Websites timing out - ERR_CONNECTION_TIMED_OUT

In a recently deployed server running Hestia 1.4.2

I get ERR_CONNECTION_TIMED_OUT in Google Chrome / same error in Firefox…

  • Not banned by fail2ban.
  • The problem persists if I disable iptables.
  • nginx -t → ok
  • systemctl status apache2 → ok
  • lsof -i | grep nginx
    nginx 36920 root 161u IPv4 32106659 0t0 TCP my-server.com:http (LISTEN)
    nginx 36920 root 162u IPv4 32106660 0t0 TCP my-server.com:https (LISTEN)
    nginx 36920 root 163u IPv4 32106661 0t0 TCP localhost:8084 (LISTEN)
    nginx 36921 www-data 161u IPv4 32106659 0t0 TCP my-server.com:http (LISTEN)
    nginx 36921 www-data 162u IPv4 32106660 0t0 TCP my-server.com:https (LISTEN)
    nginx 36921 www-data 163u IPv4 32106661 0t0 TCP localhost:8084 (LISTEN)
    nginx 36922 www-data 161u IPv4 32106659 0t0 TCP my-server.com:http (LISTEN)
    nginx 36922 www-data 162u IPv4 32106660 0t0 TCP my-server.com:https (LISTEN)
    nginx 36922 www-data 163u IPv4 32106661 0t0 TCP localhost:8084 (LISTEN)
    nginx 36923 www-data 161u IPv4 32106659 0t0 TCP my-server.com:http (LISTEN)
    nginx 36923 www-data 162u IPv4 32106660 0t0 TCP my-server.com:https (LISTEN)
    nginx 36923 www-data 163u IPv4 32106661 0t0 TCP localhost:8084 (LISTEN)
    nginx 36924 www-data 161u IPv4 32106659 0t0 TCP my-server.com:http (LISTEN)
    nginx 36924 www-data 162u IPv4 32106660 0t0 TCP my-server.com:https (LISTEN)
    nginx 36924 www-data 163u IPv4 32106661 0t0 TCP localhost:8084 (LISTEN)
  • lsof -i | grep apache
    apache2 29952 root 3u IPv4 32069925 0t0 TCP localhost:tproxy (LISTEN)
    apache2 29952 root 4u IPv4 32069927 0t0 TCP my-server.com:8443 (LISTEN)
    apache2 29952 root 5u IPv4 32069929 0t0 TCP my-server.com:http-alt (LISTEN)
    apache2 35050 www-data 3u IPv4 32069925 0t0 TCP localhost:tproxy (LISTEN)
    apache2 35050 www-data 4u IPv4 32069927 0t0 TCP my-server.com:8443 (LISTEN)
    apache2 35050 www-data 5u IPv4 32069929 0t0 TCP my-server.com:http-alt (LISTEN)
    apache2 35065 www-data 3u IPv4 32069925 0t0 TCP localhost:tproxy (LISTEN)
    apache2 35065 www-data 4u IPv4 32069927 0t0 TCP my-server.com:8443 (LISTEN)
    apache2 35065 www-data 5u IPv4 32069929 0t0 TCP my-server.com:http-alt (LISTEN)
    apache2 35066 www-data 3u IPv4 32069925 0t0 TCP localhost:tproxy (LISTEN)
    apache2 35066 www-data 4u IPv4 32069927 0t0 TCP my-server.com:8443 (LISTEN)
    apache2 35066 www-data 5u IPv4 32069929 0t0 TCP my-server.com:http-alt (LISTEN)
    apache2 35066 www-data 263u IPv4 32101269 0t0 TCP my-server.com:8443->my-server.com:59266 (ESTABLISHED)

But I can access the websites with my mobile phone to the front-end. When I try to log into wordpress I get ERR_CONNECTION_REFUSED

Okay… After a login attempt in wordpress with good credentials I get banned by iptables.

iptables -L | grep 46.222.203.xxx
REJECT all – 46.222.203.xxx anywhere reject-with icmp-port-unreachable

But hestia in fail2ban does not show the ban. It is only showing recidive bans.

Okay. Hestia is not showing all bans BUT I could find my own mobile phone IP banned in the list:

sudo zgrep ‘Ban’ /var/log/fail2ban.log |grep 46.222
2021-06-08 11:15:07,105 fail2ban.actions [377]: NOTICE [webexploits-apache] Ban 46.222.203.45

  1. The webexploits-apache rule is triggering when it shouldn’t
  2. @eris Hestia doesn’t list all bans in the panel

I don’t know probably they are not listed in some configs for Hestia…

So Hestia only lists bans if they meet certain conditions?

  • I added a new rule in jail.local
  • fail2ban bans
  • hestia does only show recidive bans (maybe other but not currently listing) definitely does not list this new rule.

What am I missing? Is it a bug or do I have to declare it.

I don’t know you have to check it out your self with the source code I might not be surprised if it need to do so…

Thank you.

We have probably rewrite parts for it anyway for ipv6 support…

@jlguerrero did I understand correctly that you added your own rules to fail2ban which also were the ones catching your IP?

I think Hestia only checks it’s (kn)own jails and not custom ones. so it would be kind of obvious that these IPs won’t show up in the panel :wink:
probably good if you could confirm and maybe put in a feature request, if you think Hestia should rather try and find all active jails including new/customised.

1 Like

Yes you did. I was being banned by my custom rules.

I didn’t know that. I just supposed that the UI would show me all bans.

There are two ways to go here:

  1. Show me how to make my custom rules known to hestia. Maybe it is very easy.
  2. Modify the UI so that hestia shows all bans since it makes a lot of sense.

I will confirm today or tomorrow.

I have to admit, I never used this nor played with… but, if you check jail.local you can see the custom jails follow a scheme and call a specific hestia action. you can find that action within action.d/hestia.conf and this should be adding the related chains/jails not only to iptables but also to the hestia banlist-conf so that it knows about them and the reporting can get all IPs …

so it should work oob if making use of that scheme and functions.

2 Likes