Transition Technology: Ticket #856: Blocked IP? http://localhost:8080/trac/ticket/856 <p> Hi Chris </p> <p> I was trying to SSH into the site and got my password wrong a couple of times. </p> <p> Shortly afterwards the site appeared to be unavailable from this location. </p> <p> It seems fine in pingdom/proxy servers. </p> <p> My guess is something like fail2ban or similar has added this IP to a blacklist? </p> <p> I wouldn't be too bothered except it's Ade's address and I think he probably wants access.. </p> <p> Could you check the logs if there is a blacklist and remove 146.198.11.57 </p> <p> Thanks </p> <p> Sam </p> en-us Transition Technology /trac/chrome/site/TransitionNetwork-Logo-Web-Small.jpg http://localhost:8080/trac/ticket/856 Trac 0.12.5 chris Tue, 02 Jun 2015 13:21:27 GMT hours, totalhours changed http://localhost:8080/trac/ticket/856#comment:1 http://localhost:8080/trac/ticket/856#comment:1 <ul> <li><strong>hours</strong> changed from <em>0.0</em> to <em>0.1</em> </li> <li><strong>totalhours</strong> changed from <em>0.0</em> to <em>0.1</em> </li> </ul> <p> Yes that IP is blocked, I got this email earlier: </p> <pre class="wiki">Date: Tue, 2 Jun 2015 13:30:54 +0100 (BST) From: root@puffin.webarch.net To: chris@webarchitects.co.uk Subject: lfd on puffin.webarch.net: blocked 146.198.11.57 (GB/United Kingdom/57.11.198.146.dyn.plus.net) Time: Tue Jun 2 13:30:54 2015 +0100 IP: 146.198.11.57 (GB/United Kingdom/57.11.198.146.dyn.plus.net) Failures: 5 (sshd) Interval: 300 seconds Blocked: Permanent Block Log entries: Jun 2 13:29:35 puffin sshd[22620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.198.11.57 user=sam Jun 2 13:29:37 puffin sshd[22620]: Failed password for sam from 146.198.11.57 port 63849 ssh2 Jun 2 13:29:50 puffin sshd[22620]: Failed password for sam from 146.198.11.57 port 63849 ssh2 Jun 2 13:30:22 puffin sshd[22620]: Failed password for sam from 146.198.11.57 port 63849 ssh2 Jun 2 13:30:53 puffin sshd[25538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.198.11.57 user=sam </pre><p> So following the documentation, <a class="wiki" href="http://localhost:8080/trac/wiki/PuffinServer#Falsepositives">PuffinServer#Falsepositives</a> </p> <pre class="wiki">csf -dr 146.198.11.57 Removing rule... DROP all opt -- in !lo out * 146.198.11.57 -&gt; 0.0.0.0/0 LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -&gt; 146.198.11.57 csf -g 146.198.11.57 Chain num pkts bytes target prot opt in out source destination No matches found for 146.198.11.57 in iptables </pre><p> So you should be OK now but I'd urge you to use ssh keys rather than passwords, email me your public key(s) if you are unable to login to add them. Also please use a passphrase on any ssh keys and also keep them and back them up only on encrypted filesystems. </p> Ticket