The server appears to be unavailable over the network when the imunify360 service starts. At the same time, direct access to the server (via IPMI or VNC) works properly.
The cause of the problem may be blacklisting the IP address of an important part of the infrastructure in which the server is running. For example, blacklisting the IP address of a gateway.
It can be checked with the following request to the Imunify360 database, even if the imunify360 service is stopped (replace 192.168.24 with the required range):
# sqlite3 /var/imunify360/imunify360.db 'select * from iplist' | grep "192.168.24"
The result of this can be the following:
192.168.24.1|BLACK|1670459996||1669595997||Blacklisted for 10 days after 101 captcha requests||0|0||0|3232241665|4294967295|4|
And this will mean that the IP address is added to the blacklist. In this case, it is necessary to:
- Remove the IP address from the blacklist. Temporarily add it to the white list so that it will not be blocked again.
- Make sure that the server detects the attacker's IP correctly. Check the ModSecurity log on the server and the Incidents tab in Imunify360 UI itself.
Please sign in to leave a comment.