C99Shell How To Stop
How to stops the scripts like c99 shell from installing into the server?
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
C99Shell :: How To Detect Or Disable The Functionality Of C99Shell
Recently my site was defaced, (i own a dedicated server), my server was not touched, but one of the applications I used on the site was exploited to gain access to it. I have noticed 4 or 5 c99 shells in different locations on my ftp. The site is back online, but it's definitely possible that they have one of these hidden somewhere and that they'll just do it again. I am using cent os 5 How can I easily search for these on my box? Can I disable their functionality? is there setting I can use in htaccess or something to make my website safer? I visited one of the scripts, and it said SAFEMODE OFF, how can I at least enable safemode? I don't know much of anything about linux, but I am running cpanel and WHM. I have a guy who manages my box but he is hard to get a hold of sometimes, and I'd like to take care of this ASAP!
View Replies!
View Related
C99Shell Folders?
I found these folders in the root /usr/bin/c99 /usr/include/boost/numeric/interval/detail/c99_rounding_control.hpp /usr/include/boost/numeric/interval/detail/c99sub_rounding_control.hpp what are these ? is it normal folders ? or somebody hacked our server? what shall I do?
View Replies!
View Related
Trojan C99Shell
I just installed zen cart on my webhosting and after few days later i saw some file written like core1405.php and when i open to view the file it is actually trojan c99shell. I have deleted all of the core file. Now how can i prevent it from happen again? Cause it is too much work to clean up the hosting server.
View Replies!
View Related
C99Shell Hackers Killing Me!
guys im tired off fighting those hackers everyday! i have about 20 websites,and everyday i have one of them hacked! i restore a backup then another one hacked! thats unbelivable!!! those bastards upload there shell scripts to websites via bugs or whatever from php files!! is there anyway to stop these commands? can .htaccess helps? how? i talked to my webhosting companies for my websites! ....
View Replies!
View Related
Mod_security & C99shell Anyone Help Please ?
I installed modsecurity from Addone module in Cpanel When I try to apply phpshell woork good without a mistakes and I can do anything despite of the presence of protection modsecurity and disable_functions in php.ini. Is there a particular settings add to the httpd.conf to prevent application phpshell or prevent upload it to the site?
View Replies!
View Related
C99shell Disable PHP Scripts?
the biggest security issue i have with my clients is php c99 shell and similar php files, somehow these files uploaded on the website and from here they start attacking the websites. i have seen also that once you upload the c99 php file you are able to see the accounts information ( such as a user name ) on the same server so is there any way to disable this kind of php file or at least disable some function within the file! i have been thinking to install and run a antivirus on the server , but i see sometimes they upload the encrypted version of the file , so the antirus can't catch the file as a torjan!
View Replies!
View Related
C99Shell :: Attack Rules For Mod_security
i want to prevent c99shell scripts from running. I found this rule to detect URI's for the c99 shell. #new kit SecFilterSelective REQUEST_URI "/c99shell.txt" SecFilterSelective REQUEST_URI "/c99.txt?" My problem is that the hackers are being more stealthy and calling the script some random name like .../myphpstuff.php. So the URI no longer helps detect it. How could I detect "c99shell" in the actual file that apache servers? This assumes that the hacker was successfully in installing it. my box Apache 1.3.37 WHM 11.2.0 cPanel 11.11.0-R16983 FEDORA 5 i686 - WHM X v3.1.0
View Replies!
View Related
How To Stop Spammers?
I was wondering if anyone has any methods to stop spammers? Currently i am keeping watch on the mail queue and making sure nothing unsual. I have in WHM configuration setup to not allow more 200 mail messages per account per hour but for some reason it will hit thousands. WHMCS does seem to suspend them automatically or maybe its because of WHM BUT only when its too late. Any thoughts or suggestions?
View Replies!
View Related
How To Stop Spammers ...?
Have a persistent spammer who kept emailing my clients, even non existent domain accounts and getting the bounced emails to be send to a particular yahoo address. I tried to block in all ways but can't seem to stop him. His spams are from all over the world. Any suggestions?
View Replies!
