DirectAdmin blacklists your ip to fast

[sec-is]

As I am updating all of my DA servers (remove mod_php) I end up updating php via custombuild/build_software.html (the build in updater). On a VPS it may take up to an hour to do all of the php versions.
Any how, what happens: I am looking at the screen doing the update (compiling php_version1 up to verions4) and in a second tab I have the main screen to DA still open. Then I press F5 to reload, and I get to see that my IP has been blacklisted.
Yeah, right. Why? Doing what? I was just waiting for my update page to say 'done', which takes a long time. And note: the lines do keep coming in, so my session is still running!
As I am doing one after another VPS, I see this is a returning problem and I found that I am being FORCED to always create the whitelist.

Checking directadmin/login.log: Nope, not one failed login.
Checking directadmin/error.log: Nope, no mention of a failed login or IP block
Checking 2022-Dec-06.log
--> The main screen which was open had a javascript and send me to the logout page

06/12/2022:16:15:38 IP.IP.IP.IP GET /CMD_PLUGINS_ADMIN/custombuild/check_process.raw HTTP/1.1 admin
06/12/2022:16:15:45 IP.IP.IP.IP GET /CMD_PLUGINS_ADMIN/custombuild/check_process.raw HTTP/1.1 admin
06/12/2022:16:15:52 IP.IP.IP.IP GET /CMD_PLUGINS_ADMIN/custombuild/check_process.raw HTTP/1.1 admin
06/12/2022:16:15:53 IP.IP.IP.IP GET /CMD_LOGOUT HTTP/1.1 admin
06/12/2022:16:15:53 IP.IP.IP.IP GET / HTTP/1.1 (null)
06/12/2022:16:15:59 IP.IP.IP.IP GET /CMD_PLUGINS_ADMIN/custombuild/check_process.raw HTTP/1.1 (null)
06/12/2022:16:16:01 IP.IP.IP.IP GET /CMD_PLUGINS_ADMIN/custombuild/check_process.raw HTTP/1.1 (null)
06/12/2022:16:16:03 IP.IP.IP.IP GET /CMD_PLUGINS_ADMIN/custombuild/check_process.raw HTTP/1.1 (null)
06/12/2022:16:16:05 IP.IP.IP.IP GET /CMD_PLUGINS_ADMIN/custombuild/check_process.raw HTTP/1.1 (null)
06/12/2022:16:16:07 IP.IP.IP.IP GET /CMD_PLUGINS_ADMIN/custombuild/check_process.raw HTTP/1.1 (null)
06/12/2022:16:16:09 IP.IP.IP.IP GET /CMD_PLUGINS_ADMIN/custombuild/check_process.raw HTTP/1.1 (null)
06/12/2022:16:16:11 IP.IP.IP.IP GET /CMD_PLUGINS_ADMIN/custombuild/check_process.raw HTTP/1.1 (null)
06/12/2022:16:16:13 IP.IP.IP.IP GET /CMD_PLUGINS_ADMIN/custombuild/check_process.raw HTTP/1.1 (null)
06/12/2022:16:16:15 IP.IP.IP.IP GET /CMD_PLUGINS_ADMIN/custombuild/check_process.raw HTTP/1.1 (null)
--- many lines come here after, since I am watching the output of the compiling

This is a bug ! ! ! I did not logout, my (open tab) browser did apparently.

And yes, the help text explains you can add this file to your edit_files, however, once kicked out, that is a nogo for me.

I am hereby requesting Direct Admin to STOP blacklisting an admin who is waiting for an update page to load.

OOPS: and the compilation even failed, all things happen at the same time.

/bin/sh /usr/local/directadmin/custombuild/php-8.1.12/libtool --silent --preserve-dup-deps --tag CC --mode=compile cc -Iext/fileinfo/ -I/usr/local/directadmin/custombuild/php-8.1.12/ext/fileinfo/ -I/usr/local/directadmin/custombuild/php-8.1.12/include -I/usr/local/directadmin/custombuild/php-8.1.12/main -I/usr/local/directadmin/custombuild/php-8.1.12 -I/usr/local/directadmin/custombuild/php-8.1.12/ext/date/lib -I/usr/include/libxml2 -I/usr/include/x86_64-linux-gnu -I/usr/include/libpng16 -I/usr/include/freetype2 -I/usr/local/directadmin/custombuild/php-8.1.12/ext/mbstring/libmbfl -I/usr/local/directadmin/custombuild/php-8.1.12/ext/mbstring/libmbfl/mbfl -I/usr/local/directadmin/custombuild/php-8.1.12/TSRM -I/usr/local/directadmin/custombuild/php-8.1.12/Zend -fno-common -Wstrict-prototypes -Wformat-truncation -Wlogical-op -Wduplicated-cond -Wno-clobbered -Wall -Wextra -Wno-strict-aliasing -Wno-unused-parameter -Wno-sign-compare -g -O2 -fvisibility=hidden -Wimplicit-fallthrough=1 -DZEND_SIGNALS -I/usr/local/directadmin/custombuild/php-8.1.12/ext/fileinfo/libmagic -c /usr/local/directadmin/custombuild/php-8.1.12/ext/fileinfo/libmagic/apprentice.c -o ext/fileinfo/libmagic/apprentice.lo -MMD -MF ext/fileinfo/libmagic/apprentice.dep -MT ext/fileinfo/libmagic/apprentice.lo
cc: fatal error: Killed signal terminated program cc1
compilation terminated.
make: *** [Makefile:1157: ext/fileinfo/libmagic/apprentice.lo] Error 1
*** The make has failed. Exiting...
Done!

