I have a server , and it look like have a litle problem by sending mails , becase IT IS SENDING A LOT OF MAILS ... this is the stats:
User - Domain - Messages Sent - Total Bytes Sent
nobody - - 3430 - 2407677
Anybody know some tool that could alert me in case some scripts send X mails ?? and say me the file of that script?
I know that nobody are sending a lot of mails , but where is the scripts that produce it?
where to check mail-queue in cPanel ??
my friend has an vps and he has some trouble sending mail to 1 particular host such as hotmail, all the remaining hosts the mails are sent, but only to tht particular mail host the mails are not sent regularly, some times they recv it some times they don't
checked webmail, couldn't see any failed/bounced mail mail msg, so not sure why this is happening, so I want to check the mail-queue for him to check the status of tht particular host, if I could try to sort them out directly with the mail server for him.
Title: Reversable Domain/DNS Problems in E-mail Genuinity Check
Tags: DNS, firewall, internet protocol, routing, email
This is a real world scenario that I need help figuring out. I have thought of everything I could, but now I must seek the privileging knowledge and help from WebhostingTalk Forumers.
This is a real world scenario -- how so? Well know that Microsoft's TechNet newsletter probably goes out to at least a million people. How many of those e-mails go out to yahoo.com? Gmail.com? Hotmail.com? AOL.com? Etcetera. This is the same scenario that my company is in, except with a little bit of a kicker that has caused me to seek help.
In this scenario we have at least 10,000 clients with an e-mail at company-b.com. We need to send all of our clients an important e-mail with confidential information. We have one physical server and it is located in a ventilated and cooled datacenter'ish room. We also have two internet service providers for connection redundancy. On our firewall, we have it set so that if our primary ISP goes down it will instantly switch over to our secondary ISP until our primary ISP is back online. The IP address our primary ISP gives us on the internet is 48.48.48.48, and our secondary ISP gives us 68.68.68.68.
[url]
Company-b.com, for the protection of their customers, will resolve the reverse DNS from the address an e-mail would come from to make sure that the IP addresses match. In other words, when you send an e-mail from company-a.com it will come out from mail.company-a.com (with an IP address of 48.48.48.48 for example). When the mail gets to company-b.com, that server will resolve the reverse DNS (or try to anyway) of mail.company-a.com to make sure that it is indeed coming from 48.48.48.48. If it resolves it to a different IP address, it will not deliver the e-mails you sent from company-a.com to its customers on company-b.com.
In general, this verification process tries to verify the genuinity and validity from where e-mail was sent from to its own customers. If mail.company-a.com resolves to a different IP address than what it came from, then it is possible to say that we (or company-a.com) are using a relay (which is like a proxy), or that our domain name is simply not reversable.
[url]
To summarize: mail is sent out through 48.48.48.48 (but then goes offline coincidentally) and is sent to 96.96.96.96. Because 48.48.48.48 is down, mail.server-a.com will resolve to 68.68.68.68 instead of the original IP address we sent out our mail from, and because the IP addresses differ, the server 96.96.96.96 rejects the mail we sent, thinking that we either (1) have a DNS problem, (2) are spammers/spam-bombers, or (3) using a relay or proxy, which many companies are against, do not support, and have counter-measures against relay/proxy-users.
[url]
Any and all help will be appreciated. We are looking for a workable, proper/appropriate solution so that we can successfully pass the reverse domain test. We can add/modify DNS/MX records to company-a.com. We must have the two ISPs we have for redundancy; our company and clients heavily depend on our internet connection's uptime. Also, a lot of people in the company depend on IMAP/POP3/SMTP with their cell phones, iPhones, PDAs, laptops, timecards, etcetera. We may be able to schedule something maintenaince for a weekend if necessary.
I have a problem with a customer. For the last 48 hours he has been receiving a massive DDoS at his server. I tried blocking the darn IPs but they keep coming and with several hundreds of connections each:
104 78.157.168.98
125 83.226.157.91
126 89.103.109.65
131 89.12.150.23
135 84.251.196.78
135 86.122.0.135
135 91.127.235.86
154 84.24.14.41
160 193.216.140.101
331 89.151.8.78
419 78.0.103.64
Apache has over 14000 connections. I tried using mod_evasive but didn't do anything and the server has been out without httpd for hours now. Any advices? This is a Hsphere server (I hate it personally) with 4GB RAM and a dual optero 246. I have the mexclients setting at 550.
How can I better monitor and trace down I/O spikes? I've noticed the wait hit 60% every now and again... could someone be running a rapidleech script and if so, how can i find it?