View Related
How To Stop Gunzip -c
how to stop gunzip -c? By mistake instead of using gunzip file name on my friend's vps, I had used gunzip -c filename and its taking hell a lot of time to unzip it, I have no clue on how to stop this and I am scared if I close ssh client, it might be still adding load to the server .. I am unzipping an 4.5mb file, which on un-compression must be around 14.5mb .. for the past 10 mins its still unzipping and not sure how long it will go on.. unless I stop it..
View Replies!
View Related
Stop Hacking
a site i manage for a client is being hacked every couple of days, its not the actual site but the hosts server thats getting attacked, all sites on that server, well actually all thier servers. They have made no attempt to sort this problem, i report it they look at the site and say "site loads fine for us" which it does. All index files are having a base64 encode line written after the <body> tag, this adds hundreds of spam links which are hidden with display:none; they also add .html to application types in htaccess for php to run in these files too. Problem is, i am moving the site to another host but cannot change the nameservers to the new host's untill the client returns from a holiday, so i must keep the site up on the insecure host for now. I am removing the spam code almost daily, is there anyway i can stop this attack happening for the time being, the host does nothing.
View Replies!
View Related
How Stop Spam
I have a server that is sending spam, but I can not know who sent because the server not has installed suphp. There is another option to see who sends spam?
View Replies!
View Related
Stop Hotlinking
Is there a way to stop hotlinking? I have a client who has a blog. They have post pics of tattoos. Now there are at least 50 tattoo forums, blogs and other sites hotling to the pics. Now his bandwidth usage has skyrocketed. So enable hotlink protection in his cPanel. Just did a redirect to my main hosting site with a nice please stop hotlink image. Now I see all this in my logs. So I then made a 150 x 9000 clear BG gf with the text at the top please stop hotlinking. My questions is there any way to stop it. If not should I just make a 1x1 clear gif to redirect to? Also is there a way to not have this traffic show in my log files?
View Replies!
View Related
I Want To Stop Emailing Myself
I want to stop emailing myself I have received quite a few emails from senders claiming to be the recipients [in this case one of my email accounts]. I did not send these emails. This is happening with almost every email account I have setup on one of my domains. I know this is probably an easy fix-- I am simply unsure of what it is. I noted that someone else recently posted a similar question-- with only one response. I wanted to see if another post my garner another response.
View Replies!
View Related
Too Much Traffic, How To Stop It?
i've a vps with iptables, but i've too much traffic (RX), there are too many packets received from random ports on both upt and tcp. Today in just 14 hours i've 2.8 gib of traffic, without any connection for web, email, etc (i've stopped all the services). How can i stop this? it's going to burn all my monthly traffic
View Replies!
View Related
How To Stop Spammers
I have a massive spam problem on my server, which I cannot seem to find a cure for. Here is an example of the headers from an example email (from WHM) that is stuck in the mail queue: Quote: 1HiU0X-0006Y3-O6-Hmailnull 47 12<>1177932329 0-ident mailnull-received_protocol local-body_linecount 78-allow_unqualified_recipient-allow_unqualified_sender-frozen 1177932333-localerrorXX1vrroark@freemail.ru144P Received: from mailnull by host.zaggs.com with local (Exim 4.63)id 1HiU0X-0006Y3-O6for vrroark@freemail.ru; Mon, 30 Apr 2007 12:25:06 +0100045 X-Failed-Recipients: download@host.zaggs.com029 Auto-Submitted: auto-replied058F From: Mail Delivery System <Mailer-Daemon@host.zaggs.com>024T To: vrroark@freemail.ru059 Subject: Mail delivery failed: returning message to sender047I Message-Id: <E1HiU0X-0006Y3-O6@host.zaggs.com>038 Date: Mon, 30 Apr 2007 12:25:06 +01001HiU0X-0006Y3-O6-DThis message was created automatically by mail delivery software.A message that you sent could not be delivered to one or more of itsrecipients. This is a permanent error. The following address(es) failed: