Copy Newly Created Folders In /tmp
Apr 1, 2007
We've had someone starting nobody PERL procs on a box and we can't quite track it down or read the file to see what it is. What he does is to create a folder in /tmp, execute the script from there and delete the folder as soon as it's running (yes, /tmp is mounted noexec, makes no difference). We've managed to discover and block the IP that was doing this, but that's no fix. He hasn't been back since banning the IP...so far.
What we would like to do is see if anyone knows of (or can help create) a script that can watch the /tmp folder and copy newly created directories and thier contents to another dir (also notifying via email would be helpful) in order to see what the heck it's doing, and hopefully be able to figure out how it's getting in. Nothing in any logs this time, and the PERL process seems to be able to hide itself from PS. That bit worries me quite a lot, but none of the binaries appear to have been changed, and it doesn't appear we've been rooted in any way.
Thoughts on this, ideas and suggestions welcome.
Failing that, is it possible without breaking the box to prevent the creation of new directories in /tmp? This I seriously doubt, but if all they need to do is create a folder and work from there, noexec is a joke.
View 14 Replies
ADVERTISEMENT
Jan 28, 2014
How to install a certificate for a brand ?
Let's say I have a brand B associate to a reseller R and a domain name domain.com.
When B sell a new subscription (with the associated webspace) it is available under sub.domain.com.
I would like to have a specific SSL certificate installed by default for every newly created webspaces by B under xxx.domain.co
View 7 Replies
View Related
Apr 19, 2007
I am designing a site for a client and in all the years I've done design etc, I've come up against a phenomenon with their VPS server they have. It's linux and uploading files I am using WS_FTP Home.
I am uploading files and folders to their public_html/domain.com/ (*I use domain here for their privacy) and in some folders (directories) after doing so, a mystery folder suddenly appears that is named 5" and as you enter that folder, you see the path directory show up "public_html" and if you go into that one, you come up to the domain.com folder again, and if you deeper into that one you start to see this phenomenon of mirroring folders of the one you go into. Example:
public_html/domain.com/images/5"/public_html/domain.com/images/file
***the file whether it's an image jpg, png, etc is created as the last directory as a folder, not a file. I should also mention that as you go deeper in the 5" mystery directory folder, you no longer see the path in the FTP anything past the 5" one even as you go further in.
Oh, and it doesn't allow you to delete these 5" folders regardless of what permissions. And this folder seems to show up in many areas of this website's directory structure...mostly where images are (don't know if that is just a coincidence).
So hope all this makes sense....anyone seen this before and what the cause could be? Their host doesn't seem to know the reason and says they cannot see it even though others can. They said it's the FTP program as the cause and not their server.
My comeback to that is that I've used this FTP for years and never before seen this happen. It's only with this one client's server.
View 4 Replies
View Related
Nov 25, 2007
i would like to copy index.shtml to these folder in 1 command ...
PHP Code:
[root@BOX wp-content]# ls -latotal 48drwxr-xr-x 9 sitename sitename 4096 Nov 25 16:06 .drwxr-xr-x 6 sitename sitename 4096 Nov 25 15:52 ..drwxrwxrwx 3 sitename sitename 4096 Nov 25 16:05 backupdrwxr-xr-x 2 sitename sitename 4096 Nov 16 15:39 cachedrwxrwxrwx 3 sitename sitename 4096 Nov 25 16:05 gallery-rwxr-xr-x 1 sitename sitename 30 May 5 2007 index.php-rw-r--r-- 1 sitename sitename 457 Nov 25 16:06 index.shtmldrwxrwxrwx 3 sitename sitename 4096 Nov 16 16:27 photosdrwxr-xr-x 28 sitename sitename 4096 Nov 25 15:57 pluginsdrwxr-xr-x 8 sitename sitename 4096 Nov 22 03:01 themesdrwxr-xr-x 3 sitename sitename 4096 Nov 16 04:04 uploads-rw-r--r-- 1 sitename sitename 909 Nov 16 15:43 wp-cache-config.php[root@BOX wp-content]#
i mean to let index.shtml index uploads and themes .....etc in 1 command .
View 12 Replies
View Related
Oct 7, 2008
In previous thread we made few manual transfer of our domains.
