cPHulk could detect this and then use iptables to block IP 123.123.123.123 from accessing the server on any port. Let's say that a brute force attack from IP 123.123.123.123 was being performed on port 21. I like to use nmap like this: nmap -p 80,443 serverIPįiltered usually means a firewall is blocking the connection.ĬPhulk is not a firewall, although it does interact with the firewall.ĬPHulk provides brute force protection for cPanel services: imap, cpanel, whm, webmail, sshd, ftp. Temporarily disabling the cloudflare proxy by turning the cloud grey in the CF interfaceĬhecking the firewall on the server as well as the firewall at the hosting provider. What you do from there depends on what you find. Tail -fn0 /var/log/nginx/access.log tail -fn0 /var/log/nginx/error.log It is also a good idea to tail the nginx log as you're making the requests. Note that you'll want to check both http and https because they might be responding differently. To further help I recommend making a few curl requests like this to find out what kind of HTTP response you're getting: It is helpful to know that Apache is responding on 8080. It would be more helpful to get specifics like: I get a 503 HTTP response etc etc. When a site is "down" the symptoms could be interpreted wildly differently, so it's hard to make a good guess as to what might be wrong. Anyone have any insight on this, I spent 4+ hours on this last night, looking at it again today.
I'm really at a loss of what the problem can be, it just started suddently, no configuration changes were made to their servers I was told but I can't be sure. if I remove a site from cloudflare I can get to the site on the apache server by adding :8080/ to the url but I can't get to the site on :80/ which is the nginx proxy. I've narrowed down the problem to nginx and cloudflare. Editing these may cause more harm since I'm sure cpanel wants things to be in certain places or it will stop working. I'm hesitant to dive in to the configuration files because engitron edits the nginx and apache2 conf files along with cpanel in between this for the certs and virtual hosts, basically these two apps/services are doing all of the legwork on the config. Literally everything is running like it should, error logs are clear, all systems are "up". All of the sites are now down and I can't figure out why. Letsencrypt certs, and cloudflare inbetween all of this. They're using "engintron" plug-in to run nginx as a reverse proxy on 80 to an apache server on 8080 which runs the sites. Hi all, I have doozy, a company asked me to look at their server they're running CentOS with cpanel to manage and host all of their web sites.
0 kommentar(er)
