tmeister
Verified User
- Joined
- Feb 7, 2018
- Messages
- 5
Long and overly-detailed explanation:
I have a newish DA server installation to which I've migrated the users from an older DA server. Until this morning I'd not yet added that server to my monitor list (oops). I don't recall csf/lfd installed on the older server. I know we used fail2ban (I'd inherited this server from a small ISP we'd purchased in 2015), but never saw any references to csf or lfd until I set up this new server. So I'm not familiar with csf/lfd. All that said...
Last night apparently csf went nuts and seems to have blocked the entire Internet outside of whitelisted IPs. I found out this morning when I saw a trouble ticket about the server being unreachable. I verified I couldn't ping or otherwise reach it from my residential broadband account, then logged in to a whitelisted server and was able to reach it there. I immediately assumed this was a csf-related problem, so I issued the command "service csf stop." The server was then reachable. If I hadn't just woke up I would've poked around a bit - looked through iptable entries, for one - to try to figure out what triggered this problem, but alas, I was bleary-eyed and un-caffeinated. I'm poking around the server now, but thought I'd ask here if anyone has experienced something like this or can tell me where to go to poke through log files.
tl;dr A newish DA server seems to have blocked the entire Internet, other than whitelisted IPs, last night. Shutting down the csf server cleared up the problem. I'm looking for any advice on where to look to see what happened, or stories of similar experiences.
I have a newish DA server installation to which I've migrated the users from an older DA server. Until this morning I'd not yet added that server to my monitor list (oops). I don't recall csf/lfd installed on the older server. I know we used fail2ban (I'd inherited this server from a small ISP we'd purchased in 2015), but never saw any references to csf or lfd until I set up this new server. So I'm not familiar with csf/lfd. All that said...
Last night apparently csf went nuts and seems to have blocked the entire Internet outside of whitelisted IPs. I found out this morning when I saw a trouble ticket about the server being unreachable. I verified I couldn't ping or otherwise reach it from my residential broadband account, then logged in to a whitelisted server and was able to reach it there. I immediately assumed this was a csf-related problem, so I issued the command "service csf stop." The server was then reachable. If I hadn't just woke up I would've poked around a bit - looked through iptable entries, for one - to try to figure out what triggered this problem, but alas, I was bleary-eyed and un-caffeinated. I'm poking around the server now, but thought I'd ask here if anyone has experienced something like this or can tell me where to go to poke through log files.
tl;dr A newish DA server seems to have blocked the entire Internet, other than whitelisted IPs, last night. Shutting down the csf server cleared up the problem. I'm looking for any advice on where to look to see what happened, or stories of similar experiences.