We also made some automated migration of few domains/sites using Web Host Manager's Copy an account from another server feature.
All the files and other settings were properly transferred from old server to new server, but only the mysql database is not visible on new server. I am unsure if the same got copied to new server.
View 4 Replies
View Related
Feb 5, 2007
I have created a reseller account on my Cpanel dedicated and have 2 IPs to my customer to register them as name server. He has just done so. How can I make sure that he can use these new name servers on his customers' domains.
The name servers and the IPs are these:
ns4.exeperu.com 69.65.121.203
ns3.exeperu.com 69.65.118.79
View 8 Replies
View Related
Apr 25, 2014
I recently purchased a dedicated server with Godaddy, I also registered a domain with same Godaddy.
Now when I tried to add a new domain in plesk, I got a warning message that "the domain is pointed to 192.198.XX.XX" which is different from my dedicated server IP. The message also says I should edit the DNS.
Now my question is What do I need to edit from the default dns plesk has assigned to my domain? Do I need to use the domain's default IP. I want to be able to host multiple website on my server...
View 2 Replies
View Related
Dec 18, 2008
After some yum updates last night one user and group called xfs were created on my dedicated server. Does anyone know what this group/user is used for?
View 0 Replies
View Related
Apr 16, 2007
I'm in the process of configuring my company's new server and I've hit a slight stumbling block. What's happening is that PHP is creating its sessions like normal with the exception of no permissions being set for them. This then means that errors are thrown up when PHP attempts to open the session files. Can anybody tell me why this is happening? I have set the sessions directory to octal 0777 for the time being.
The server is running Linux redhat.
View 0 Replies
View Related
Oct 15, 2009
(2) Intel Xeon 5310 Quad Core 1.6GHz Processors
Supermicro X7DVL-E Dual Processor Motherboard with 1333/1066/667MHz FSB
(4x) 2GB DDR2 PC5400 ECC Fully Buffered (667MHz) System Memory (1GBx2)
(6x) 250GB SATA II Hard Drives (1.25TB Available Storage)
How many VPS Servers can be created on that dedicated server?
And what is the suitable dedicated server for about 20 VPS Servers to be hosted on?
View 14 Replies
View Related
Dec 11, 2008
How to find out who created account?
How can I find out who created an account in CPanel? Where in the logs?
I have a new account on my server but I don't know who created it, it's possible one of my resellers lost his password, but how can I find more about it?
View 5 Replies
View Related
Sep 1, 2008
I recently got a dedicated server (CentOS with WHM and cPanel) and I am a newbie when it comes to server admin.
I had a hard time with the proper configuration so that Fantastico would work (it took their admin a week to figure out their own installation).
In any case now I can use Fantastico to install scripts and the one I use the most is Joomla. There is a major problem though. So I create a new account in WHM (with root access or not), go to domain.com/cpanel, go to Fantastico and install Joomla. Then if I access files or folders through FTP using CoreFTP I can't change permissions (most of files or folders) and I can't edit files. (that's the case even for the accounts with root access).
I can perform those actions if I log into WHM with my main root account and change what I need using a module called Configserver Explorer that shows all the files on the server (without that module I would be lost - I don't know all those shell commands)
So can anyone help me with some proper configuration tips so that if I create user accounts (other then myself) they would have those permissions to edit or change stuff in their account?
I come from shared hosting and never had these problems. They were allowing add-on domains and I could copy entire sites to other domain names with one click. Now WHM says it's not a good idea to allow add-on domains. No idea why. Any advise one that?
View 9 Replies
View Related
Mar 9, 2007
This is twice I have found email addresses on the web that I have never created. Both domain names are the new extensions and I purchased them the first day they become public. .biz the other is .US
One of the domains I never even created a web page until yesterday. And today I find a German site using my domain as an email address. One note on this, this domain name is extremely unique and related to certain German ideas or thoughts.
I am thinking someone at the server created them and used them for their personal use. Is this possible?
Not only that, but I have sent email to these addresses and there was no bounce back. No bounce back meaning these are valid email addresses?
View 4 Replies
View Related
Aug 7, 2014
We are getting the below message in Apache's error.log when accessing from mobile application & updated apache from 2.4.9 to 2.4.10 also.Trailing dot is created after the URL.
