I have DenyHosts to ban an IP after 5 failed ssh logins, and send me an e-mail when it happens. Ordinarily I average around 3 banned hosts a week.
I've gotten ten today. Four of them happened with a couple minutes of each other.
I'm just wondering if this is widespread, as if something new was just unleashed? Or is it just dumb (un)luck? I'm not really concerned; every account has a strong password.
I'm merely curious about whether or not other people have seen a surge in brute-force attempts?
(This machine is just hosting a couple of my sites, which get almost no hits... It's not as if people are specifically targeting me. It's just them guessing "alice" and "bob" type usernames.)
after noticing the SQL errors on my sites, I went in to take a closer look.
First thing I noticed was my server load was at 200! This was all due to EXIM!
I stopped exim and then watched my load go back down to like 1... then started it, and it gradually rose again.
After using the Exim Cheat Sheet...
I discovered I had over 7000 messages frozen in my que and a few thousand not frozen.
After erasing all of the frozen messages because they were all spam, I am left wondering what I can do to stop this from happening again...
1. Is this spam being SENT FROM me? Or TO me?
2. Regardless of the answer to #1, how do I make it stop? I don't host any significant sites, and the server only has a few sites on it. None of the domains match up with anything I have anything to do with, so its all worthless and nobody on my server heavily uses their email through me.
What do I do? This is the second time I have had my system with a load this high and after the first time, I paid a chunck for more RAM.
I have a site that has a members section requiring members to log in with a username/password through .htaccess & .htpasswd file. Just wondering, is there a way I can record their logins and ip addresses using PHP scripts or .htaccess? I just want to keep track of the logins so I can see which login is being abused and keeping track of them.
We are being required to turn off all non-ssl logins to our server. I have turned on ssl redirection, but that only works when access by domain.
if a user types in the direct port number either http://domain.com:2086 or http://xxx.xxx.xxx.xxx:2086 they can still get access to the non-ssl login page.
I need to be able to disable all port access to non-ssl login pages for ports 2086,2082 and 2095.
My servers are running CSF+LFD and i have tried removing the ports from the configuration, but i still can gain access.
I got an email from my server telling me "tty1" has logged into root. Can anyone tell me what that means? Is this some sort of hack? Usually it tells me which IP logged when someone logs in not "tty1".
VPS: Openvz, 512mb, 50gb hd, 10mbit shared located in Kansas.
Problem: After entering in my username / password I experience a 2-5 minute delay before the login is processed. I have tried logging in from 3 different ISP's (AT&T, Comcast, T-mobile via Blackberry), 1 webserver (ssh), and HyperVM's Java client. Each produces the same result.
Also, apps such as yum and traceroute produce the same long delays ranging from 2-5 minutes as though the vps locks up or the node has zero resources.
When I use the command center via HyperVM I receive the same long delays. Rebuilding the VPS does nothing. O/S has no affect.
Despite long discussions with the VPS staff they insist there are no problems on their end and that no one else is experiencing this problem. What gives?
the smtp server have ptr/a records setup, smtp auth enabled, isn't on any blacklist and never was. when sending mails to certain recipients mail returns with 554 error stating the ip is blacklisted. the referencing ip is dynamic ip used by sender, not the server itself. i inspected the headers and server ip is listed in one of the from fields, the client ip is listed under another from fields.
how do i prevent this error from happening? i don't want to relay my smtp server which is perfectly fine to isp smtp server. why isn't the receiving smtp checking the last from field which is server's ip but instead bounce the message because the client is on dynamic ip?
if you have any solution, please share, regardless of the mta you're using. i'll make the appropriate changes in my configuration. i'm thinking it's not my fault but receiving smtp fault because i can send using the same configuration to some other recipients who have spamhaus checking enabled and everything works fine because the server checks on the my server ip and not on the client's ip.