View 2 Replies View RelatedI want to prepare myself for getting dugg and whatnot, so I want to mirror my site ahead of tiem. The problem is that it's very db-intensive so there's a db that all mirrors would have to query. What's the best way to deal with multiple dedicated servers in order to spread traffic load and not crash my site?
View 3 Replies View RelatedI have a dedicated windows server. I have it protected to the best of my ability (disabling administrative shares, anti-virus, anti-spyware, disabled remoted desktop, firewall, etc.). The purpose for the server is to host game servers. Over the past month, ive noticed massive amounts of bandwidth being used. For example Windows reports the bandwidth usage at a little over 2 GB in 1 day, yet on my control panel which reads the traffic from the switch, it shows that 9 GB have been transferred. I asked the colo what's happening and they said that traffic that is blocked by the firewall is still counted toward my monthly limit. But how can there be 7 GB of blocked traffic, keeping in mind i never had this problem months ago. As a test, last night i disabled all game servers and applications that use bandwidth. In the past day over 9GB has been transferred, despite the fact that i have nothing running that takes more then 50KB of bandwidth.
Aside from these bandwidth issues, everything is running fine, my passwords are still the same, etc. Is there anyway detect security holes, so that i may patch them when i reinstall the OS? I asked my colo for a security audit.
My question is, do you think my server has been compromised?
I've noticed that vBulletin and one of my directories is getting hit hard for the same file by sites in the Netherlands, Russia, Vietnam and China.
The lines typically state the same, trying to hit a file that isn't there, which may be in a forum/ or forums/ directory instead of the root.
'/home/mysite/public_html/forumdisplay.php' not found or unable to stat
'/home/mysite/public_html/newthread.php' not found or unable to stat
What have you guys done for this? I'm assuming an .htaccess edit may be in order. I'm also hoping to track IP addresses so that I can keep adding them easily. I wish it was more simple to do it on the server level using whm since it's usually accessible everywhere.
I've gotten several messages from cpanel like this:
5 login failures attempts to account mysql (system) -- too many attempts from this ip
Can any suggestion a host, and incidently perhaps the best album script, to host as much as 100,000 photos? I'm not sure size yet, but 10-15 gigs is expected. Currently there's 40k photos, but I'm leaving room for expansion.
View 13 Replies View RelatedI am trying to figure out what file system to use for my server. It has 24 hard drives, 2 run the OS in RAID 1, and the other 22 are in RAID 10. When I was installing the OS (Ubuntu 8), I kept on getting problems when I tried to partition and format the second drive (the one with the 22 disks in RAID 10) and it keeps failing on me. I then changed the file system type from ext3 to XFS and it worked fine. I also gave it another try and did not partition/format the second drive and decided to do it manually once the OS was installed. When I did it it told me that the file system was too large for ext3. So my guess is that ext3 has a limit on the size of the file system it is being installed on.
Anyway, so I am wondering, is there any other file system that will get me the best performance, mainly I/O performance, that I can install? I would like to stick with Ubuntu OS. This server will mainly serve large files for download over HTTP.
how to handle the file storage of a youtube clone?
Is it just a matter of getting more servers with a few hdds or are there specialized companies that one can upload files over a distributed file streaming network?
The reason I ask is because I have thousands of gigabytes of videos and it appears to be impossible to upload it on 1 dedicated server or even a few.
to change all passwords for user account on cpanel server. Is it possible to do it automatically by using some cpanel script? Also I need this information stored in one file in order to know new passwords.
View 4 Replies View RelatedGetting massive amounts (thousands) of these lines in exim mainlogs and gz exim rotated logs too
Quote:
2009-04-21 09:20:45 [11305] 1LwGq4-0002wL-I3 <= <> R=1LwGq3-0002vw-Fa U=mailnull P=local S=1639 T="Mail delivery failed: returning message to sender" from <> for root@server.domain.com
Of course, the time is different (several days)
How can trace who / where this is coming from?
Its a cpanel box with suphp enabled, and all the exim tweaks you can imagine (ie, prevent nobody sender, max 50 mails per domain per hour, send callouts disabled, etc)
I would like to know how to check load via ssh and check files causing load?
I want the ssh codes for 2 different set of control panels, one with cpanel+whm and other with kloxo+hypervm
and I would also know how to check the files causing the load, such as some files could have been interrupted while processing, so they could be causing load some times, so I want to stop such processes if any are running on the vps on my friends accounts
i recently purchased a VPS from internetvps.com, but im not sure what OS of linux it is. How can you check the OS of the server?
View 10 Replies View RelatedLet's say I have a VPS with 512 MBs of RAM.
How do I check in shell that this is indeed the case?
I read in some places that "top" and "free -m" and such can help.
But these gave me way more than 512.
