The other day my other website stopped responding to requests from the web. I kept getting connection refused error messages. I set about trying to figure out what was going on with it.
I started out with a
ping on the address to see if the server was functioning:
PING am401.36bit.com (188.8.131.52) 56(84) bytes of data. 64 bytes from 184.108.40.206 (220.127.116.11): icmp_seq=1 ttl=244 time=52.5 ms 64 bytes from 18.104.22.168 (22.214.171.124): icmp_seq=2 ttl=244 time=52.4 ms 64 bytes from 126.96.36.199 (188.8.131.52): icmp_seq=3 ttl=244 time=52.7 ms 64 bytes from 184.108.40.206 (220.127.116.11): icmp_seq=4 ttl=244 time=52.4 ms ... --- am401.36bit.com ping statistics --- 19 packets transmitted, 19 received, 0% packet loss, time 18019ms rtt min/avg/max/mdev = 52.368/52.536/52.721/0.233 ms
The above told me two things: a) The DNS is resolving to the IP address b) the server is up. I ran
dig and double checked the DNS resolving alright and confirming that it’s all functioning alright:
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> am401.36bit.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27475 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;am401.36bit.com. IN A ;; ANSWER SECTION: am401.36bit.com. 43073 IN A 18.104.22.168 ;; AUTHORITY SECTION: 36bit.com. 43073 IN NS ns-d.sdf.org. 36bit.com. 43073 IN NS ns-a.sdf.org. 36bit.com. 43073 IN NS ns-c.sdf.org. 36bit.com. 43073 IN NS ns-b.sdf.org. ;; ADDITIONAL SECTION: ns-d.sdf.org. 84330 IN A 22.214.171.124 ns-a.sdf.org. 84330 IN A 126.96.36.199 ns-c.sdf.org. 84330 IN A 188.8.131.52 ns-b.sdf.org. 84330 IN A 184.108.40.206
That told me that it's all sorted on that end. Connection refused was another hint that it is likely to be either a firewall issue or the web server not listening on the right port. I ran nmap on the address to see what ports were open/listening:
# Nmap 6.40 scan initiated Fri Sep 6 08:46:52 2019 as: nmap -oN nmap_result.xt am401.36bit.com Nmap scan report for am401.36bit.com (220.127.116.11) Host is up (0.053s latency). Not shown: 986 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 53/tcp open domain 70/tcp open gopher 110/tcp open pop3 111/tcp open rpcbind 113/tcp open ident 143/tcp open imap 443/tcp open https 445/tcp filtered microsoft-ds 993/tcp open imaps 1011/tcp open unknown 10000/tcp filtered snet-sensor-mgmt
Just as I thought, port 80 was missing, which was causing the connection to fail. Since then port 80 has been opened back up and we are back in business with the issue fixed! But this was a good experience to test my theories on what was wrong with the system. I saw no issues on the host and I was able to ssh in to the server itself without problems. Using nmap I was able to confirm my theory on the issue!