Cannot ftp or fsockopen() from within PHP script anymore...

Posted: Sat Mar 03, 2007 8:52 am

I help out a gamer clan with their website. They are running some Nuke Platinum distro.

They have PHP scripts that ftp gaming logs from their gaming servers (vsp stats) and they also have a Nuke block that opens a socket to retrieve TeamSpeak server status. All of a sudden these stopped working. They asked me to look into it and this is what I see:

I wrote a tiny PHP script that calls fsockopen() on their remote teamspeak server, and it is timing out. This shows up in the error log:

Code:




fsockopen() [<a href='function.fsockopen'>function.fsockopen</a>]: php_network_getaddresses: getaddrinfo failed: Name or service not known in /home/xxx/public_html/socket.php on line 12

And it is the same with their ftp script. I wrote a simple php script that simply calls ftp_connect() on their remote gaming server and it times out. Nothing in the logs for this.

I tried both of these scripts on my own server, and they work fine. I've contacted their host, and I'm currently getting the run around. I found an old backup of theirs, and verified that the php.ini file has not been touched in months. It sounds like a server configuration problem, but I'm not sure. Any thoughts?

Thanks.

Posted: Sat Mar 03, 2007 9:31 am

My mistake, that error log entry happened when I was first writing the test script and had the address wrong. So now we see nothing in the error logs. Both fsockopen() and ftp_connect() just time out.

Posted: Sat Mar 03, 2007 1:45 pm

IP blocked in firewall ?

Posted: Sat Mar 03, 2007 3:27 pm

Yeah, most servers (at least I would hope) have sofware firewalls set up and only certain ports are allowed through by default (very few actually). Now, if you are simply using port 80, then doubtful its a firewall issue (unless as dj has mentioned, somehow the IP has been blocked). However, if that is not the port being used, my hunch is a SW firewall.

Posted: Sat Mar 03, 2007 5:13 pm

They block outgoing connections?

I'm trying to open a socket from their web server to their remote teamspeak server, and likewise open a ftp connection from their web server to their remote gaming server. These remote servers are fine, as I can open the socket from my host and ftp from my PC client. All this was working for months and then suddenly stopped. Confused

Posted: Sat Mar 03, 2007 5:49 pm

Gremmie wrote:

They block outgoing connections?

I'm trying to open a socket from their web server to their remote teamspeak server, and likewise open a ftp connection from their web server to their remote gaming server. These remote servers are fine, as I can open the socket from my host and ftp from my PC client. All this was working for months and then suddenly stopped. Confused

There's a huge difference between my pc and your server.
Please try to study how the internet and firewalls work, then try to ask the question again.

Posted: Sat Mar 03, 2007 6:24 pm

Nice tone. It is not appreciated.

This is what I am asking about: outgoing connections (both ftp_connect() and fsockopen()) from this one particular clan's web servers to 2 completely different remote sites from PHP scripts have suddenly started timing out. Understand?

I didn't understand you guys at first. You are suspecting the remote servers firewalls, right? Maybe, but I have a hard time believing that they have both blocked this clan's web server. They are run by 2 different companies, and are gaming related servers designed to dole out the info I am requesting, and they have allowed this clan's web server access for months and months in the past. But maybe they got put on a black list or something.

Posted: Sat Mar 03, 2007 8:04 pm

We don't care what someone believes nor that it worked in the past. It's what is happening right now:

server which contains the .php script has a firewall setting which blocks to connect to that server
server which contains the .php script has issues with its network and due to that the connection timeout
other server has a firewall setting that blocks the .php script server IP
other server is to slow and needs more then 30 seconds to connect

If you dislike my attitude then you really didn't get it, and my post about "learning stuff" is the truth.
If you don't know about server firewalls you never know if it is blocking the ip's that you try to access or that it is just a network failure. And since a network failure is far much harder to detect then to look into iptables on the server montego and me are fully correct.

Posted: Sat Mar 03, 2007 10:26 pm

Gremmie, the fact that it was working previously and now doesn't just, to me, sounds like things have been locked down somewhere. With all the crap flying around these days, many hosts are just jumping and locking down tightly until someone screems... then, they know what to open back up.

However, yes, it is odd that both of the remote servers would be impacted at the same time, but not completely unlikely, but enough to where I would look at the "source" server first.

Sometimes even firewalls are put in place to stop traffic going out, especially on non-standard type ports. Think about how you might want to stop a mail service from being taken over and used as a spamming source (possibly a bad example), or even to stop a server from being used for other style attacks. If you limit the outgoing connects to just port 80, 21/22, etc., for example, that shuts down many, many potential avenues for a source server being used in exploits. For example, at work, I can only get outside on standard port 80 like ports. I cannot even access my control panel. So, yes, it IS possible.

I am more inclined to think specific ports have been locked down as apposed to some form of IP blacklisting or other IP-specific blocking, but you never know.

You might want to check with the host for the source server and just see what they say. You might also want to check with them on whether they have shutdown ftp_connect() and fsockopen().

Have you tried a trace route from the source server to the destination servers? Unfortunately, I do not know the syntax for linux as I have never had to use it there. You need to figure out 1) is it network related and 2) where is it stopping.

Posted: Sun Mar 04, 2007 12:06 pm

montego, thanks this is exactly the kind of insight I was looking for. The host said they were looking into it but haven't got back to me. They said they had done nothing to disable ftp_connect() or fsockopen(). One of the remote gaming servers got back to me and said they had done nothing on their end. They are not blocking anyone.

Posted: Mon Mar 05, 2007 5:59 am

Gremmie, hope you find it. You might want to check if the source server is using APF. Check for maybe the following:

/etc/apf/conf.apf

This is a software firewall common with linux distributions and can be configured to control both "ingress" and "egress" traffic.

I have just about exhausted my experience here.

Posted: Mon Mar 05, 2007 8:54 am

I heard back from their support, and it was kind of clueless unfortunately. They tried to telnet to the sites the scripts were trying to ftp and open a socket too. That didn't work, so they came back with "maybe those remote sites are down". Smack

I did clue them in on the firewall thing. The scripts are trying to ftp to an unusual port. And same with the socket call. Maybe they suddenly decided to block non-standard ports.

I will look into/ask them about APF too. Thanks.