Here is the output from my "free -m". Total shows here 3886 MBs of MEM??? That is almost 4 Gigs. Please someone explain this.
total used free shared buffers cached
Mem: 3886 3721 164 0 17 542
-/+ buffers/cache: 3161 724
Swap: 6142 2020 4121
Quote:
Nobody Check 1.0.3 Current on cPanel
Tue Mar 20 16:00:02 SGT 2007 on blue.mydomain.com
Server Load: 16:00:02 up 21 days, 14:02, 0 users, load average: 2.73, 2.20, 2.08
Warning: Malicious Nobody Process Found
=========================================
Options: kill bad proc=1 logging lvl=1
SCAN SUMMARY
========================================
Clean Processes: 57
DETECTED Malicious Processes: 1
DETECTION DETAILS
========================================
DETECTION: Process 4221 with name php and path /usr/bin/php
Process ID: 4221 has been killed
Restuls for PID: 4221
total 0
dr-xr-xr-x 3 easyzz easyzz 0 Mar 20 16:00 .
dr-xr-xr-x 291 root root 0 Feb 27 10:01 ..
dr-xr-xr-x 2 easyzz easyzz 0 Mar 20 16:00 attr
-r-------- 1 easyzz easyzz 0 Mar 20 16:00 auxv
-r--r--r-- 1 easyzz easyzz 0 Mar 20 16:00 cmdline
lrwxrwxrwx 1 easyzz easyzz 0 Mar 20 16:00 cwd -> /home/easyzz/public_html
-r-------- 1 easyzz easyzz 0 Mar 20 16:00 environ
lrwxrwxrwx 1 easyzz easyzz 0 Mar 20 16:00 exe -> /usr/bin/php
dr-x------ 2 easyzz easyzz 0 Mar 20 16:00 fd
-rw-r--r-- 1 easyzz easyzz 0 Mar 20 16:00 loginuid
-r-------- 1 easyzz easyzz 0 Mar 20 16:00 maps
-rw------- 1 easyzz easyzz 0 Mar 20 16:00 mem
-r--r--r-- 1 easyzz easyzz 0 Mar 20 16:00 mounts
lrwxrwxrwx 1 easyzz easyzz 0 Mar 20 16:00 root -> /
-r--r--r-- 1 easyzz easyzz 0 Mar 20 16:00 stat
-r--r--r-- 1 easyzz easyzz 0 Mar 20 16:00 statm
-r--r--r-- 1 easyzz easyzz 0 Mar 20 16:00 status
dr-xr-xr-x 3 easyzz easyzz 0 Mar 20 16:00 task
-r--r--r-- 1 easyzz easyzz 0 Mar 20 16:00 wchan
Netstat:
Environ:
Hello, I got this notification from the 'Nobody Check'.
Is there anything I need to be aware of? ..
confirm this is only 1gig of ram?
Mem: 1034096 985128 48968 0 157944 559136
-/+ buffers/cache: 268048 766048
Swap: 2040212 160 2040052
Total: 3074308 985288 2089020
I'm running CSF on a Cpanel server and have questions about new features in CSF
Apache Check
Check Apache weak SSL/TLS Ciphers (SSLCipherSuite)
Results
Cipher list []. Due to weaknesses in the SSLv2 cipher you should disable SSLv2 in WHM > Apache Configuration > Global Configuration > SSLCipherSuite > Add -SSLv2 to SSLCipherSuite and/or remove +SSLv2. Do not forget to Save AND then Rebuild Configuration and Restart Apache, otherwise the changes will not take effect in httpd.conf
Can someone explain this in laymen terms? I know this is new in Cpanel. I'm already running Apache 2.2, PHP 5.2.9 with suPHP enabled and mod_security as well (these rules: [url]
Also, what exactly are these CSF checks?
Check csf PT_SKIP_HTTP option
This option disables checking of processes running under apache and can limit false-positives but may then miss running exploits
Check csf SAFECHAINUPDATE option
This option closes a window of opportunity that opens when dynamic chain updates occur
how to check using SSH if the HD is SSD drive in a linux box?
View 1 Replies View RelatedHow can we be sure that we are facing ddos attacks any good command which will make me 100 percent sure that there is ddos attacks on server ?
View 12 Replies View RelatedIs it possible to run a hardware check on my VPS?
For instance DFT (Drive Fitness Test) or Memtest?
I'm running HyperVM and WHM.
I have one client who cannot see my server and all domains on it. I;ve checked if his IP is block or not and I didn't see his IP on the apf deny host file. How to you check IP if it can see my server? I just want to make sure before calling the ISP.
View 3 Replies View RelatedI used this script
[url]
Now, via command line how can I check that ALL these work and are enabled for example? I'm not talking about visually seeing the files there, I mean actually enabled.