 

[Richard G]

I am hereby requesting Direct Admin to STOP blacklisting an admin who is waiting for an update page to load.

Maybe too. But I would rather suggest to behave like an admin and do such update via SSH instead of addons/plugins.

Login via SSH, use screen too so you can open multiple screens and even come back to the running process of the update if your connection get's lost.
This way you can also follow what's going on. No browser refresh needed, and sometimes via SSH it works better than via a plugin, which might not be up to date of have a bug too. These things happen.

 

[sld2349]

I don't know if they exist anymore or not, but in the following folder on my servers, there is an ip_blacklist and ip_whitelist file.

cd /usr/local/directadmin/data/admin

I was blacklisted and I had to remove my IP from ip_blacklist and add it to ip_whitelist.

nano /usr/local/directadmin/data/admin/ip_blacklist

nano /usr/local/directadmin/data/admin/ip_whitelist

Then:

systemctl restart directadmin

I've never been blacklisted by myself again. I had to do the same for my VPS IP with WHMCS running on it because it was being blacklisted for pinging my dedicated hosting server too often.

Also, what Richard G said about running updates as root from SSH is a good idea too.

I have always done updates that way and I haven't had these types of problems with updates whether for DA or for my server's OS.

 

[sec-is]

Adding my ip to the whitelist was easy, I did mention that. The thing is just that I found a bug and wanted DA to know this.

The comment above also ended in the fact that php could not be compiled.
make: *** [Makefile:1157: ext/fileinfo/libmagic/apprentice.lo] Error 1

A little bit of research led me to explanations about memory.
For reference: build-php-8-1-1-returns-a-fatal-error

My VPS does have 2GB, and a small swapfile.
After increasing the swapfile, compiling was working again (0.25GB to 2 GB). I only did the one that failed before, like so:
./build php_expert 8.1 php-fpm
I did (this time) do the php udate in SSH (using screen like Richard suggested), and was able to compile php after all.

The compilation of php was a side-talk. My original message is/was that DA is blocking an admin who is doing work. It would be nice if they look for an improvement. Blocking a user that is not even trying to 'login' is not correct imho. As for me: I know I will have to keep pressing F5 on any open TAB with DA in it, or close it altogether! It is the cal to CMD_LOGOUT which triggers DA to block your IP if you are still receiving output in another (active) tab. The javascript: var logout_timeout = setTimeout('log_me_out();', 60*60*1000); (this also shows how long compiling 3 php versions takes: over an hour).

 

[Zhenyapan]

@sec-is https://docs.directadmin.com/getting-started/installation/overview.html
"A minimum 2 GB of memory is required (4+ GB is preferred), with at least 4 GB of swap memory."
so DA recommends 6+ GB ram+swap

 

[sec-is]

@sec-is https://docs.directadmin.com/getting-started/installation/overview.html
"A minimum 2 GB of memory is required (4+ GB is preferred), with at least 4 GB of swap memory."
so DA recommends 6+ GB ram+swap

Software has evolved. The required memory as well.

Let me get back to the point.
The point is that Direct admin software blocks your ip when doing work. I am waiting for a DA employee to pick this up.

 

[Jordz2203]

@DirectAdmin Support Was this ever looked into? Our office IP keeps getting blacklisted and needs to be removed in the ip_blacklist file. We can whitelist but it will happen for clients too. Why does this happen

 

[sec-is]

It has to do with the way Direct Admin UI works. It has a timeout, but there are scripts which do requests on json level. When a json request comes in, DA sees there i no session and marks this as a break in attempt. After a few attempts the IP gets blocked.
This can easily be fixed, DA needs to lok back in the login list and see and check that the json call is from a a user with an expired session. This is maybe not as easy as I think, but I do see this as a potential solution.
And no, I do not know if this is exactly what happened to you. It needs some research, but I am quite sure it has to do with expiring sessions.

 

[ShinJii]

I have the same problem after upgrade to 1.646, if I'm logged in and have opened that card in browser and then hibernate my computer, after resume from hibernation my IP is blacklisted because there's something like a "loop" after resume or I don't know....
Everytime I have to go SSH and delete my IP from /usr/local/directadmin/data/admin/ip_blacklist even if I have my IP whitelisted in CSF
@smtalk @DirectAdmin Support

 

[Richard G]

even if I have my IP whitelisted in CSF

If you're ip is whitelisted in CSF then DA can still block you, it has it's own whitelist.
You can add your ip to /usr/local/directadmin/data/admin/ip_whitelist and then it will prevent you from being blacklisted. Create the file if it does not exists yet.

However... the issue should be fixed ofcourse.

 

[ShinJii]

If you're ip is whitelisted in CSF then DA can still block you, it has it's own whitelist.
You can add your ip to /usr/local/directadmin/data/admin/ip_whitelist and then it will prevent you from being blacklisted. Create the file if it does not exists yet.

However... the issue should be fixed ofcourse.

Yeah I know I can do that but it's annoying if you have 5-10 servers