Dismiss Notice
It can take 24-48 hours for the hosting/Teamspeak applications to be reviewed. Opening a thread before 48 hours, asking about the application timeline will result in your account and application being deleted permanently.

Mod_Security Setup Tips?

Discussion in 'Free VPS Hosting' started by IEpicDestroyer, Sep 23, 2017.

  1. Bryan

    Bryan Administrator

    Messages:
    5,886
    Likes Received:
    945
    This should work now. Unfortunately, I had to unblock everything on the entire server, including the free VPS. So I still have some work to do. But something in the iptables was not liking your VPS, and I still don't know what that something is. Have to figure that out.
     
  2. IEpicDestroyer

    IEpicDestroyer Premium VPS Client

    Messages:
    98
    Likes Received:
    18
    Still isn't like me at all, let me see if a restart helps, I haven't done that in.. let see...
    root@server7:~# uptime
    12:33:28 up 149 days, 14:02, 2 users, load average: 0.39, 0.36, 0.33

    Lets say too long. :)

    It's working now... only on IPv4 so I'll just change PHPBB to connect to a IP instead of a hostname so it doesn't time out when it's trying the first IP. Before none of them worked, so at least something's working. IPv6 is still blocked, but I can work with it.

    For some reason, after I restarted the server, I'm having issues with Fail2Ban, would hit 100% after starting it for a minute... It stays there until I restart the process. Is this issue known?
     
    Last edited: Oct 7, 2017
  3. Bryan

    Bryan Administrator

    Messages:
    5,886
    Likes Received:
    945
    It's that particular server then that you're trying to connect to. This is directly from your VPS:

    Code:
    telnet mx1.wswd.net 25
    Trying 45.35.121.20...
    Connected to mx1.wswd.net.
    Escape character is '^]'.
    220-dfw.private-rack.com ESMTP Exim 4.89 #1 Sat, 07 Oct 2017 12:46:22 -0700
    220-We do not authorize the use of this system to transport unsolicited,
    220 and/or bulk e-mail.
    
     
  4. IEpicDestroyer

    IEpicDestroyer Premium VPS Client

    Messages:
    98
    Likes Received:
    18
    That's on IPv4, IPv6 is still acting up on me for the servers that support it, like Google and Yandex.

    root@server7:~# telnet gmail-smtp-in.l.google.com 25
    Trying 2607:f8b0:400e:c05::1a...
    Trying 74.125.28.27...
    Connected to gmail-smtp-in.l.google.com.
    Escape character is '^]'.
    220 mx.google.com ESMTP f2si3764141pfj.371 - gsmtp
    quit
    221 2.0.0 closing connection f2si3764141pfj.371 - gsmtp
    Connection closed by foreign host.
     
  5. Bryan

    Bryan Administrator

    Messages:
    5,886
    Likes Received:
    945
    I'll take a look at the IPv6.
     
  6. IEpicDestroyer

    IEpicDestroyer Premium VPS Client

    Messages:
    98
    Likes Received:
    18
    If your using iptables to block this, is it still blocked in ip6tables? But why is port 465 blocked anyway? I thought port 25 and 587 would be blocked because that's the ports other servers use to receive emails if it's directly sent.
     
  7. Bryan

    Bryan Administrator

    Messages:
    5,886
    Likes Received:
    945
    We block every email related port on the free servers.
     
  8. IEpicDestroyer

    IEpicDestroyer Premium VPS Client

    Messages:
    98
    Likes Received:
    18
    Oh... would have made sense to let people to connect to third party email relay servers if it was a IP reputation issue (aka prevent spam from being sent from the IP). I personally haven't ran into a issue in the past that prevented me from sending emails to a relay even if it was a free service so I just expected it to be the same.

    Edit: hmm.. port 25 is allowing connections, but port 465 or 587 is still refusing to connect over IPv4..
     
