Continuously getting temp banned (15-30min)

[Ch3vr0n]

For some reason (and it's been happening for a while now), when i log into my VPS running DA (login as admin, since there's multiple users & hostings on it) i constantly get temp banned. Even a simple action such as "show all users" can result in getting temp banned and "there was a problem loading the page). Happens in both of my browsers (Chrome & FF, latest versions). I logged in on my phone, manually did a quick allow (my ip is in the csf.allow list) yet it's still happening. Searching for the ip reveals no entries anywhere else

why is this happening and what can i do to stop this from happening?

 

[24x7server]

What's the output of below command?

csf -g YOUR_IP_ADDRESS_HERE

You should see output something like below :-

Temporary Blocks: IP:1.2.3.4 Port:20,21 Dir:in TTL:3600 (lfd - (ftpd) Failed FTP login from 1.2.3.4 (US/United States/1.2.3.4.static.quadranet.com): 15 in the last 600 secs)

 

[Ch3vr0n]

and where would i enter that. I have zero experience with command line (if it aint android related)

 

[24x7server]

Ok nevermind, you can search lfd logs through Directadmin too.

Login to Directadmin as admin > Click on ConfigServer Firewall&Security > Click on View iptables Log > Search for your IP address which is getting blocked > Click on Toggle Info option left hand side to get more information about the block.

 

[Ch3vr0n]

and that's where the "fun part" begins. It's not in there and it's happened at least 3 in the 3 hours the log record shows. If i do a normal search this is the output

Chain num pkts bytes target prot opt in out source destination

ALLOWIN 1 17170 949K ACCEPT all -- !lo * <my ip> 0.0.0.0/0

ALLOWOUT 1 18121 3575K ACCEPT all -- * !lo 0.0.0.0/0 <my ip>

csf.allow: <my ip> # Manually allowed: <my ip> (BE/Belgium/<my ip>.<my ISP>) - Tue May 2 17:34:39 2017

but that's because i've added it manually as is visible but doesn't seem to help, so might as well remove it

 

[Mattie]

Perhaps you did allow your IPv4 address but you are connecting through IPv6 can you confirm that?

 

[Ch3vr0n]

IPv6 doesn't exist here yet. We're lucky to have almost country wide fiberoptic cable. That said, VPS hoster thinks he tracked down the issue. It seems my ISP might be setting up a tunnel and routing my assigned IP over a different IP. Causing the logged in IP not matching the session IP on record which triggers an "admin login rejection". I'll be reporting back if i make any progress.