Cannot access directadmin/websites are down also

[lakis]

Hello,

suddenly this morning i got a mysql error for all my websites. I restarted the service but problem didnt fix so i decided to restart the server but now nothing is working. All websites and emails are down, i cannot even login to derictadmin interface.

I have restart all services from putty to the server but nothing happend.

Can someone help me bring the server back. Its very urgent, i will pay if needed

thank you

 

[ranz]

what's the IP of your DA box?

 

[SeLLeRoNe]

check from ssh if apache is started or if there is some process using port :80 or port :2222

If you got a firewall, try connect from another IP (maybe u went into fw blacklist)

Give us IP for further information and checks

 

[lakis]

hello.

I found out that port 80 and 2222 suddenly are blocked for some reason. I managed to browse directadmin and the websites using the ip but not the domain.
The ip of directadmin is 188.40.67.76/:2222

I have opens ports 80,2222 and 53 at etc/sysconfig iptables file using the following code:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2222 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT

and i restarted the service using service iptables restart.

Now all websites are working using the user name http://188.40.67.76/~yesfx/ and i can login to directadmin also. But the websites still dont work using the domain names.

 

[floyd]

I found out that port 80 and 2222 suddenly are blocked for some reason. I managed to browse directadmin and the websites using the ip but not the domain.

Then that means that port 80 and port 2222 are NOT blocked.

You still have not given us a domain to check.

Have you checked to see if named is running? How come you don't have UDP 53 open?

It looks like the default RedHat Firewall was used which will blocked everything. You need to delete the default and use your own custom firewall solution.

 

[lakis]

No i mean that after the modification i was able to browse the website.

My ip is 188.40.67.76 and server name is server.webartscy.com. And a user website www.yesfx.com.cy.

All services are running

Have to say that i have 20 websites on server working for 3 months and suddenly this happen last night and i dont know the reason.

Thank you

 

[lakis]

and also this report is not so good i guess
http://www.intodns.com/webartscy.com

 

[floyd]

Either named is not running or its port is blocked. See #5.

 

[lakis]

it says that named is running and also port 53. Or not?

named 9746 1 0 19:27 ? 00:00:00 named -u named
root 10298 6960 0 19:59 pts/4 00:00:00 grep named

tcp 0 0 188.40.67.76:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
udp 0 0 188.40.67.76:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
unix 2 [ ] DGRAM 57534

What else i must check?

 

[floyd]

Assuming you host webartscy.com

dig @127.0.0.1 webartscy.com

 

[lakis]

here is the ports. Is there anything wrong?

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 2893/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 2893/dovecot
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 5082/mysqld
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 3047/exim
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 9030/directadmin
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 2893/dovecot
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 2893/dovecot
tcp 0 0 188.40.67.76:53 0.0.0.0:* LISTEN 9746/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 9746/named
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 3074/proftpd: (acce
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 9746/named
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3047/exim
tcp 0 0 :::80 :::* LISTEN 9692/httpd
tcp 0 0 :::22 :::* LISTEN 2910/sshd
tcp 0 0 :::443 :::* LISTEN 9692/httpd
udp 0 0 188.40.67.76:53 0.0.0.0:* 9746/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 9746/named
udp 0 0 0.0.0.0:33150 0.0.0.0:* 9746/named
udp 0 0 :::40022 :::* 9746/named

 

[lakis]

and the command u send me

; <<>> DiG 9.3.4-P1 <<>> @127.0.0.1 webartscy.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64333
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;webartscy.com.                 IN      A

;; ANSWER SECTION:
webartscy.com.          14400   IN      A       188.40.67.76

;; AUTHORITY SECTION:
webartscy.com.          14400   IN      NS      ns2.webartscy.com.
webartscy.com.          14400   IN      NS      ns1.webartscy.com.

;; ADDITIONAL SECTION:
ns1.webartscy.com.      14400   IN      A       188.40.67.76
ns2.webartscy.com.      14400   IN      A       188.40.67.106

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Apr 26 20:13:16 2010
;; MSG SIZE  rcvd: 115

 

[floyd]

Firewall is blocking port 53.

 

[lakis]

I used this to open it

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT

Is that how i open ports in Centos. It did work with port of 80 and 2222

 

[LawsHosting]

UDP and TCP needs to be open for port 53 btw, I made that mistake a long time ago!

 

[floyd]

UDP and TCP needs to be open for port 53 btw, I made that mistake a long time ago!

Post #5


.

 

[lakis]

Thank you guys it work.

So now i have to open all the ports in the same way?

22: ssh access

25, 587: smtp for exim to recieve email

53: dns (named), so your sites resolve. TCP and UDP here.

80, 443: apache traffic, http and https

110, 993: client pop email access
143, 995: clients imap email access

2222: DirectAdmin Access