    Last edited: Oct 7, 2017
    Bryan likes this.
  9. Bryan

    Bryan Administrator

    Messages:
    5,886
    Likes Received:
    945
    Yes, I haven't gotten there yet. Still trying to work out the Port 25 issues, and determine why exactly things aren't working as designed.
     
  10. IEpicDestroyer

    IEpicDestroyer Premium VPS Client

    Messages:
    98
    Likes Received:
    18
    Is there a way to like say forward all traffic that's heading to a IP or a port and forward it over a ssh tunnel to a different server before connecting to the smtp server? That way, this doesn't really need to get fixed, I get what I want done, and nothing is sent from your IPs.
     
  11. Bryan

    Bryan Administrator

    Messages:
    5,886
    Likes Received:
    945
    It should all be working now, both IPv4 and IPv6. I still have to lock it down at some point, but for now, all should be working.
     
  12. IEpicDestroyer

    IEpicDestroyer Premium VPS Client

    Messages:
    98
    Likes Received:
    18
    Umm... did you break IPv6 while doing this or it's unrelated?

    ping6 google.com
    connect: Network is unreachable

    IPv4 is working properly, but since my site depends on IPv6, my stuff is down! D:
     
  13. Bryan

    Bryan Administrator

    Messages:
    5,886
    Likes Received:
    945
    That was unrelated. Can you try again?
     
  14. IEpicDestroyer

    IEpicDestroyer Premium VPS Client

    Messages:
    98
    Likes Received:
    18
    ping6 google.com
    connect: Network is unreachable

    Nope, still not working for me. Enabled IPv4 temporary so my site doesn't stay offline. According to the monitoring site I signed up, it was down for 2.5 hours before I noticed. So by now, around 3 hours?

    Before I enabled IPv4 traffic to the server, the site sorta loaded, kept refreshing it and I got part of the site like a few times, but the connection is cutting out.
     
  15. Bryan

    Bryan Administrator

    Messages:
    5,886
    Likes Received:
    945
    Is there anything weird running on your VPS that would cause this? I verified that IPv6 was working fine on your VPS. Now showing network unreachable.

    Yours is the only container having this issue.
     
  16. IEpicDestroyer

    IEpicDestroyer Premium VPS Client

    Messages:
    98
    Likes Received:
    18
    Idk, let me restart the container first and see, tried this and that failed:

    ifdown venet0 && ifup venet0
    SIOCDIFADDR: Cannot assign requested address
     
  17. Bryan

    Bryan Administrator

    Messages:
    5,886
    Likes Received:
    945
    Okay, I'll have a look.
     
  18. IEpicDestroyer

    IEpicDestroyer Premium VPS Client

    Messages:
    98
    Likes Received:
    18
    Finished restart, did the following (before, guessing you, restart the container again):

    root@server7:~# ping6 google.com
    connect: Network is unreachable
    root@server7:~# ifconfig
    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    UP LOOPBACK RUNNING MTU:65536 Metric:1
    RX packets:4 errors:0 dropped:0 overruns:0 frame:0
    TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:200 (200.0 B) TX bytes:200 (200.0 B)

    venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
    inet addr:127.0.0.2 P-t-P:127.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.255
    UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
    RX packets:1364 errors:0 dropped:0 overruns:0 frame:0
    TX packets:2564 errors:0 dropped:2 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:168227 (168.2 KB) TX bytes:444903 (444.9 KB)

    venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
    inet addr:xxx.xxx.xxx.xxx P-t-P:xxx.xxx.xxx.xxx Bcast:xxx.xxx.xxx Mask:255.255.255.255
    UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1

    The IPv6 just dropped from my VPS...
     
  19. Bryan

    Bryan Administrator

    Messages:
    5,886
    Likes Received:
    945
    Working now.
     
  20. IEpicDestroyer

    IEpicDestroyer Premium VPS Client

    Messages:
    98
    Likes Received:
    18
    Hm... doesn't seem to be on the VPS:

    root@server7:~# ping6 lg.he.net
    connect: Network is unreachable
    root@server7:~# ping6 google.com
    connect: Network is unreachable
     

Share This Page