO/Romania/kylesun2.ampnode.com), more than 60 Apache 403 hits in the last 86400 secs)

The last line gives some information about the reason the IP was blocked, which can give you clues on which additional logs may need to be checked. But the block itself can be removed as follows:

[email protected] [/]# csf -tr 185.141.24.73
csf: 185.141.24.73 temporary block removed
csf: There are no temporary IP allows

We can check for the IP again to make sure the block was removed:

[email protected] [/]# csf -g 185.141.24.73

Chain            num   pkts bytes target     prot opt in     out     source               destination         
No matches found for 185.141.24.73 in iptables

If we want to see more details on why the IP was blocked, we will need to check the server logs. In this case it was due to having made too many http requests that resulted in status "403: Forbidden"

Permanent Blocks

Permanent blocks use a different command for removal. Here is an example of the search results for an IP that had a permanent block:

[email protected] [/]# csf -g 109.74.151.158

Chain            num   pkts bytes target     prot opt in     out     source               destination         

DENYIN           1        0     0 DROP       all  --  !lo    *       109.74.151.158       0.0.0.0/0

DENYOUT          1        0     0 LOGDROPOUT  all  --  *      !lo     0.0.0.0/0            109.74.151.158

csf.deny: 109.74.151.158 # lfd: (PERMBLOCK) 109.74.151.158 (SK/Slovakia/109.74.151.158.host.vnet.sk) has had more than 1 temp blocks in the last 604800 secs - Thu Sep  1 15:35:27 2016

Note how the last line starts with "csf.deny" instead of "Temporary Blocks". In this case if we want to remove the block, we use this command:

[email protected] [/]# csf -dr 109.74.151.158
Removing rule...

As before, we can check to make sure the removal worked:

[email protected] [/]# csf -g 109.74.151.158

Chain            num   pkts bytes target     prot opt in     out     source               destination         
No matches found for 109.74.151.158 in iptables

As before, if we want to see why the IP had been blocked, we would need to check the server logs. We can see in this case that a permanent block was assigned due to having too many temporary blocks against it, but in this case it happened so long ago that the relevant logs have all rotated, and we will not be able to find the original reason.

Other

If your server is using the CSF/LFD firewall, but your IP address does not show any results when searching for blocks, then it is not an IP-block causing the connection issues. It may be worth checking if the needed ports are open, but it might also be that something other than the firewall is blocking you. If you want to rule out csf as the cause, you can temporarily disable it. However, we strongly recommend before trying this that instead you open a Support Ticket.

Do not leave csf disabled for any longer than is needed. This is meant only as a troubleshooting measure, both temporary and brief.

If you want to temporarily disable the firewall, to check if that makes the difference between whether you are able to access the server, you can use this command:

# csf -x

It is important to re-enable the firewall again as quickly as possible. That can be done as follows:

# csf -e
1)
or if you prefer we check the firewall for you
2)
or the IP address of whoever you are checking for, if it is not you that is blocked
control-panels/cpanel-whm/i-cannot-access-sites-or-server-looks-like-my-ip-address-got-blocked-on-server-what-can-be-done.txt · Last modified: 2016/10/21 15:44 by Marjorie S.