XNSIO
  About   Slides   Home  
 
Managed Chaos
Naresh Jain's Random Thoughts on Software Development and Adventure Sports
      
`
 
RSS Feed
Recent Thoughts
Tags
Agile agile bengaluru 2010 Agile Coach Camp agileindia agile india agileindia2012 Agile India 2012 AgileIndia2013 Agile India 2013 Agile India 2013 Workshops agileindia2014 Agile India 2014 agile mumbai 2010 ASCI Attendees Profile Code Coverage code smells Conference Continuous Deployment Continuous Integration cyclomatic complexity Design duplicate code Evolutionary Design Extreme Programming Industrial Logic Lean Lean Startup LinkedIn Open Source pair programming post modern agile primitive obsession smell Refactoring Refactoring Teaser Scrum SDTConf simple design TDD technical debt Test Driven Development Testing unit testing user stories video
Recent Comments
«

»

Locked Yourself Out? Rescue your IP from CSF’s Temporary Blacklist

We have a few Red Hat Enterprise Linux servers, all run ConfigServer and Security (CSF), which is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers. Amongst various other things, it looks for port scans, multiple login failures and other things that it thinks are ominous, and locks out the originating IP address by rewriting the iptables firewall rules.

For example, if you try to connect to the same server via http, https, ssh and svn within some short window of time, you are quite likely to incur its wrath. Developers at Industrial Logic often lock themselves out by getting blacklisted.

Generally when this happens, we ssh into one of our other server, connect to the server that has blacklisted us, and execute the following command to see what is going on:

$ sudo /usr/sbin/csf -t

A/D IP address Port Dir Time To Live Comment
DENY 117.193.150.62 * in 9m 58s lfd – *Port Scan* detected from 117.193.150.62 (IN/India/-). 11 hits in the last 36 seconds

As you can see, csf blacklisted my IP for port scanning.

If your IP is the only record, you can flush the whole temporary block list by executing:

$ sudo /usr/sbin/csf -tf
DROP all opt — in !lo out * 117.193.150.62 -> 0.0.0.0/0
csf: 117.193.150.62 temporary block removed
csf: There are no temporary IP allows

Alternatively you can execute the following command to just remove a specific IP:

$ sudo /usr/sbin/csf -tr

The easiest way to find your (external) IP address is to visit http://www.whatsmyip.org/

If you have a static IP, then you can whitelist yourself by:

$ sudo /usr/sbin/csf -a

Related posts:

  1. Another Project Rescue Report Some time back, I spent 1 Week helping a project (Server written in Java) clear its Technical Debt. The code...
  2. Project Rescue Report Recently I spent 2 Weeks helping a project clear its Technical Debt. Here are some results: Topic Before After Project...
  3. Reverse DNS Lookup freaking out on Windows Server for Chinese IP Address Recently an important client of Industrial Logic’s eLearning reported that access to our Agile eLearning website was extremely slow (23+...
  4. Setting up Tomcat Cluster for Session Replication If you have your web application running on one tomcat instance and want to add another tomcat instance (ideally on...
  5. Towards Continuous Deployment: Zero Downtime WebApp Deployment Lets assume you have a simple web application which runs on a web server like tomcat, jetty, IIS or mongrel...
  6. Usability and Security: Striking a Hard Balance Recently I was designing a web application which has a standard user registration module. You need a unique email address...
  7. Enabling Multicast on your MacOS (*Unix) All MacOS kernel are by default capable of sending and receiving multicast datagrams (packets). (So are other kernels in Unix...
  8. Hudson: Access Denied User is missing the Read permission Today I was adding some new users to our Hudson CI Server. Since we use Husdon’s Own User Database, I...
  9. Proxy Issues while installing Rails Plugins I’m trying to install restful_authentication plugin on a rails project on a Windows platform. Every time I try “ruby script\plugin...
  10. Linux Desktop – Journal Interview Recently I was interviewed by a Journal. Following is a section of it. 1. Is Linux to make a breakthrough...

This entry was posted on Sunday, October 9th, 2011 at 5:45 AM and is filed under Deployment, Hosting, Linux, Tools. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.


    Licensed under
Creative Commons License