OK, here's the problem:
All of a sudden yesterday around 5pm EST outgoing SSL (443) port got blocked on one of my servers. I am NOT running any firewall software on that server. I even rebooted that server. Twice. Incoming SSL works fine. Outgoing SSL ports are fine on my other servers on the **same** subnet. However, this particular outgoing port on this particular server is now blocked.
Has anyone experienced anything like this?
What would the reason be for RS to block it?
Is there anything I can do except wait for RS to get to my ticket?
Thanks!
Full Version: Outgoing SSL port blocked!?
I received the same error... however... I was also rooted.
It's not on a server w/ rackshack, but I received the SuckIT LKM... went to install an SSL cert for a user, apache wouldn't restart, said port 443 was blocked, so I changed it to port 444... then port 80 was blocked. Freaked out, decided to restart, forgot that I hadn't removed the remnants of an old kernel that got compiled incorrectly, and am now waiting for support to signon to AIM.
Regards,
Matt
It's not on a server w/ rackshack, but I received the SuckIT LKM... went to install an SSL cert for a user, apache wouldn't restart, said port 443 was blocked, so I changed it to port 444... then port 80 was blocked. Freaked out, decided to restart, forgot that I hadn't removed the remnants of an old kernel that got compiled incorrectly, and am now waiting for support to signon to AIM.
Regards,
Matt
lonesail -
It is highly unlikely that we are blocking anything to or from your server. If you wish, provide your RS# and/or server IP and I will take a look.
Sincerely,
Randy Williams, CTO
It is highly unlikely that we are blocking anything to or from your server. If you wish, provide your RS# and/or server IP and I will take a look.
Sincerely,
Randy Williams, CTO
I don't want to post RS number on public board, but I'm guessing you can derive it from server IP? If so, please check my comments in the open ticket.
Server IP: 64.246.42.60
Thank you
Server IP: 64.246.42.60
Thank you
lonesail -
Nothing is blocked to or from that server.
Sincerely,
Randy Williams, CTO
Nothing is blocked to or from that server.
Sincerely,
Randy Williams, CTO
thanks, but... well... the fact remains. Outbound port 443 is blocked.
damn, looks like my ifconfig file got chrooted. And it won't allow me to replace it with a good one. Can someone in RS do this for me please?
Thanks!
Thanks!
lonesail -
If outbound TCP 443 is blocked, Rackshack is not blocking it.
Here is another server on that subnet:
79 2003-04-12 15:42:49.8628 64.246.42.xx -> 203.194.146.xx TCP 42064 > 443 [SYN] Seq=1309626339 Ack=0 Win=5840 Len=0
80 2003-04-12 15:42:50.1022 203.194.146.xx -> 64.246.42.xx TCP 443 > 42064 [SYN, ACK] Seq=3571149724 Ack=1309626340 Win=5792 Len=0
81 2003-04-12 15:42:50.1023 64.246.42.xx -> 203.194.146.xx TCP 42064 > 443 [ACK] Seq=1309626340 Ack=3571149725 Win=5840 Len=0
82 2003-04-12 15:42:50.1040 64.246.42.xx -> 203.194.146.xx SSLv2 Client Hello
I realize that does not prove YOUR server is not blocked, but believe me, WE are not blocking anything. I could not find any 443 activity from your server when I checked (although I saw plenty to it...)
Check your PM - I'll make a suggestion shortly...
Sincerely,
Randy Williams, CTO
If outbound TCP 443 is blocked, Rackshack is not blocking it.
Here is another server on that subnet:
79 2003-04-12 15:42:49.8628 64.246.42.xx -> 203.194.146.xx TCP 42064 > 443 [SYN] Seq=1309626339 Ack=0 Win=5840 Len=0
80 2003-04-12 15:42:50.1022 203.194.146.xx -> 64.246.42.xx TCP 443 > 42064 [SYN, ACK] Seq=3571149724 Ack=1309626340 Win=5792 Len=0
81 2003-04-12 15:42:50.1023 64.246.42.xx -> 203.194.146.xx TCP 42064 > 443 [ACK] Seq=1309626340 Ack=3571149725 Win=5840 Len=0
82 2003-04-12 15:42:50.1040 64.246.42.xx -> 203.194.146.xx SSLv2 Client Hello
I realize that does not prove YOUR server is not blocked, but believe me, WE are not blocking anything. I could not find any 443 activity from your server when I checked (although I saw plenty to it...)
Check your PM - I'll make a suggestion shortly...
Sincerely,
Randy Williams, CTO
Sounds like your box has been rooted.
I would strongly suggest that you get your server restored to get a clean start without the chance of a missed residual back door put in by a hacker . And this time put up a firewall immediately after the restore or it will happen again.
The How-To forum here has some excellent step by step threads on securing a server after you get it. Putting up a firewall is top priority. A server on the web without a firewall is a sitting duck.
Also, posting your IP in a message that has already stated that you don't have a firewall is far more dangerous than posting your RS Id number.
I would strongly suggest that you get your server restored to get a clean start without the chance of a missed residual back door put in by a hacker . And this time put up a firewall immediately after the restore or it will happen again.
The How-To forum here has some excellent step by step threads on securing a server after you get it. Putting up a firewall is top priority. A server on the web without a firewall is a sitting duck.
Also, posting your IP in a message that has already stated that you don't have a firewall is far more dangerous than posting your RS Id number.
QUOTE
Originally posted by GraphicsGuy
Also, posting your IP in a message that has already stated that you don't have a firewall is far more dangerous than posting your RS Id number.
Also, posting your IP in a message that has already stated that you don't have a firewall is far more dangerous than posting your RS Id number.
I have firewall. It's disabled for troubleshooting purposes.
But thanks, I see that it was hacked.
QUOTE
I have firewall.
Sorry, I misunderstood.
There just seems to be a increasing number of people getting servers that don't secure them until its too late.:eek:
When I saw:
QUOTE
I am NOT running any firewall software on that server.
I mistook you for one of them.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.