In a recently deployed server running Hestia 1.4.2
I get ERR_CONNECTION_TIMED_OUT in Google Chrome / same error in Firefox…
Not banned by fail2ban.
The problem persists if I disable iptables.
nginx -t → ok
systemctl status apache2 → ok
lsof -i | grep nginx
nginx 36920 root 161u IPv4 32106659 0t0 TCP my-server.com :http (LISTEN)
nginx 36920 root 162u IPv4 32106660 0t0 TCP my-server.com :https (LISTEN)
nginx 36920 root 163u IPv4 32106661 0t0 TCP localhost:8084 (LISTEN)
nginx 36921 www-data 161u IPv4 32106659 0t0 TCP my-server.com :http (LISTEN)
nginx 36921 www-data 162u IPv4 32106660 0t0 TCP my-server.com :https (LISTEN)
nginx 36921 www-data 163u IPv4 32106661 0t0 TCP localhost:8084 (LISTEN)
nginx 36922 www-data 161u IPv4 32106659 0t0 TCP my-server.com :http (LISTEN)
nginx 36922 www-data 162u IPv4 32106660 0t0 TCP my-server.com :https (LISTEN)
nginx 36922 www-data 163u IPv4 32106661 0t0 TCP localhost:8084 (LISTEN)
nginx 36923 www-data 161u IPv4 32106659 0t0 TCP my-server.com :http (LISTEN)
nginx 36923 www-data 162u IPv4 32106660 0t0 TCP my-server.com :https (LISTEN)
nginx 36923 www-data 163u IPv4 32106661 0t0 TCP localhost:8084 (LISTEN)
nginx 36924 www-data 161u IPv4 32106659 0t0 TCP my-server.com :http (LISTEN)
nginx 36924 www-data 162u IPv4 32106660 0t0 TCP my-server.com :https (LISTEN)
nginx 36924 www-data 163u IPv4 32106661 0t0 TCP localhost:8084 (LISTEN)
lsof -i | grep apache
apache2 29952 root 3u IPv4 32069925 0t0 TCP localhost:tproxy (LISTEN)
apache2 29952 root 4u IPv4 32069927 0t0 TCP my-server.com:8443 (LISTEN)
apache2 29952 root 5u IPv4 32069929 0t0 TCP my-server.com :http-alt (LISTEN)
apache2 35050 www-data 3u IPv4 32069925 0t0 TCP localhost:tproxy (LISTEN)
apache2 35050 www-data 4u IPv4 32069927 0t0 TCP my-server.com:8443 (LISTEN)
apache2 35050 www-data 5u IPv4 32069929 0t0 TCP my-server.com :http-alt (LISTEN)
apache2 35065 www-data 3u IPv4 32069925 0t0 TCP localhost:tproxy (LISTEN)
apache2 35065 www-data 4u IPv4 32069927 0t0 TCP my-server.com:8443 (LISTEN)
apache2 35065 www-data 5u IPv4 32069929 0t0 TCP my-server.com :http-alt (LISTEN)
apache2 35066 www-data 3u IPv4 32069925 0t0 TCP localhost:tproxy (LISTEN)
apache2 35066 www-data 4u IPv4 32069927 0t0 TCP my-server.com:8443 (LISTEN)
apache2 35066 www-data 5u IPv4 32069929 0t0 TCP my-server.com :http-alt (LISTEN)
apache2 35066 www-data 263u IPv4 32101269 0t0 TCP my-server.com:8443->my-server.com:59266 (ESTABLISHED)
But I can access the websites with my mobile phone to the front-end. When I try to log into wordpress I get ERR_CONNECTION_REFUSED
Okay… After a login attempt in wordpress with good credentials I get banned by iptables.
iptables -L | grep 46.222.203.xxx
REJECT all – 46.222.203.xxx anywhere reject-with icmp-port-unreachable
But hestia in fail2ban does not show the ban. It is only showing recidive bans.
Okay. Hestia is not showing all bans BUT I could find my own mobile phone IP banned in the list:
sudo zgrep ‘Ban’ /var/log/fail2ban.log |grep 46.222
2021-06-08 11:15:07,105 fail2ban.actions [377]: NOTICE [webexploits-apache] Ban 46.222.203.45
The webexploits-apache rule is triggering when it shouldn’t
@eris Hestia doesn’t list all bans in the panel
eris
June 8, 2021, 11:11am
4
I don’t know probably they are not listed in some configs for Hestia…
So Hestia only lists bans if they meet certain conditions?
I added a new rule in jail.local
fail2ban bans
hestia does only show recidive bans (maybe other but not currently listing) definitely does not list this new rule.
What am I missing? Is it a bug or do I have to declare it.
eris
June 9, 2021, 9:33am
6
I don’t know you have to check it out your self with the source code I might not be surprised if it need to do so…
eris
June 9, 2021, 9:56am
8
We have probably rewrite parts for it anyway for ipv6 support…
falzo
June 10, 2021, 8:26am
9
@jlguerrero did I understand correctly that you added your own rules to fail2ban which also were the ones catching your IP?
I think Hestia only checks it’s (kn)own jails and not custom ones. so it would be kind of obvious that these IPs won’t show up in the panel
probably good if you could confirm and maybe put in a feature request, if you think Hestia should rather try and find all active jails including new/customised.
1 Like
Yes you did. I was being banned by my custom rules.
I didn’t know that. I just supposed that the UI would show me all bans.
There are two ways to go here:
Show me how to make my custom rules known to hestia. Maybe it is very easy.
Modify the UI so that hestia shows all bans since it makes a lot of sense.
I will confirm today or tomorrow.
falzo
June 10, 2021, 3:44pm
11
I have to admit, I never used this nor played with… but, if you check jail.local you can see the custom jails follow a scheme and call a specific hestia action. you can find that action within action.d/hestia.conf and this should be adding the related chains/jails not only to iptables but also to the hestia banlist-conf so that it knows about them and the reporting can get all IPs …
so it should work oob if making use of that scheme and functions.
2 Likes
system
Closed
July 10, 2021, 3:44pm
12
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.