Hi!
Do you have a client who says that they cannot access their sites/server and insists it’s a network issue, but their IP addresses does not seem to be blocked by csf.deny and their sites are not loading in several parts of the world with a site checker like https://www.site24x7.com/check-website-availability.html or others?
Well do I have quite the solution for you!
This morning, we verified an issue regarding a CSF/Spamhaus update in which CSF blocks any IP address that is over 128.0.0.0. This is due to a subnet that does not exist in the official list, 172.103.64.0/1:
https://www.spamhaus.org/drop/drop.lasso
Unfortunately, CSF will round the 172.103.64.0/1 down to 128.0.0.0/1 which will block all IP addresses above that range. To remedy this, after verifying the subnet issue is present, remove the SPAMDROP list file:
rm /var/lib/csf/csf.block.SPAMDROP
And restart CSF
csf -r
Restarting CSF will generate a new (and correct) SPAMDROP list without the wonky subnet.
Now, verify the sites on the server can load now throughout the world without issue:
https://www.site24x7.com/check-website-availability.html
Enjoy!!!
