The other day my other website stopped responding to requests from the web. I kept getting connection refused error messages. I set about trying to figure out what was going on with it.

I started out with a ping
on the address to see if the server was functioning:
PING am401.36bit.com (205.166.94.4) 56(84) bytes of data.
64 bytes from 205.166.94.4 (205.166.94.4): icmp_seq=1 ttl=244 time=52.5 ms
64 bytes from 205.166.94.4 (205.166.94.4): icmp_seq=2 ttl=244 time=52.4 ms
64 bytes from 205.166.94.4 (205.166.94.4): icmp_seq=3 ttl=244 time=52.7 ms
64 bytes from 205.166.94.4 (205.166.94.4): icmp_seq=4 ttl=244 time=52.4 ms
...
--- am401.36bit.com ping statistics ---
19 packets transmitted, 19 received, 0% packet loss, time 18019ms
rtt min/avg/max/mdev = 52.368/52.536/52.721/0.233 ms
The above told me two things: a) The DNS is resolving to the IP address b) the server is up. I ran dig
and double checked the DNS resolving alright and confirming that it’s all functioning alright:
<<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> am401.36bit.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27475
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;am401.36bit.com. IN A
;; ANSWER SECTION:
am401.36bit.com. 43073 IN A 205.166.94.4
;; AUTHORITY SECTION:
36bit.com. 43073 IN NS ns-d.sdf.org.
36bit.com. 43073 IN NS ns-a.sdf.org.
36bit.com. 43073 IN NS ns-c.sdf.org.
36bit.com. 43073 IN NS ns-b.sdf.org.
;; ADDITIONAL SECTION:
ns-d.sdf.org. 84330 IN A 50.78.42.82
ns-a.sdf.org. 84330 IN A 205.166.94.20
ns-c.sdf.org. 84330 IN A 178.63.35.194
ns-b.sdf.org. 84330 IN A 192.67.63.35
That told me that it’s all sorted on that end. Connection refused was another hint that it is likely to be either a firewall issue or the web server not listening on the right port. I ran nmap on the address to see what ports were open/listening:
# Nmap 6.40 scan initiated Fri Sep 6 08:46:52 2019 as: nmap -oN nmap_result.xt am401.36bit.com
Nmap scan report for am401.36bit.com (205.166.94.4)
Host is up (0.053s latency).
Not shown: 986 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
53/tcp open domain
70/tcp open gopher
110/tcp open pop3
111/tcp open rpcbind
113/tcp open ident
143/tcp open imap
443/tcp open https
445/tcp filtered microsoft-ds
993/tcp open imaps
1011/tcp open unknown
10000/tcp filtered snet-sensor-mgmt
Just as I thought, port 80 was missing, which was causing the connection to fail. Since then port 80 has been opened back up and we are back in business with the issue fixed! But this was a good experience to test my theories on what was wrong with the system. I saw no issues on the host and I was able to ssh in to the server itself without problems. Using nmap I was able to confirm my theory on the issue!