FutureQuest, Inc. FutureQuest, Inc. FutureQuest, Inc.
Cannot access services for my account
Posted on 07 August 2005 04:39 PM
Question:

I suspect that I did something wrong. When trying to access my account, I receive a "Connection refused" message. I am unable to connect to my account via SSH secure shell and unable to see my pages in web browsers or access my e-mail (although I can access my email using QuestMail).

Answer:

FutureQuest has a tool in place to help combat SSH brute force login attempts. SSH Guardian is an automated process that tracks invalid login attempts by IP address.

If SSH Guardian sees a number of failed attempts from your IP address, either using an invalid username or a valid username but incorrect password, it will invoke a firewall block against the source IP address. Depending on the nature of the offense, various ports may be blocked. For example, trying to log in as 'root' will result in an instant block affecting all services for the source IP. However, non-root access attempts will only result in SSH port blocking, leaving other major services such as web, email, and FTP available for the offending IP.

Important: The block is restricted to the offending source IP address only -- not the destination. In other words, others will still be able to view your site and access services normally.

You can find more information on SSH Guardian at the link below:
http://www.FutureQuest.net/forums/showthread.php?postid=132407#post132407

To avoid being blocked by SSH Guardian, make sure that all shell logins are done with the correct username/password and cASe. Any scripts that you are running for shell logins on your account will also need to be configured properly to use the correct credentials.

In an effort to help prevent erroneous logins that may result in IP blocking, we do recommended using Key Authentication:
Key Authentication with PuTTY

Automated aging of IP blocks is under consideration for future implementation.

In the interim, if you suspect that your IP has been blocked, send an email to Service@FutureQuest.net or submit a ticket directly to us via the Service Desk, specifying the IP address you're trying to connect from and request that it be checked to see if it is indeed blocked.

You can determine your connecting IP by visiting:
http://www.FutureQuest.net/Support/whatismyip.php
or here:
http://whatismyip.com

Note: If you find yourself blocked and you do not remember attempting shell logins, it is possible your local machine has been compromised and we would suggest scanning it for malware.