download@host.zaggs.com (generated from abraham@keysupplier.com) retry timeout exceeded------ This is a copy of the message, including all the headers. ------Return-path: <vrroark@freemail.ru>Received: from [220.157.245.77] (port=3648 helo=localhost.localdomain)by host.zaggs.com with smtp (Exim 4.63)(envelope-from <vrroark@freemail.ru>)id 1HiU0X-0006Xu-7rfor abraham@keysupplier.com; Mon, 30 Apr 2007 12:25:06 +0100Message-ID: <10fb01c78b19$683b6042$8bc8505a@freemail.ru>From: Noticeable <vrroark@freemail.ru>To: abraham@keysupplier.comSubject: I am 79 years young!Date: Mon, 30 Apr 2007 14:19:48 +0300MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0000_9E7D5C31.01A57A34"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express V6.00.2900.2180X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180This is a multi-part message in MIME format.------=_NextPart_000_0000_9E7D5C31.01A57A34Content-Type: text/plain; charset="iso-8859-1"Content-Transfer-Encoding: 7bit A few words about HGH LifeI have been taking HGH Life for five weeks and there is a noticeable improvementin me overall. Waking up without muscular pain is the most obvious! WhenI run out, I shall be ordering as much as my pension will allow. I am inEngland and am 79 years young!Order HGH Life online ------=_NextPart_000_0000_9E7D5C31.01A57A34Content-Type: text/html; charset="iso-8859-1"Content-Transfer-Encoding: quoted-printable<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><META http-equiv=3DContent-Type content=3D"text/html; =charset=3Diso-8859-1"><META content=3D"MSHTML 6.00.2900.2912" name=3D"GENERATOR"></HEAD><BODY text=3D#000000 bgColor=3D#ffffff><font size=3D"3" face=3D"Times New Roman"><p align=3D"center"><font =face=3D"Arial" color=3D"#009900" size=3D"5"><strong>A few =words about HGH Life™</strong></font></p><p align=3D"center"><font face=3D"Arial">I have been taking HGH =Life™ <strong>for five weeks </strong>and there is a noticeable =improvement in me overall. Waking up without muscular pain is the most =obvious! When I run out, I shall be ordering as much as my pension will =allow. I am in England and am <strong>79 years =young</strong>!"</font></p><p align=3D"center"><a href=3D"http://worldwdefull.com"><strong><font =face=3D"Arial" color=3D"#ff6600" size=3D"4">Order HGH Life™ =online</font></strong></a></p></font></BODY></HTML>------=_NextPart_000_0000_9E7D5C31.01A57A34-- I can confirm that the person who is doing this IS NOT using the 'nobody' user because I am keeping a spam_log for that. How else is a user able to use our server for spam? Please help as I would like to get this sorted ASAP.
View Replies!
View Related
How Stop Spam From Nobody
i have server and on the server 150 website and more someone upload mailer and send spam to online banking i want know where this mailer on the server coz my server on nobody i stoped sending from nobody from Tweak Settings till know what the account sent that and all message in Mail Queue Manager what the solution? any script to know that or method?
View Replies!
View Related
Email Hijacking How Can We Stop It?
This is something that has been playing on my mind for a while now and this may be the place to create a plan. How many of you are recieving emails advertising pills, viagra etc. And how many are recieving them from domains totally unrelated to the above, sometimes from even your own address?? Has anyone got any thoughts or ideas about how we can put a stop to this?
View Replies!
View Related
Service Saslauthd Stop
I have CSF installed and working, but when I check the server secuirty it has saslauthd (see below for full message), now is it safe to stop and won't break anything ? I am running on a VPS with cPanel/WHM Check server startup for saslauthd WARNING On most servers saslauthd isn't needed and should be stopped and disabled from starting, as it could pose a security threat. This service is currently enabled in init and can be disabled using: service saslauthd stop chkconfig saslauthd off
View Replies!
View Related
Backup Stop Suddenly
i have a dedicted server 160 disk space first month the server well adn take backup with out any problem to ma accounts then the disk space usage ( accounts + daily backups + weekly backups ) = 56 % now from 2 weeks my server has not take any backup why?
View Replies!
View Related
Squid To Stop DC DDoS.
