KeyHelp firewall / AJAX issue after hostname change (Ubuntu 22.04, Contabo VPS)

[cskamper]

KeyHelp firewall / AJAX issue after hostname change (Ubuntu 22.04, Contabo VPS)

Hello everyone,

I am experiencing a serious and reproducible issue with KeyHelp installed on my own Contabo VPS, and I would appreciate any guidance.

Environment

• OS: Ubuntu 22.04 (64-bit)
• KeyHelp: 25.3 (Build 3569)
• Kernel: 5.15.0-164-generic
• Web server: Apache 2.4.52
• DNS: BIND 9.18.39
• PHP: 8.1.2
• Database: MariaDB 10.6.22
• FTP: ProFTPD 1.3.7c
• MTA: Postfix 3.6.4
• MDA: Dovecot 2.3.16
• Amavis: 2.12.2
• SpamAssassin: 3.4.6
• ClamAV: 1.4.3
• phpMyAdmin: 5.2.3
• Roundcube: 1.6.11
• OpenSSL: 3.0.2
• Redis: 6.0.16

Background

The VPS originally had the default Contabo hostname, for example:

Code: Select all

vxxxxxxx.contaboserver.net

Later, I changed the system hostname to my own domain:

Code: Select all

panel.domain.tld

• The domain was added in Cloudflare
• Cloudflare is used as authoritative DNS
• An A record pointed to the server IP
• Everything worked correctly at that time

After some time, I decided to revert the hostname back to:

Code: Select all

vxxxxxxx.contaboserver.net

After reverting:

• I executed all recommended actions via KeyHelp Toolbox
• The panel starts and is accessible
• Login works

Problem description (critical)

The issue is not limited to simply enabling or disabling the firewall.

1. Adding firewall rules (KeyHelp Firewall)

Every time I add any firewall rule in the KeyHelp firewall, for example:

• opening 8080/TCP
• opening 1234/TCP
• or any other custom TCP port

the following happens immediately:

• the KeyHelp panel shows a persistent AJAX error
• the panel becomes partially unusable
• in many cases, the server itself becomes unstable (Apache / services issues)

This state:

• does not resolve by itself
• does not disappear after removing the rule
• does not disappear after restarting services

The only working recovery is:

• a full server reboot
• or stopping the VPS in the Contabo panel and starting it again

2. Disabling the firewall

If I disable the firewall completely:

• Apache stops working
• the KeyHelp panel breaks
• the server becomes unusable

In this case, the only recovery is restoring a VPS snapshot.

Additional notes

The exact same KeyHelp version and stack works perfectly on a fresh installation:

• on another Linux machine
• with no hostname changes

This suggests that something might have become inconsistent after:

• hostname changes
• firewall rule regeneration
• internal KeyHelp configuration or cache

Questions / assumptions

Could KeyHelp be caching or persisting:

• old hostname references
• firewall state
• internal API endpoints used by AJAX?

Is it possible that firewall rule application breaks internal communication
between KeyHelp services (AJAX / backend)?

Are there known cases where:

• adding firewall rules triggers AJAX errors
• disabling the firewall causes Apache or panel failure?

I would prefer to avoid reinstalling the entire VPS from scratch, as this is a production environment.

Any hints on where to look, what logs to check, or how to safely reset firewall or hostname state inside KeyHelp would be greatly appreciated.

Thank you in advance.

[Tobi]

First of all and in fact the most important thing:
Nobody can help help you as long as you don‘t tell your full hostname.

Second, you use cloudflare. Maybe the issiue is located there?
Third, you changed the hostname… How did you do that?
Fourth, please provide the full error message.

[cskamper]

Hello Tobi,

thank you for the reply. Below are the clarifications you asked for.

1) Full hostname
The current and only system hostname in use is:

Code: Select all

vmi2967565.contaboserver.net

2) Cloudflare usage
Cloudflare is used only for domains hosted on the server (websites managed by KeyHelp).

Important:

• The hostname vmi2967565.contaboserver.net is NOT on Cloudflare
• It resolves directly via Contabo DNS
• No proxy, no WAF, no caching is involved for the KeyHelp panel hostname

So Cloudflare is not in the request path for the KeyHelp panel at all.

3) Hostname change – how it was done
The hostname change was performed directly via the KeyHelp panel:

• KeyHelp → Settings → Configuration → Hostname
• KeyHelp automatically regenerated the required Let’s Encrypt certificates
• No manual certificate handling was done

After reverting the hostname back to vmi2967565.contaboserver.net,
all KeyHelp Toolbox actions were executed as recommended.

