Opened 2 months ago

Last modified 7 weeks ago

#14374 assigned Bug/Something is broken

GTranslate

Reported by: https://id.mayfirst.org/dswanson Owned by: https://id.mayfirst.org/jaimev
Priority: Urgent Component: Tech
Keywords: fail2ban Cc: https://id.mayfirst.org/jamie
Sensitive: no

Description

We're trying to use GTranslate to create translated pages of worldbeyondwar.org in numerous languages, such as worldbeyondwar.org/it for italian. Something is getting blocked. Can you please whitelist these? 51.255.65.216 176.31.236.33 5.135.107.105 51.255.131.149 151.80.20.193

Change History (16)

comment:1 Changed 2 months ago by https://id.mayfirst.org/dswanson

What GTranslate says:

Hi,

I have checked from our server and noticed that you are blocking our server IP address 151.80.20.193 . Here is the log. Please contact your hosting provider and ask to unblock our servers

Total time: 0.263s Connect time: 0s

  • Trying 209.51.172.5...
  • TCP_NODELAY set
  • connect to 209.51.172.5 port 443 failed: Connection refused
  • Failed to connect to worldbeyondwar.org port 443: Connection refused
  • Closing connection 0

Here is the list of our proxy IPs:

51.255.65.216 176.31.236.33 5.135.107.105 51.255.131.149 151.80.20.193

176.31.236.33 IP address is also blocked

  • Trying 151.80.20.193...
  • TCP_NODELAY set
  • connect to 151.80.20.193 port 443 failed: Connection timed out
  • Failed to connect to ani.tdn.gtranslate.net port 443: Connection timed out
  • Closing connection 0
  • Trying 176.31.236.33...
  • TCP_NODELAY set
  • connect to 176.31.236.33 port 443 failed: Connection timed out
  • Failed to connect to van.tdn.gtranslate.net port 443: Connection timed out
  • Closing connection 0

-- Yana Yana from GTranslate

comment:2 Changed 2 months ago by https://id.mayfirst.org/dswanson

  • Priority changed from Medium to Urgent

comment:3 Changed 2 months ago by https://id.mayfirst.org/dswanson

I've made this urgent in hopes of hearing a response. We got a 15-day-free-trial but it's half over and we haven't been able to try the thing yet. Thanks for any help.

comment:4 Changed 2 months ago by https://id.mayfirst.org/jaimev

  • Cc https://id.mayfirst.org/jamie added
  • Keywords fail2ban added
  • Owner set to https://id.mayfirst.org/jaimev
  • Status changed from new to assigned

Sorry for the delay. I think we only need to whitelist these ip's to the fail2ban configuration on menchu. I've done this manually for now but my changes could get overwritten on the next puppet update. Let's see what happens.

Note for jamie: We don't currently have an easy way to add a local list of exceptions. Maybe we can modify mf-fail2ban-copy-ignore-list to include a list of ips from another locally defined file that is in a standard place for all servers and aggregate them to the end of webignoreips variable? That way we can define exceptions locally without messing with the jail configurations.

comment:5 Changed 2 months ago by https://id.mayfirst.org/dswanson

Thanks Still not working Anything else you can try?

comment:6 Changed 2 months ago by https://id.mayfirst.org/jaimev

Can you try again now?

comment:7 Changed 2 months ago by https://id.mayfirst.org/dswanson

Not working. You can try. Just go to https://worldbeyondwar.org/ scroll down a bit on the right side, pick a language.

comment:8 Changed 2 months ago by https://id.mayfirst.org/jaimev

  • Resolution set to fixed
  • Status changed from assigned to feedback

It should be working now. It looks like I had to unban on more of those ip's from the recidive jail.

Last edited 2 months ago by https://id.mayfirst.org/jaimev (previous) (diff)

comment:9 Changed 2 months ago by https://id.mayfirst.org/dswanson

  • Resolution fixed deleted
  • Status changed from feedback to assigned

thanks

comment:10 Changed 2 months ago by https://id.mayfirst.org/jamie

Thanks Jaime. For the record, I think it's ok to add these to the permanent, network-wide list of IPs to ban. Als, this will get overwritten every day until we add it on jojobe.

comment:11 Changed 7 weeks ago by https://id.mayfirst.org/dswanson

Apparently the solution didn't work and we still need a permanent solution to whitelist these 51.77.27.81 151.80.20.193 176.31.236.33 5.135.107.105 51.255.131.149 51.255.65.216

-- Specifically, they noted that 176.31.236.33 was being blocked. The temporary workaround they suggested was for us to delete that IP from the plugin config file… which is what we did. That’s not an ideal fix, because if we update the plugin the problem will return (unless we remember to again fix it).

comment:12 Changed 7 weeks ago by https://id.mayfirst.org/jamie

That solution was only going to work for one day (for testing). Our list of clear listed IP addresses is updated every day so it gets overwritten.

I just enabled a setting so that we can now keep a list of clear listed IPs on a host by host basis and have added all of these IPs to that list. Now it should be preserved moving forward.

If you have any additional IPs you want added, just list them here. The ones you already identified are in the clear list now.

For sysadmin reference....For any server that needs to keep a local set of IPs, just create a file called /etc/fail2ban/jail.d/01-$(hostname).conf with:

customignoreip = 1.2.3.4 2.3.4.5

comment:13 Changed 7 weeks ago by https://id.mayfirst.org/jaimev

oops looks like we were workingon this at the smae time. I just edited the build-ignoreip-helper file on jojobe. what now?

comment:14 Changed 7 weeks ago by https://id.mayfirst.org/jaimev

I'll undo my changes on jojobe and add the suggested files to menchu.

comment:15 Changed 7 weeks ago by https://id.mayfirst.org/dswanson

Still not working.

comment:16 Changed 7 weeks ago by https://id.mayfirst.org/jamie

It appears those IPs are being caught in the web scan rule as well as the web loose rule. Now they are white listed in both.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.