Server Blocked itself 127.0.0.1

dm800pvr

Verified User
Joined
Jul 6, 2012
Messages
16
hi there,

Recently I've got yhis email
Brute-Force Attack detected in service log from IP(s) 127.0.0.1 on User(s) fcgtotma, lopnrnrf, ronakfkh, wracicim

after that I have no access to SSH or directadmin admin page
I've installed this script:
http://help.directadmin.com/item.php?id=380

Which seems to block all incomming connections to server
What should I do now!
Sites opens normally but SSH and directadmin port blocked by any IP(I've tested many IP's)

Thanks in advance
 
Hello,

If you have root password and access into Directadmin as admin, you can still reconfigure your SSH and iptables rules. So contact me by PM, and I can help you in terms of a commerce service.

If you have no access into Directadmin, then you should contact your DC.
 
Hello,

If you have root password and access into Directadmin as admin, you can still reconfigure your SSH and iptables rules. So contact me by PM, and I can help you in terms of a commerce service.

If you have no access into Directadmin, then you should contact your DC.

Hi zEitEr,

thanks for yoru reply I have access to directadmin but server blocks that port it's not default port 2222 and I have admin access but now seems localy
 
Hi zEitEr,

thanks for yoru reply I have access to directadmin but server blocks that port it's not default port 2222 and I have admin access but now seems localy

Don't know what you mean... but is it possible to connect to directadmin from any IP? You could send me a PM with a link to directadmin, so I could check and try to connect to it... (without password)

If it's not possible to connect to Directadmin and SSH either, then you should contact your DC or try to use Dedicated/VPS control panel if there is any available... and try to boot the server in secure mode.
 
ya it's not possibl;e to connect with any IP because that script blocked all other port's instead of some default ports like:
$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT
#telnet
#$IPTABLES -A INPUT -p tcp --dport 23 -j ACCEPT
#DirectAdmin
$IPTABLES -A INPUT -p tcp --dport 2222 -j ACCEPT

in http://files1.directadmin.com/services/all/iptables

So I'm pretty sure no one can open blocked port

Thanks for your help I'll contact DC about this and post result here

PS: I have no idea about "secure mode" is this a feature in servers? I have a VPS running DA on it.

PS2: I'm thinking about a method to disable iptables in startup is it possible?
 
I have no idea about "secure mode" is this a feature in servers? I have a VPS running DA on it.

Depending on DC you are using.... there might be a control panel which would allow to boot server in rescue mode (I named it as secure mode by a mistake).

Depending on virtualization your VPS is running on you might have access into a filemanger of your server via VPS control panel (not Directadmin).

Where did you buy your VPS from?
 
I have access to power on/power off/reset/shutdown/reboot only
I contact them and asked them to change SSH port locally
I think they run vmware virtualization.
I have access to ftp only
Telnet too
 
everything works fine now!
thanks zE

to DA admins:|
Please edit this page:
http://help.directadmin.com/item.php?id=380
And beside SSH note add if some one changed directadmin port should update iptables script to reflect allowded ports after iptables restart !!
DA config to edit ports:
/usr/local/directadmin/conf/directadmin.conf

thanks
 
Back
Top