can't login in whm/cpanel just only me

conflicker · 05-04-2012, 12:19 AM

Hi everybody I'm having trouble logging in on my server, a VPS server running CentOS 6.. The weird thing is I am the only person that can't login, but when I try different computer with different ip address it is working.

I assume that this is an ip address issue, I'm just wondering where could I see if my ip is block, and how this happening.

Thank you for your help.

jschiwal · 05-04-2012, 12:42 AM

If others can log into the server, perhaps they could read the logs just after you try logging on.

When you say you can't log in, can you reach the server? If your IP is blocked by iptables, your browser should indicate the site is down as your request won't even reach the http service.

If you use nmap, does it say the port is closed or filtered?

conflicker · 05-04-2012, 06:13 AM

Quote:

Originally Posted by jschiwal

If others can log into the server, perhaps they could read the logs just after you try logging on.

When you say you can't log in, can you reach the server? If your IP is blocked by iptables, your browser should indicate the site is down as your request won't even reach the http service.

If you use nmap, does it say the port is closed or filtered?

Quote:

nmap command not found

yes I can reach the server..

sfzombie13 · 05-04-2012, 09:31 AM

nmap isn't a command, it's a program used to find open ports on a network. it is the gui of zenmap, but be careful where you use it, in my it security class, they say that the feds can come knocking on your door if you try to scan the wrong networks and that it can be considered a terrorism tool. not sure where you can download it, it should be easy to find.

cbtshare · 05-04-2012, 02:10 PM

maybe firewall is blocking your access to that port, run iptables -L

conflicker · 05-04-2012, 02:16 PM

Quote:

Originally Posted by cbtshare

maybe firewall is blocking your access to that port, run iptables -L

I ran the command and it gave some results but I don't see any information says that my ip is block to a certain port of the server...

Kustom42 · 05-04-2012, 03:33 PM

Sounds more so like a caching issue. Try using Firefox and hitting the key combination ctrl+shift+p or go to Start Private Browsing under the tools menu. This will load a new Firefox session without using any local cache on your computer. You can also try using a proxy like browserling or megaproxy and attempt access.

Also, nmap IS a command. It is a linux package.

Code:

Name       : nmap
Arch       : x86_64
Epoch      : 2
Version    : 4.11
Release    : 1.1
Size       : 2.3 M
Repo       : installed
Summary    : Network exploration tool and security scanner
URL        : http://www.insecure.org/nmap/
License    : GPL
Description: Nmap is a utility for network exploration or security auditing.  It supports ping scanning (determine which hosts are up), many
           : port scanning techniques (determine what services the hosts are offering), and TCP/IP fingerprinting (remote host operating
           : system identification). Nmap also offers flexible target and port specification, decoy scanning, determination of TCP sequence
           : predictability characteristics, reverse-identd scanning, and more.

In recent years it was ported over to be available in windows as a graphical tool. See http://nmap.org/book/inst-windows.html

---------- Post added 05-04-12 at 01:33 PM ----------

Also, you don't need to use nmap to diagnose this. You can use windows telnet which is much safer and should be used prior to any port-scanning application.

conflicker · 05-07-2012, 12:33 AM

Quote:

Originally Posted by Kustom42

Sounds more so like a caching issue. Try using Firefox and hitting the key combination ctrl+shift+p or go to Start Private Browsing under the tools menu. This will load a new Firefox session without using any local cache on your computer. You can also try using a proxy like browserling or megaproxy and attempt access.

Also, nmap IS a command. It is a linux package.

Code:

Name       : nmap
Arch       : x86_64
Epoch      : 2
Version    : 4.11
Release    : 1.1
Size       : 2.3 M
Repo       : installed
Summary    : Network exploration tool and security scanner
URL        : http://www.insecure.org/nmap/
License    : GPL
Description: Nmap is a utility for network exploration or security auditing.  It supports ping scanning (determine which hosts are up), many
           : port scanning techniques (determine what services the hosts are offering), and TCP/IP fingerprinting (remote host operating
           : system identification). Nmap also offers flexible target and port specification, decoy scanning, determination of TCP sequence
           : predictability characteristics, reverse-identd scanning, and more.

In recent years it was ported over to be available in windows as a graphical tool. See http://nmap.org/book/inst-windows.html

---------- Post added 05-04-12 at 01:33 PM ----------

Also, you don't need to use nmap to diagnose this. You can use windows telnet which is much safer and should be used prior to any port-scanning application.

I already cleared my cache and run ccleaner.. I found out that every computer using the same ISP that I have were also having the same problem of mine.. so I'm wondering if there is a way that my server will block an ISP... any idea?

Kustom42 · 05-07-2012, 10:50 AM

Do an mtr on the server back to your computers external IP. Also do a traceroute from your local pc to the server. See where the disconnect is happening. It may be a routing station that your ISP has contracted out from another vendor that is having the issue. These sort of things happen frequently but are usually resolved before anyone notices. If you can isolate the IP of the switch/routing station you can provide your mtr/traceroute output and possibly a tcpdump/packet capture as well and hope that they can resolve the issue on their end.

Are you able to reach the cpanel login through a proxy site like megaproxy from your computer?

softcorner · 06-02-2013, 02:20 PM

Login to your server from another ip address. You should be able to. If you are then do the following:

1. log into WHM
2. Locate the SECURITY section
3. ENTER the SECURITY CENTER
4. ENTER "cPHulk Brute Force Protection"

You will see your ip address blocked here which probably will be released in 2weeks. Flush out the ip addresses and you should be able to login from that ip again.