Locking me out of DA

zach

zach

Verified User
Joined
Dec 11, 2005
Messages
11
(BTW, Everytime I click login IT ALWAYS LOGS ME IN, its as if it's doing what it usually does, but whenever i log in, it reads in the security.log as me logging unsuccessfuly into (null)'s account.)

I have a link that I normally click on in my toolbar, takes me right to http://sharpnet.net:2222/
Username and password is already filled in, I HAD TO CHANGE MY IP TO GET BACK IN. Here's the logs:



2005:12:11-21:17:44: 24.31.117.187 has tried to log in 15 times, unsuccessfully, this time into (null)'s account ***
2005:12:11-21:17:44: Adding 24.31.117.187 to the blacklist file: /usr/local/directadmin/data/admin/ip_blacklist
2005:12:11-21:17:44: *** 24.31.117.187 has tried to login with an invalid username: '(null)' ***
2005:12:11-21:45:15: *** 66.61.87.18 has tried to login with an invalid username: '(null)' ***
2005:12:11-21:45:15: *** 66.61.87.18 has tried to login with an invalid username: '(null)' ***
Click to expand...



And 24.31.117.187 was ME, just clicking login, here's what software I have.

[zach@bart]~$ php -v
PHP 5.1.1 with Hardening-Patch 0.4.8 (cli) (built: Dec 10 2005 02:39:14)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2005 Zend Technologies

DirectAdmin 1.25.5

[zach@bart]~$ uname -sr
Linux 2.6.9-5.0.3.ELsmp


I don't want customers getting banned just for logging in as normal, and I know I have the right password, BECAUSE ITS SAVED, and it works every time, I have a small feeling this might be PHP's fault..
 
Last edited:
Oddly enough, since today, I have the same problem! According to the settings, an IP should be banned after 20 attempts, but I am suddenly banned after I do 1 successful login with FF and then open the same site with IE. Happened twice today...

Is there such a thing as a ip.whitelist for directadmin? I oculdn't find it, but I'd like to add my ip!


UPDATE:

I still have the problem and it is kind of curious! Here is what happens / how to reproduce it (on my computer): I log into my DA control panel and wait for the session to time out. Effectively I am no longer logged in. I then move my mousepointer over the buttons (for example) at the top of the CP page and the images disappear and a 'broken' image is shown. This must be because access is no longer allowed because I am not logged in. But when I move over too many images, I get my ip blacklisted!! So apparently, trying to view an image on a page that you need to be logged in to see without being logged in, is seen as a failed login! I increased the number of failed logins before blacklisting, but conceptually this is kind of weird...


So I would certainly like to have a ip.whitelist for my ip, to prevent this happening again... If that possible? Or is it possible to prevent trying to see an image while not logged in, as a failed login attempt?

Thanks!

Harro
 
Last edited:
p.s. this only seems to happen on the new DA (1.30), at least I never noticed this effect before - can anyone reproduce this?
 
zach said:
(BTW, Everytime I click login IT ALWAYS LOGS ME IN, its as if it's doing what it usually does, but whenever i log in, it reads in the security.log as me logging unsuccessfuly into (null)'s account.)

I have a link that I normally click on in my toolbar, takes me right to http://sharpnet.net:2222/
Username and password is already filled in, I HAD TO CHANGE MY IP TO GET BACK IN. Here's the logs:
In addition, there are loads of other errors in the logs that are obvious problems. When i reported it too DA they told me not too worry about it. In my book, if there are no errors these things dont get written to the logs but they are. All kinds of entries that are obvious problems that i have never seen on any other control panels logs but DA.






And 24.31.117.187 was ME, just clicking login, here's what software I have.

[zach@bart]~$ php -v
PHP 5.1.1 with Hardening-Patch 0.4.8 (cli) (built: Dec 10 2005 02:39:14)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2005 Zend Technologies

DirectAdmin 1.25.5

[zach@bart]~$ uname -sr
Linux 2.6.9-5.0.3.ELsmp


I don't want customers getting banned just for logging in as normal, and I know I have the right password, BECAUSE ITS SAVED, and it works every time, I have a small feeling this might be PHP's fault..
Click to expand...


I reported this issue over 6 months ago both to DA and in the forums. Still has not been fixed.
 
Last edited:
Thanks for reacting Pucky - I did read your post, but didn't recognise it as the same problem I was having. Maybe that is also a reason why there has been nog reponse. It is possible that this cannot be avoided (but it would be nice to know, if this is the case).

Can anyone offer some wisdom on this matter?
 
Hello,

1) check the /usr/local/directadmin/data/admin/ip_blacklist to see if your IP is there. Remove it if it is.

2) Yes there is a whitelist, it's:
/usr/local/directadmin/data/admin/ip_whitelist
http://www.directadmin.com/features.php?id=705

3) note, that viewing the login page to get to / the fist time is considered 1 failed login attempt, so I never recomend very low values for this setting. 10 is probably as low as you'd want to go. Setting it to 2 would mean you'd get 1 try. If you're getting blacklisted after one attempt, you'd need to check the /var/log/directadmin/security.log to see how many attempts it thinks youve used. It's possible that if crond isn't running, the data/admin/login.hist never gets cleared from old failures (it clears the count in 5 minutes I believe) so if that isn't cleared, it could add up if you don't ever completely login.

John
 
John, thank you for the clear explanation. Particularly the ip_whitelist is great. I guess we should read the feature-list more carefully next time :)
 
Bug?

Having my IP in the whitelist file doesn't work for me -- I still can't log in without deleting my IP from the blacklist.

I had to create /usr/local/directadmin/data/ip_whitelist myself (there was an entry for it in the file editor in DA, but the actual file wasn't there). I've set it to chmod 600, owned by root. I tried chown'ing to diradmin:diradmin, but that didn't work either. I restarted DA after each change to the files, before trying to log in again.

The IP was copied from ip_blacklist, so it's definitely the same.

I'm running DA 1.30.2

Is that a bug in that version? Should I ask my server manager to upgrade?
 
You should already be able to edit the whitelist through DA.

Admin Level -> File Editor -> /usr/local/directadmin/data/admin/ip_whitelist

John
 
Ladies and fellers, I REALLY hate to kick a dead dog back to life, but this issue is still as real as the day light. And all the answers keep saying to go into the admin and use the file editor to edit the file. Now that really makes perfectly good sence.....IF I was not black listed ;)

I know how to login to root via ssh and I even was able to pull up the ip_blacklist file. How can I edit this file via SSH? I am SSH illiterate so please explain in easy terms to me. I normally pay someone to do this stuff for me but like everyone else now days, I have fallen on some very bad times sadly enough and can not pay anyone the hundreds of $$$ they want to help me. Now I am stuck banned off of my server with no way in unless I can figure out how to un ban myself via SSH. Please help.

Oh and DA, is it yet time to fix this problem? I host a few websites for others as well on my server and a few of them have been banned as well from the ol' missing images problem.

Thanks in advance for any help you may have to offer.
 
The vi editor is on most Linux and FreeBSD implementations.

Code: 
# man vi
will teach you how to use it.

Jeff
 
Yeah my apologies if I sounded a tad grumpy about it ;) I was frustrated and after I calmed down, I remembered I could just as easily change my ip. That did the trick.

I do appreciate the quick response and will definatly look into it. I am still trying to wrap my brains around this shell stuff.
 
You must log in or register to reply here.
Back
Top