0

I was experiencing slowness to a crawl issues with my server and hired a SysAdmin to fix it but he didn't and only made it worse. Now, I can't access anything on it unless via VPN. No Plesk, No SSH, no HTTP -- it all times out.

  1. The SysAdmin says all he did was install CSF. So, I unistalled it. Still nothing

  2. From ipTables Flush All Rules, Delete All Chains, and Accept All.

    sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -t nat -F
sudo iptables -t mangle -F
sudo iptables -F
sudo iptables -X

    Still Nothing

  3. Whitelisted my IP in fail2ban and disabled firewall completely (in Plesk). Nothing!
  4. Talked to SysAdmin and host (Mediatemple) to no avail. (another SysAdmin says talk to your ISP - facepalm)
  5. Start a brand new Plesk server - I have access to it. Yey.
  6. Start a migration of every domain from the old Plesk. (using Plesk migration manager)

In the middle of migration I'm blocked out of the new server as well. I have no idea what's going on at this point. So whatever blocks me got migrated.

If it's not firewall, or not CSF, or fail2ban where else to look?

Please help! (Lost all hope in self-proclaimed SysAdmins with 12 years of experience)

Miro
  • 101
  • 5
  • 1
    This question might be off-topic for two reasons: it's way too broad, as it could be anything. We don't know what's the last steps of your migration, as you don't describe in detail what you have done. We don't know what the so-called sys admin really had done. These two may or may not be related. Also, questions involving web hosting control panels are off-topic here. – Esa Jokinen Mar 22 '20 at 06:15
  • @EsaJokinen I'm with you. I posted here out of desperation. Do you have any advice as to who do I hire or where do I look for help? – Miro Mar 22 '20 at 06:32
  • 1
    It almost sounds like someone - likely your hosting provider is seeing what they dean suspicious traffic and null routing the IP. – davidgo Mar 22 '20 at 06:49
  • 1
    When it doubt, fire up a tcpdump/wireshark. Either on your client, the server, or maybe both. Find out if your requests are getting to the server at all. If the packets are getting to the server, then troubleshoot there. If not work with the ISP. This is more of a 'performance' chart, but a lot of the tools would be useful. http://www.brendangregg.com/Perf/linux_observability_tools.png – Zoredache Mar 22 '20 at 07:00
  • @Zoredache Thanks a lot for the help. Feeling so proud by being able to troubleshoot it myself (with your help of course) Turned out to be Comcast. See my answer :) – Miro Mar 25 '20 at 22:54

3 Answers3

0

Are you saying both fail2ban and CSF have been installed on the server ? They both do the same thing. The sysadmin should not have done this if fail2ban was already running. It's like running two antivirus solutions in parallel - not good. Otherwise CSF is great.

Since your question is tagged Centos, I suspect that your firewall is firewalld and not iptables. iptables may be installed but not active, so flushing rules has no effect.

To confirm run this command:

systemctl status firewalld

I have not used Plesk for so many years, so I can't advise much at the moment but I would make sure that it's not adding its own protections on top of what the server may already have.

To have a quick overview of running services on your system:

systemctl --type=service --state=running

Feel free to update the question with your findings.

Kate
  • 487
  • 3
  • 8
0

I had similiar issue with one of my servers lately. I could only connet it via VPN. It was a misconfigured VPN problem, it wasn't visible from outside.

I had to rewrite VPN Routing rules.

qba-dev
  • 196
  • 4
0

Thanks for all the help I got from the amazing folks who responded here!

I was able to fix the issue by doing what @Zoredache recommended.

I ran Wireshark on the my end and tcpdump on the server.

Wireshark was giving me:

10.1.10.1   10.1.10.20  ICMP    94  Destination unreachable (Port unreachable)

While tcpdump host MY_PUBLIC_IP was returning nothing. It does return something when using VPN though.

At this point I knew the issue was not the server blocking it. So I dove into my modem dashboard to look for issues. Turned off it's firewall completely and it still didn't work.

Long story short, Comcast has a new feature on it's latest modems, called xFinity Advanced Security that offers advanced firewall that is not on the modem itself but is configurable trough logging into xfinity.com. It's quite hard to find on top of that.

Here's some screenshots of where it's located. The link is in Port Forwarding out of all things... enter image description here

enter image description here enter image description here This is the message that hinted me to look for more settings: enter image description here

Miro
  • 101
  • 5