locked out from server

From time to time I get locked out of my vps running directadmin as a control panel. While 'locked out' I have no access to any service, even a simple ping times out. When I try to log in or access my mail, sites or the DA controlpanel from my office (or any other IP than my home) everything works fine.
My home IP is static. It is whitelisted in both DA's brute force page as in CSF. I also have it in /usr/local/directadmin/data/admin/ip_whitelist. Still my IP appears to get blocked on a regular basis. I will have no access for a while (sometimes a couple of minutes, sometimes half an hour or so).
I tried to search the logs but I am far from a specialist so I have no clue what logs to search in or even where to find them.
Any body have a clue what might be happening or at least point me in the right direction for some useful log files?
My server is running CentOS, I have administrator privileges so I have full access.

Thanks,

Arjen

Heej Arnjen.

Ook Nederlander?

But since we're on an English language forum... did you doublecheck your ip with http://www.watismijnip.nl or kindline site? Because there is almost no ISP which will give you a real static ip. Unless you have a business account from Ziggo.
In some rare cases when work is done, the ip will be changed.

There is an option however to check what is going on, where you're ip is getting blocked. I presume you have CSF/LFD installed? If yes, let CSF send you email about any bruteforces or other things it checks. LFD will then send you an email if you get blocked and why.

You also say it's on a regular basis. Specify regular. Every couple of hours, or every day or every 2 days, every week or what kind of regular?

And last but not least.... are you working via wifi or have you also tried via utp cable when having these problems?

Yes, ook Nederlander ;-)

I did check my IP. Even though I do not officially have a static IP it has not changed in months. Wired or not makes no difference. And when I log in to my VPN at my office and redirect all traffic through the VPN I can access my server from the same laptop that was blocked before. So it's definitely an IP problem.
I am not sure about how often this occurs. I would say at least once every day, but I have not been home a lot lately so it's difficult to say. That's why I was looking for a log file to tell me what is going on.

I already have emails send if an Ip is blocked, I now set csf to send me the log once a day. But so far I could not find my IP in the csf logs.

Tnx, Arjen

Yeah I got the same situation, the ip only changes seldom, and that's good.

Wel, if you are able to reach your server via your VPN connection when you are blocked, you should be able to see if it's a CSF block or not.
If it's a csf block your ip will be listed in /var/lib/csf/csf.tempban (or /etc/csf/csf.deny on a perm ban) and the cause would be mentioned in /var/log/lfd.log because lfd does the triggering.

If you can't find anything in there. You can check with iptables -L then find the block list and se if your ip is in there.
In that case iptables is running with some other configuration too which might be conflicting, or you might have also setup BFM for Directadmin with iptables and that could be conflicting with CSF which could cause the blocks.

So best is to monitor your lfd.log and iptables block lines from iptables -L to see what's going on.

I could have a look for you also, only today I'm on a short time table so I might have more time tomorrow.

Short on time is the understatement of the year in my case. Hence me being not home too often lately. Next time I cannot reach the server from home (this only happens from home, never from my office) I'll check mentioned logs. I'll check back as soon as I know more (one way or the other).

Tnx,

Arjen

Allright, hope you'll find it. If you want me to have a check you can always send me a pm.