I can able to hit [URL] ..... and I can't able to hit [URL] ....
View 11 Replies
View Related
May 27, 2015
Since a week ago or so, in one of our Plesk 12.0.18 / Centos 6.6 servers, when we create subdomains the process seems to stop half-way without being finished.
To reproduce the error:
Select a subscription (e.g. example.com) and go to "Domains and subdomains"
Select "add new subdomain" and enter a value (e.g. new.example.com). The directory will live in parallel to httpdocs
Click Accept
Expected result:
The subdomain should be created: Filesystem diirectory with default contents, DNS entry, Apache VirtualHost, etc.
Actual result:
After several minutes Plesk responds with Internal Errror (in a red area in the panel).
Things done right:
The file space in parallels with httpdocs is created fine with the default site.
DNS entries are created under /var/named/chroot infrastructure.
The subdomain menu appears fine in the Plesk panel.
Things wrong/missing:
The filesystem directory is not mapped by Apache. Even after changing its contents the default server templeate appears in the browser, (all precautions taken, apache restart, browser in private session and different browsers).
Log info:
- /var/log/sw-cp-server/error_log says:
2015/05/27 18:17:45 [error] 28890#0: *1828 readv() failed (104: Connection reset by peer) while reading upstream, client: nnn.nnn.nnn.nnn, server: , request: "POST /smb/web/add-subdomain HTTP/1.1", upstream: "fastcgi://unix:/var/run/sw-engine.sock:", host: "<hostname>:8443", referrer: "https://<host>:8443/smb/web/add-subdomain"
- /var/log/httpd/access_log records the access with 200 OK codes although I don't find them in neither subscription logs under /var/www/vhost/system/*/logs/access_log
nnn.nnn.nnn.nnn - - [27/May/2015:18:38:35 +0200] "GET <deleted_content_in_the_subdomain_directory> HTTP/1.1" 200 14036 "http://<new_subdomain>" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0
I don't find the Apache VirtualHost .conf files for subdomains, where can I look for them up...
View 4 Replies
View Related
May 24, 2014
$request = <<<EOF
<packet version="1.6.5.0">
<mail>
<create>
<filter>
<site-id>34</site-id>
<mailname>
<name>$username</name>
<mailbox>
<enabled>true</enabled>
<quota>1024000</quota>
</mailbox>
[code]....
I write this code for creating mail box, but I get "No mailbox" message in plesk panel. I need to create mailbox.
View 2 Replies
View Related
Nov 3, 2008
How to make backup of VE's(created with openvz) to .tar.gz and restore later?
View 4 Replies
View Related
Nov 8, 2009
I've currently installed webmin on my vps and i want to know ive followed this tutorial and is there away for me to setup my dns name servers for my domain how can i do that with webmin? .......
View 6 Replies
View Related
Jun 28, 2008
Is there a quick shell command to find (inside a directory) and delete all the files created e.g. on January 10, 2008 ?
View 2 Replies
View Related
Apr 11, 2008
We have issue with spambox/horde
We have enable from whm spamassasin and, from cpanel customer's, spambox function
Problem is that for all customer that have email in the past folder spam are not been created..
For new account is created but is hidden from horde, we must go on horde option and tell that spam folder is "spam"..
Why ?
With other server te don't have this problem..
Ho can fix this, create fol all users /spam folder and set as spam folder ?
View 2 Replies
View Related
Jul 5, 2007
All our email account on our server work fine ! (Cpanel/whm)
As soon as we create a new account on any domain name, and we try to send a test mail from any email address (hotmail, yahoo, our internet provider etc.. ) we get a bounce back email with the following:
Recipient address: yasmine@ramystyle.com
Reason: Remote SMTP server has rejected address
Diagnostic code: smtp;550 5.1.1 User unknown: yasmine@ramystyle.com
Remote system: dns;ramystyle.com (TCP|10.23.32.29|46273|72.55.156.210|25) (swh1.sellwebhost.com ESMTP Exim 4.66 #1 Thu, 05 Jul 2007 11:27:01 -0400 )
View 2 Replies
View Related
Jul 18, 2007
How to hack a website at phpizabi engine?!
keywords:
?L=, cecen hacked, cecen, hacked, phpizabi hacked, How to hack phpizabi
Hacking mechanism:
1. this is not hacking indeed. This is usage of phpizabi engine imperfection
Usually the path till the admin area looks like this:
?L=admin.general.configure
If changing the path to
?L=admin//general//configure
Then anyone can obtain full access to the admin area and can do everything he wants.