For 2 weeks I am under DDoS. The type of DDoS is the one that comes from DC clients. I have managed to mitigate the attack and to get everything working ok. I do not like the solution I came up with for many reasons and I found that squid can be good on stopping bad requests like the one that DC clients send when the attack occurs. I am kinda new to squid and I do not know all the settings. I have configured It and everything works great when there is no DDoS. But when the attacks starts , nothing works. Squid does not log anything in access_log and also, there is no load, just a lot of connections to squid. Is there a limit for max concurrent connections in squid ? Or the ideea of using squid as a reverse proxy without caching, just to stop bad requests is a bad one ? (I do not need snort-inline, I have some issues with it).
View Replies!
View Related
Server Don't Stop Crashing
as many of you know, FreeBSD is a stable system... I have many other FreeBSD servers (with the same kernel as this one) that doesn't have problems but this server keeps rebooting once or twice a day (EVERY DAY) it's just a reboot... something very very similar to someone pushing the reset button 1) messages, security, auth or dmesg has no entries just before the reset, so the kernel is not getting aware the server is rebooting 2) the server comes back after around 10 minutes (reboot time + fsck) this is happening for long time, so I compiled a new kernel... and the problem didn't stop I request the datacenter techs to replace hardwares and they told me everything was replaced: motherboard, CPU, memories... and yesterday also the power suply so I have no other idea on what to do in fact I have one... setting a nobreak in this server power suply for 2 or 3 days to see if the problem stops, but the datacenter didn't like this idea
View Replies!
View Related
Stop Email Hijacking
My server/website is now hijacking and they use my server for sanding spam. Please help me to fix this error. My server: Centos, Cpanel, Ldf Mysite: Joomla 1.0.13 lfd email: HTML Code: Time: Tue Aug 28 20:16:51 2007 Path: /home/longpt/public_html Count: 101 emails sent Sample of the first 10 emails: 2007-08-28 20:16:40 1IQ7UO-0006AJ-Mf <= nobody@hn.luatgiapham.com U=nobody P=local S=6263 T="Automated Security Notice" 2007-08-28 20:16:40 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IQ7UO-0006AC-Iy 2007-08-28 20:16:40 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IQ7UO-0006AL-Od 2007-08-28 20:16:40 1IQ7UO-0006Ae-ST <= nobody@hn.luatgiapham.com U=nobody P=local S=6263 T="Automated Security Notice" 2007-08-28 20:16:40 1IQ7UO-0006Ag-Uk <= nobody@hn.luatgiapham.com U=nobody P=local S=6261 T="Automated Security Notice" 2007-08-28 20:16:41 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IQ7UO-0006Ae-ST 2007-08-28 20:16:41 1IQ7UP-0006Ak-1x <= <> R=1IQ7UO-00069O-06 U=mailnull P=local S=7333 T="Mail delivery failed: returning message to sender" 2007-08-28 20:16:41 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IQ7UP-0006An-6F 2007-08-28 20:16:41 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IQ7UP-0006At-B7 2007-08-28 20:16:41 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IQ7UP-0006BB-Dv Possible Scripts: /home/longpt/public_html/configuration.php /home/longpt/public_html/CHANGELOG.php /home/longpt/public_html/configuration.php-dist and I receive thousands of returning email but I don't send them. Code: This is the mail delivery agent at messagelabs.com. I was not able to deliver your message to the following addresses. <nolan1@mailbox.ulcc.ac.uk>: 128.86.238.34 does not like recipient. Remote host said: 550 rejected --- Below this line is a copy of the message. Return-Path: <nobody@hn.luatgiapham.com> X-VirusChecked: Checked X-Env-Sender: nobody@hn.luatgiapham.com X-Msg-Ref: server-13.tower-82.messagelabs.com!1188346634!60747442!1 X-StarScan-Version: 5.5.12.14.2; banners=-,-,- X-Originating-IP: [203.162.168.24] X-SpamInfo: filtered by Signaturing System X-Spam-Flag: YES X-SpamReason: Matched rules 111461236, 114223405 Subject: {Spam?