Guidelines for locked servers

Last modified: Friday December 1st, 2023

This article presents the reasons why products may be blocked and provides a guide on how to proceed in these situations.

Introduction

There are some situations in which we are forced to lock a product. Often this will be a single IP, but it can also apply to multiple IPs or even entire servers or storage boxes. If we lock a product, we always send an email explaining the situation.

If you didn’t receive an email or if you are unsure if we have really locked a product, please send us a support request via the client’s area. Alternatively, you can run a traceroute to your server. In Windows, you can start a traceroute by running tracert.exe. In Linux, the correct command is traceroute.

Reasons we lock products

The most common reasons for locking a product are:

  • Non-payment
  • Abuse
  • Hosting phishing/malware/copyright infringing material, etc.
  • Sending spam
  • Network
  • Attacks from your server
  • Network scans from your server
  • Incorrect network configuration

We lock servers for multiple reasons, including protecting our infrastructure, as a precautionary measure to prevent any possible further abuse, and to protect the server owner.

Network log files

For most network issues, to help you analyze the problem, we include a log file with as much information as we have in the email we send you. Important note: We don’t have additional information or log files. We don’t have software access to your server, so we cannot see what exactly is going on. Please check your own internal server logs and analyze the issue yourself.

Information on port-/netscans

###################################################################
#          Netscan detected from host   10.0.0.1                  #
###################################################################

time                        src_ip		  dest_ip:dest_port
-------------------------------------------------------------------
Thu Nov 13 18:14:27 2021:      10.0.0.1 =>           10.0.0.2:   22
Thu Nov 13 18:14:27 2021:      10.0.0.1 =>           10.0.0.3:   22
Thu Nov 13 18:14:27 2021:      10.0.0.1 =>           10.0.0.4:   22
Thu Nov 13 18:14:27 2021:      10.0.0.1 =>           10.0.0.5:   22
.....

This log shows the exact time and the source IP, as well as the destination IP and port.

Summary on exceeded packet limits

Direction OUT
Internal 198.51.100.1
Threshold Packets 100,000 packets/s
Sum                40,674,000 packets/300s (135,580 packets/s), 40,673 flows/300s (135 flows/s), 5.909 GByte/300s (161 MBit/s)
External 10.0.0.6, 40,668,000 packets/300s (135,560 packets/s), 40,667 flows/300s (135 flows/s), 5.909 GByte/300s (161 MBit/s)
External 10.0.0.7,      5,000 packets/300s (16 packets/s),           5 flows/300s (0 flows/s),   0.000 GByte/300s (0 MBit/s)
External 10.0.0.8,      1,000 packets/300s (3 packets/s),            1 flows/300s (0 flows/s),   0.000 GByte/300s (0 MBit/s)

This log does not list each connection separately; instead it displays a summary of the traffic per destination IP. It shows the packet rates, the flow rate, and the total connection speed.

Detailed traffic dump

21:44:53.145756 IP 10.0.0.1.55008 > 10.0.0.2.29615: UDP, length 9216
21:44:53.145883 IP 10.0.0.1.55030 > 10.0.0.2.45527: UDP, length 9216
21:44:53.146007 IP 10.0.0.1.55046 > 10.0.0.2.1826:  UDP, length 9216
21:44:53.146126 IP 10.0.0.1.55064 > 10.0.0.2.34940: UDP, length 9216
21:44:53.146249 IP 10.0.0.1.55080 > 10.0.0.2.20559: UDP, length 9216
21:44:53.146371 IP 10.0.0.1.55093 > 10.0.0.2.31488: UDP, length 9216
21:44:53.146493 IP 10.0.0.1.55112 > 10.0.0.2.56406: UDP, length 9216
21:44:53.146616 IP 10.0.0.1.55132 > 10.0.0.2.43714: UDP, length 9216
21:44:53.146741 IP 10.0.0.1.55147 > 10.0.0.2.64613: UDP, length 9216

In this case, a detailed traffic dump is created which contains all (incoming and outgoing) connections. This shows the following information: destination IP, destination port, and the size and type of packets. Since every packet is displayed, only a small part of the traffic is recorded due to the large amount of data.

Server access

To help you resolve the issue, we offer an IP whitelist feature. You need to enter your public home/office IP address, and you will be able to temporarily access the server from this single connection. You can do this in the client’s area by going to Servers and then clicking on Server locking. There, you can enter your public IP, which is directly displayed there, so you can just copy-paste it. Important note: This feature is not always available; it depends on the cause for the server lock.

If you have difficulty with the above, please send us a ticket with information about your server problem and write the IP address you want to whitelist to connect the server and solve the issue.  If you want to order a KVM Console, please open a support request for the correct server.

Unlocking your product

We can only unlock the product(s) after you completely fix the issue(s).

Once you have done so, please send us an unlock request via support ticket.

Please do not send us multiple unlock requests for the same issue. We will process your request as soon as we can.

Was this article helpful?
Views: 86

10 Years Beehosting!
Celebrate with 70% OFF + FREE Site Transfer.

Beehosting.pro website uses cookies

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Menu