This article presents the reasons why products may be blocked and provides a guide on how to proceed in these situations.
Introduction
There are some situations in which we are forced to lock a product. Often this will be a single IP, but it can also apply to multiple IPs or even entire servers or storage boxes. If we lock a product, we always send an email explaining the situation.
If you didn’t receive an email or if you are unsure if we have really locked a product, please send us a support request via the client’s area. Alternatively, you can run a traceroute to your server. In Windows, you can start a traceroute by running tracert.exe
. In Linux, the correct command is traceroute
.
Reasons we lock products
The most common reasons for locking a product are:
- Non-payment
- Abuse
- Hosting phishing/malware/copyright infringing material, etc.
- Sending spam
- Network
- Attacks from your server
- Network scans from your server
- Incorrect network configuration
We lock servers for multiple reasons, including protecting our infrastructure, as a precautionary measure to prevent any possible further abuse, and to protect the server owner.
Network log files
For most network issues, to help you analyze the problem, we include a log file with as much information as we have in the email we send you. Important note: We don’t have additional information or log files. We don’t have software access to your server, so we cannot see what exactly is going on. Please check your own internal server logs and analyze the issue yourself.
Information on port-/netscans
###################################################################
# Netscan detected from host 10.0.0.1 #
###################################################################
time src_ip dest_ip:dest_port
-------------------------------------------------------------------
Thu Nov 13 18:14:27 2021: 10.0.0.1 => 10.0.0.2: 22
Thu Nov 13 18:14:27 2021: 10.0.0.1 => 10.0.0.3: 22
Thu Nov 13 18:14:27 2021: 10.0.0.1 => 10.0.0.4: 22
Thu Nov 13 18:14:27 2021: 10.0.0.1 => 10.0.0.5: 22
.....
This log shows the exact time and the source IP, as well as the destination IP and port.
Summary on exceeded packet limits
Direction OUT
Internal 198.51.100.1
Threshold Packets 100,000 packets/s
Sum 40,674,000 packets/300s (135,580 packets/s), 40,673 flows/300s (135 flows/s), 5.909 GByte/300s (161 MBit/s)
External 10.0.0.6, 40,668,000 packets/300s (135,560 packets/s), 40,667 flows/300s (135 flows/s), 5.909 GByte/300s (161 MBit/s)
External 10.0.0.7, 5,000 packets/300s (16 packets/s), 5 flows/300s (0 flows/s), 0.000 GByte/300s (0 MBit/s)
External 10.0.0.8, 1,000 packets/300s (3 packets/s), 1 flows/300s (0 flows/s), 0.000 GByte/300s (0 MBit/s)
This log does not list each connection separately; instead it displays a summary of the traffic per destination IP. It shows the packet rates, the flow rate, and the total connection speed.
Detailed traffic dump
21:44:53.145756 IP 10.0.0.1.55008 > 10.0.0.2.29615: UDP, length 9216
21:44:53.145883 IP 10.0.0.1.55030 > 10.0.0.2.45527: UDP, length 9216
21:44:53.146007 IP 10.0.0.1.55046 > 10.0.0.2.1826: UDP, length 9216
21:44:53.146126 IP 10.0.0.1.55064 > 10.0.0.2.34940: UDP, length 9216
21:44:53.146249 IP 10.0.0.1.55080 > 10.0.0.2.20559: UDP, length 9216
21:44:53.146371 IP 10.0.0.1.55093 > 10.0.0.2.31488: UDP, length 9216
21:44:53.146493 IP 10.0.0.1.55112 > 10.0.0.2.56406: UDP, length 9216
21:44:53.146616 IP 10.0.0.1.55132 > 10.0.0.2.43714: UDP, length 9216
21:44:53.146741 IP 10.0.0.1.55147 > 10.0.0.2.64613: UDP, length 9216
In this case, a detailed traffic dump is created which contains all (incoming and outgoing) connections. This shows the following information: destination IP, destination port, and the size and type of packets. Since every packet is displayed, only a small part of the traffic is recorded due to the large amount of data.
Server access
To help you resolve the issue, we offer an IP whitelist feature. You need to enter your public home/office IP address, and you will be able to temporarily access the server from this single connection. You can do this in the client’s area by going to Servers
and then clicking on Server locking
. There, you can enter your public IP, which is directly displayed there, so you can just copy-paste it. Important note: This feature is not always available; it depends on the cause for the server lock.
If you have difficulty with the above, please send us a ticket with information about your server problem and write the IP address you want to whitelist to connect the server and solve the issue. If you want to order a KVM Console, please open a support request for the correct server.
Unlocking your product
We can only unlock the product(s) after you completely fix the issue(s).
Once you have done so, please send us an unlock request via support ticket.
Please do not send us multiple unlock requests for the same issue. We will process your request as soon as we can.