} Automated Security Notice Received: (qmail 19117 invoked from network); 29 Aug 2007 00:17:31 -0000 Received: from unknown (HELO hn.luatgiapham.com) (203.162.168.24) by server-13.tower-82.messagelabs.com with AES256-SHA encrypted SMTP; 29 Aug 2007 00:17:31 -0000 Received: from nobody by hn.luatgiapham.com with local (Exim 4.63) (envelope-from <nobody@hn.luatgiapham.com>) id 1IQ8CZ-00071e-H1 for nolan1@mailbox.ulcc.ac.uk; Tue, 28 Aug 2007 21:02:19 +0000 To: nolan1@mailbox.ulcc.ac.uk From: NatWest Bank <online.security@natwest.com> MIME-Version: 1.0 Content-Type: text/html; Content-Transfer-Encoding: 8bit Message-Id: <E1IQ8CZ-00071e-H1@hn.luatgiapham.com> Date: Tue, 28 Aug 2007 21:02:19 +0000 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - hn.luatgiapham.com X-AntiAbuse: Original Domain - mailbox.ulcc.ac.uk X-AntiAbuse: Originator/Caller UID/GID - [99 32002] / [47 12] X-AntiAbuse: Sender Address Domain - hn.luatgiapham.com X-Source: X-Source-Args: X-Source-Dir: <html><head> <style><!-- body,td{font-family: verdana, helvetica, sans-serif; font-size: 12px; line-height: 1.5; color:#FFFFFF; text-decoration: none; } a:link{color: #FFFFFF; text-decoration:none;} a:visited{color: #FFFFFF; text-decoration:none;} a:hover{color: #FFFFFF; text-decoration:underline;}
View Replies!
View Related
How To Stop Using WHM/Cpanel
I have my own server which I use for my own websites. I use the following features of WHM - Creating accounts Deleting accounts Creating "packages" for my accounts Restarting services ...and possibly one or two other items once or twice a year. I use the following features in Cpanel - Checking statistics Adding e-mail accounts ...and possibly one or two other items once or twice a year. I'd like to break the (small) WHM/Cpanel habit I have and do all of the above via the command line. Is this a big task? Where should I start?
View Replies!
View Related
SYN Flood .. No Way To Stop It ?
One of the servers have 1 account on, but seems like its extremely attacked. I cannot SSH and many packet loss. so I asked softlayer and they access it and said its a SYN Flood as from the /var/log/messages (I cannot see it as the server is not accessable) they put the main public ip under Cisco guard but still didn't help. when I asked for any solution, unfortunaly I were told there isn't and have to wait the attackers to stop as it comes from MANY addresses that iptables even won't help. Isn't there any solution (software-hardware) to stop that ?
View Replies!
View Related
User Can See /etc/passwd. How To Stop This
We have CentOS and WHM 11 on the server. Also we have PHP 4.4.4 and open base dir enabled on the server . We have a shared server with many website configured on it. Now The user uses the following PHP code and can see the /etc/passwd file ============================================= <? echo ini_get("safe_mode"); echo ini_get("open_basedir"); include("/etc/passwd"); ini_restore("safe_mode"); ini_restore("open_basedir"); echo ini_get("safe_mode"); echo ini_get("open_basedir"); include("/etc/passwd"); ?> ============================================ Now how to stop this. This is a security hole. how to stop this.
View Replies!