4) Error message / AJAX issue
There is no detailed error message available.

What actually happens:

• The AJAX error appears ONLY when adding a firewall rule in KeyHelp
• It happens during the internal check where KeyHelp verifies that the panel access was not blocked
• At that moment the panel throws a generic AJAX error

System logs (Apache, systemd, etc.) are clean and show no obvious errors.

Additional critical behaviour:

• Disabling the firewall completely causes the KeyHelp panel to stop working
• Apache and other services become unreachable
• The server state breaks until a full reboot or VPS power-cycle

So:

• Adding firewall rules → AJAX error
• Disabling firewall → panel and server become unusable

This behaviour is fully reproducible.

If you can point me to:

• specific KeyHelp backend logs
• firewall scripts
• or a known procedure to fully reset firewall/hostname state

I will provide whatever output is needed.

[24unix]

At that moment the panel throws a generic AJAX error

What "generic" error?

Is there anything in the browser console? (Inspect Element or F12)

[cskamper]

Good question – I checked this now more carefully.

I wanted to capture the exact AJAX error from the browser console (F12),
but while doing so I noticed something important:

After disabling Kaspersky Internet Security on my local machine,
the AJAX error no longer occurs.

It seems that Kaspersky was blocking this JavaScript file:

Code: Select all

https://vmi2967565.contaboserver.net/theme/bulma/assets/js/main.js

This file is loaded normally once Kaspersky is disabled,
and after that:

• adding firewall rules works
• no AJAX error appears
• the panel behaves normally

So at the moment it looks like this was a client-side issue
caused by Kaspersky blocking or interfering with KeyHelp JavaScript / AJAX requests.

I will continue testing, but for now the issue disappears
as soon as Kaspersky is disabled or excluded.

Thanks for pointing me to the browser console – that led me to this finding.

[cskamper]

Final update – root cause found after 12h .

I restored a snapshot and repeated all tests.
After disabling Kaspersky Premium on my local machine,
everything works correctly.

With Kaspersky disabled:

• firewall can be enabled and disabled
• firewall rules can be added
• no AJAX errors appear

The issue was caused by Kaspersky Premium with active protection enabled,
which was blocking or interfering with KeyHelp JavaScript / AJAX requests
(mainly /theme/bulma/assets/js/main.js).

This was a client-side issue.
The server, KeyHelp and firewall configuration are working correctly.

Thank you for your help and for pointing me to the browser console –
that led directly to the solution.

[24unix]

Nice that it works now.

From my past time, where I also was responsible for some 1000s Windows installations:

If you're sane, you don't need more than Defender. Spend the money (and the CPU cycles) on something that makes you happy, but stay away from SnakeOil.

[Tobi]

The best option you have is to uninstall Kaspersky.

https://www.bsi.bund.de/DE/Themen/Unter ... _node.html

[cskamper]

Just to properly close the loop.

After deeper inspection, the root cause was confirmed:
a client-side JavaScript resource was blocked by endpoint security, which resulted in AJAX failures in the KeyHelp panel.

This is not a Kaspersky-specific issue.
Any endpoint security solution performing aggressive web filtering, heuristic JavaScript inspection, or behavioural script blocking could realistically cause the same behaviour with an AJAX-heavy admin interface.

It’s also worth noting that this occurred on macOS, not Windows.
The protection in question was running purely on my local MacBook, while the server itself remained completely unaffected.

Once the affected script was excluded, everything worked as expected.

Important clarification for future readers:

this was not a server-side issue,

not a KeyHelp firewall bug,

and not related to VPS configuration.

The server environment itself (Ubuntu 22.04 + KeyHelp) runs clean and unaffected.

As for the broader “just uninstall it” advice - I’ve been a Kaspersky customer since 2007, and according to independent lab tests in 2025, its detection and anti-phishing performance remains among the top-tier solutions. From a technical standpoint, this was a false positive / over-protective web shield scenario, not “snake oil”.

And on a lighter note:
If someone at GRU genuinely has the time and interest to analyse my Tesco receipts, I can only wish them patience and a very strong coffee.

Lesson learned:
when working with modern admin panels, endpoint security exclusions matter, regardless of vendor or operating system.

Thanks - issue fully understood and resolved.

[24unix]

It’s also worth noting that this occurred on macOS, not Windows.

Your believe in Snake Oil is strong.

I assumed you were using MS Windows.

macOS gives even less reasons to waste money and CPU cycles for no benefit.