2008-01-23 10:55:54 no IP address found for host srv.adwatcher4.com (during SMTP connection from [209.50.243.42]) 2008-01-23 10:55:55 H=(srv.adwatcher4.net) [209.50.243.42] Warning: Sender rate 5.8 / 1h 2008-01-23 10:55:55 H=(srv.adwatcher4.net) [209.50.243.42] sender verify fail for <none@localhost>: Unrouteable address 2008-01-23 10:55:55 H=(srv.adwatcher4.net) [209.50.243.42] F=<none@localhost> rejected RCPT <me@mydomain.com>: Sender verify failed
I turned off Sender Verification while Sender Verification Callouts was already unticked, yet I still get the same error even with this in the ACL config:
We have a dedicated server running WHM/cPanel. Last week this server (which is in a data center, outside our office) started rejecting SMTP connections from computers outside our office, but allowing connections from our office. We do not have a firewall in place. The message returned from Thunderbird when attempting to connect from outside our office via SMTP was a generic "10060" error.
I did notice that if you go into the config on Thunderbird on a computer outside our office and set it to connect using SSL, it then works just fine. I'm finding this baffling and the logs that I see aren't showing any odd activity or providing a reason for the refusal of the connection.
I also don't understand why it accepts connections from our office, as I would have never changed anything to make it accept only from our office, as we connect from home and other locations as well.
I have a customer who is trying to send email to an email direction but it bounces back with an error like this:
SMTP error from remote mail server after RCPT TO:<bancaweb@credicoop.com.ar>: host sas.credicoop.com.ar [200.47.24.10]: 450 4.7.1 Client host rejected: cannot find your hostname, [64.76.xxx.xxx]: retry timeout exceeded
I know it has something about a reversal dns but how do i fix it?
Have a new VPS, changed DNS and all is resolving fine. Check MX recods and again all is well. I can SEND email fine, and it is delivered, but ALL email sent to my VPS with LiquidWed is being rejected.
I checked the mail statistics page in WHM and sure enough there are nearly 300 rejected messages including benign stuff like gmail and monster.com (I had to do an arin lookup to see whom the IP's belonged to)
Any suggestions on how I can fix? I searched before starting the thread and found:
[url]
But the OP in that thread said the advice didn't work.
I've had problem with the VPS getting blacklisted alot lately.
Anyway, I think the problems resolved now and we've not been blacklisted for over 2 days, yet there still seems to be alot of e-mail servers rejecting mails from the server due to blacklisting.
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
email@shaw.ca SMTP error from remote mail server after initial connection: host idcmail.shaw.ca [24.71.223.11]: 554-idcmail.shaw.ca 554 Your connection from IP has been rejected due to poor reputation
I was checking my emails today, and have had several that have bounced back. They all returned a message like this:
Quote:
Hi. This is the qmail-send program at web1.daniel15.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out.
<email address removed>: 167.206.4.79 does not like recipient. Remote host said: 550 5.7.1 Your mail from IP 66.79.185.81 was rejected. We can't currently accept your message. : <email address removed> Giving up on 167.206.4.79.
I just upgraded my Plesk 11.5 on Plesk version: 12.0.18 Update #9 , and after the upgrade the Postfix stop working. And forwarding, receiving is not working at all and I am getting message bellow.
<sale-xxxxxxx@craigslist.org>: xx.xx.xx.xx does not like recipient. Remote host said: 554 <unknown[xxx.xx.xx.xx.xxx]>: Client host rejected: rDNS/DNS validation failed. Please setup matching DNS and rDNS records: Giving up on xx.xxx.xx.xx.
I migrate from plesk 9.5 to another server with plesk 12.0.18, and then outlook and mail default from iphone don't work, but tunderbird and webmail work well.
In outlook when i put the same configuration than tunderbird and i try to send mail out from my domain said this error:
How do I stop getting all those Received-SPF: headers prepended to the mailman list? It tags on a header that's well over 32K for a message that is less than 1K.