View Related
Now I Can Stop DDos Attack After All
Before when they attack my site I can't stop them. Now at I can but I have to monator the server all the time and execute this program : Code: #!/bin/bash #Collecting list of ip addresses connected to port 80 netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1 > /root/iplist #Limit the no of connections LIMIT=5; for ip in `cat /root/iplist |awk '{print $2}'`;do if [ `grep $ip /root/iplist | awk '{print $1}'` -gt $LIMIT ] then echo "5 connection from $ip... `grep $ip /root/iplist | awk '{print $1}'` number of connections... Blocking $ip"; #Blocking the ip ... /etc/rc.d/init.d/iptables save > /dev/null; CHECK_IF_LOCALIP=0; /sbin/ifconfig | grep $ip > /dev/null; if [ $? -ne $CHECK_IF_LOCALIP ] then { FLAG=0; grep $ip /etc/sysconfig/iptables | grep DROP > /dev/null; if [ $? -ne $FLAG ] then iptables -I INPUT -s $ip -j DROP; else echo " Ipaddress $ip is already blocked "; fi } else echo " Sorry, the ip $ip cannot be blocked since this is a local ip of the server "; fi fi done It's block any connectin that has more than 5 connections. My problem now that when I left my pc and when I come back my server can't response. I used this to let it work every minute : Code: SHELL=/bin/sh 0-59/1 * * * * root /root/ddos/blockip5.sh > and put it here /etc/cron.d/anti-ddos.cron Is there any advice about it ? to let work all the time not every minute. like every 5 second. I found that when I left my pc and come back to run this script I can't login to the server I have to reboot it then log again. This message come from support : In the past 12 Hours we have seen a maximum of #35 mbps and an average of 12 mbps of malicious traffic being sent to your server I am using APF and also I use DDoS-Deflate version 0.6 and evasive mod. Any more advice ? they keep attacking me for more than 1 Month 24 hours
View Replies!
View Related
DNS Stop Resolving In VPS
my DNS stop resolving, once a day i need to restart the service in cpanel/whm , what can be done to prevent that ? its a fresh vps only cpanel is there and 2 domains with no pages just a simple under costruction index page . in CSF i have a Your Score: 106/112 in security , it firewalled and hardened right now is using 299 of ram out of 512 burstable to 768
View Replies!
View Related
How To Stop Mail-server Abuse
in the last 2 weeks has increased the spam mail to external users using our mail accounts. So a user receives spam believing that it is sent from our sites. I think the best method is to create a txt file in dns but I have many doubts about how to proceed. Looking at one of the e-mail back to our mail server I see that emails are sent via outlook. This is an example of the emails: ...
View Replies!
View Related
How To Stop SMTP Relay Attack
Server - Windows 2003, IIS, Windows Mail I am undergoing heavy SMTP attack, if i accept all connections in RELAY setting of SMTP If i grant access only to Server IP, then attack stops, but all emails send, start bouncing back to me, as relay failed.
View Replies!
View Related
How To Stop Apache From Doing Url Decoding
there is a customer who transferred their site over to our servers and has run into some kind of encoding issue. They have file on their website named: EXCL%204810_00%20BeefSkewers.jpg You can see that the "%20" characters are actually part of the file name on the server. So the problem is that when they try to call the image in a URL: [url] It gives a 404 not found error. We use apache 2.2.x on our servers, and my admins are stuck on how to fix this. (Besides renaming the files. The problem is that this issue appears to also effect other text in their database that uses various symbols, such as the ", ', and the degree (for temperature) sign...)
View Replies!
View Related
Server Crashing / Stop 0x00000050
My server had been crashing for while with Blue Screen of Death (BSOD) and bug check error code as Stop 0x00000050 PAGE_FAULT_IN_NONPAGED_AREA. It would literally stop by business till I reboot it again. So I tried pull up all information I could get and fix this. Here is what I found- Possible causes: A faulty driver recently installed Faulty RAM Antivirus Corrupted NTFS file system I checked the system logs and found errors related to NTFS. Well, my disk needed a chkdsk /r /f to fix this. Ran it at the command prompt and since it required a reboot to fix on the system drive (C:), had to reboot. Came back successfully. It has been 14 days and it has not recurred.
View Replies!
View Related
How To Stop Dedicatedbox.net From Charging Me
I was using a server from dedicatedbox until last month. And I didn't want suffer anymore from their terrible service (IP taken away/provided less memory then ordered/down time/rarely answered support tickets/refused to fix problem after phone call), so I terminated my server last month. So my server was indeed shutdown as requested. But after terminating the server, they still keeps sending bills and charing me. I have my credit card charged back the first bill. But seems that they are going to charge me another time this month. I tried to call them, but the phone call wasn't answered. how could I stop them from making trouble?
View Replies!
View Related
Server Crashing / Stop 0x00000050
My server had been crashing for while with Blue Screen of Death (BSOD) and bug check error code as Stop 0x00000050 PAGE_FAULT_IN_NONPAGED_AREA.It would literally stop by business till I reboot it again.So I tried pull up all information I could get and fix this. Here is what I found-Possible causes:A faulty driver recently installed Faulty RAM Antivirus Corrupted NTFS file system I checked the system logs and found errors related to NTFS. Well, my disk needed a chkdsk /r /f to fix this.Ran it at the command prompt and since it required a reboot to fix on the system drive (C, had to reboot. Came back successfully.It has been 14 days and it has not recurred.
View Replies!
View Related
How To Stop Spam With Header Other Than English
We have WHM 11 on the server. Now the server is getting to many spam mails. We already have filters on the server, but we get spam mails with header which are not in English language. The header are normally in russian or arabic language. how to stop these spam mails with header which are not in english.
View Replies!
View Related
Stop Hackers From Disabling Mod_security
i have a problem with a hacker that uses .htaccess to disable mod_security using this code PHP Code: <IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule> so is there a way to stop this? also they have come up with a smart way to run shell files named as images using this code in .htaccess PHP Code: AddType application/x-httpd-php .gif is there a way to disable the "AddType application"?
View Replies!
View Related
How Do I Stop /tmp Directory Hacks
I'm on a Cpanel/WHM (latest release version) VPS with centos 4.6. Over the last month or so, I have been routinely having /tmp directory hacks of various types (3-6 a week), often resulting in the processor spiking to 100% and load popping up. What do I need to do to prevent /tmp directory attacks, but still mantain the functionality that the /tmp directory is intended for?
View Replies!
View Related
How To Stop Kiss Firewall With Cron
i have a problem where kiss firewall works fine and i can restart it etc without a problem, but when i reboot it locks me out for some reason. i don't want to keep bothering my server provider asking him to turn off kiss when i reboot. so for testing purposes i wanted to make a cronjob to stopp kiss every 15 minutes. however when i enter the following line using cronbtab -e: 0-59/15 * * * * /usr/local/sbin/kiss stop i get this cron error: /usr/local/sbin/kiss: line 69: ifconfig: command not found Could not determine MAIN_IP. Firewall script aborted! but yet if i look at line 69 of kiss it is the following: MAIN_IP=`ifconfig eth0 | grep "inet addr" | cut -d: -f2 | awk '{print $1}'` however i can use the command "ifconfig eth0" and it works without error. anyone got any ideas how i can stop kiss using cron?
View Replies!
View Related
What Can Make Cronjobs Stop Working
Up until a day ago they were working just fine, and then they just stoped working with out me doing anything! I tried [root@ensim root]# service crond restart Stopping crond: [ OK ] Starting crond: [ OK ] and restarted the server. Nothing. All signs point to it working [root@ensim root]# service crond status crond (pid 10922 10919 3270 3035) is running... Code: Jun 4 00:00:01 ensim CROND[4286]: (root) CMD (curl [url]) Jun 4 00:00:01 ensim CROND[4297]: (root) CMD (/usr/local/bin/weblogs) Jun 4 00:00:01 ensim CROND[4289]: (root) CMD (curl [url]) Jun 4 00:00:01 ensim CROND[4300]: (root) CMD (/usr/local/sbin/bwcron) Jun 4 00:00:01 ensim CROND[4292]: (root) CMD (curl [url]) Jun 4 00:00:01 ensim CROND[4303]: (root) CMD (nice --adjustment=15 /usr/local/sbin/update_site_summary_cache) Jun 4 00:00:01 ensim CROND[4284]: (root) CMD (curl [url]) Jun 4 00:00:01 ensim CROND[4295]: (root) CMD (curl [url]) Jun 4 00:00:01 ensim CROND[4306]: (root) CMD (/usr/bin/run-parts /etc/logrotate/d) Jun 4 00:01:00 ensim CROND[4438]: (root) CMD (curl [url]) Jun 4 00:01:00 ensim CROND[4441]: (root) CMD (run-parts /etc/cron.hourly) though it's not actually done. If I load the page manually, the file does work.
View Replies!
View Related
|
TRACKER