Similarly changing the path till any keyword file on the web site you can freely get the access to the database.
HOW TO CORRECT THIS ERROR:
mechanism:
1. Below Ill show an example on how to correct the imperfection of phpizabi engine. This is only example and I recommend all the programmers to code by themselves their own mechanism of this error correction. Unque character of this mechanism will be one more obstacle against hacking.
So, in the very beginning of the script index.php we should put the following code:
$ser_p = array("'[^.A-Za-z0-9]*?'si");
$rep_p = array("");
$_GET = preg_replace($ser_p,$rep_p,$_GET);
It cleans everything from the query except dots, letters and digits.
2. All the folders in main directory of the web site which are located under the path /pages/ should not be accessible for opening!
The easiest and fastest way is to set password access for all the folders in /pages/ through ĞPassword Protect Directoriesğ - this is clients admin area on the hosting. You should set password to all except chat and gallery.
3. File upload:
By default any file can be uploaded for scripts phpizabi for dating web sites. They could be uploaded like a picture for gallery or attached file for other web site elements.
Specially created *.php file which will be loaded at the server, can give full access to hacker and finally to walk away it from you!
I do not enclose the correction code of this error as you should restrict file uploading on the server by the class objects jpg/jpeg, gif and png.
View 0 Replies
View Related
Jul 11, 2014
I just created a new Domain "bernhardlinz.de" at the
Plesk Panel -> Websites & Domains -> Add new Domain
After the Creation the new Domain does not appear under "Websites & Domains".
I check the domain with
Code:
/usr/local/psa/bin/domain -i bernhardlinz.de
And all looks fine like my other, older domains:
Code:
General
=============================
Domain name: bernhardlinz.de
Owner's contact name: Bernhard Linz (admin)
Domain status: OK
[Code] ....
I can see the domain under "Mails" and also create new mail accounts. There are no Errors for this under
Code:
/usr/local/psa/admin/logs/panel.log
As i try to add the domain first i got a
Code:
[11-Jul-2014 21:41:35 Europe/Berlin] PleskUtilException: mailmng-outgoing failed: ERROR:outgoing:database disk image is malformed
Which I removed with the
Code:
/usr/local/psa/admin/sbin/mchk
Command I found in the Plesk forum. After that i could add the domain.
I try a add another fantasy domain - also works but alos not displaying in Panel "Websites & Domains"
I take a look at the Plesk-Database "psa" with the Build-In "phpMyAdmin"
I take a look at the table "domains" and it looks like the other entries.
The Server was restored a few days before from a Backup. After the restore i had have the problem the "mysql" service did not start. I fixed the problem with the description from [URL] ... (Start mysql in recoverymode, export all data, delete the content of the whole mysql folder /var/lib/mysql folder, init new database and import the exported data). After that all looks fine.
View 2 Replies
View Related
Jul 30, 2009
I found these folders in the root
/usr/bin/c99
/usr/include/boost/numeric/interval/detail/c99_rounding_control.hpp
/usr/include/boost/numeric/interval/detail/c99sub_rounding_control.hpp
what are these ? is it normal folders ? or somebody hacked our server?
what shall I do?
View 10 Replies
View Related
May 8, 2008
Well I finally got around to getting my IIS up and running which will save some time with uploading various files to check that they are working correctly but now I have run into a new problem. What used to happen with my IIS is it would list out all of the folders which I had in the wwwroot and I would simply navigate through and select which site needed to be tested.
At the moment, I have cleared out the wwwroot folder entirely since all of the stuff in there was to do with a "Windows XP Professional" page which appeared upon installation.
However, now that I don't need it anymore, I decided to clear it out and test IIS out by making a new folder called "sites" into wwwroot. Now though, it simply comes up with a "Directory Listing Denied. This Virtual Directory does not allow contents to be listed." error message, even though I have changed the permissions on the wwwroot folder to allow writing etc.
Could this be because it's IIS 5.1 and I need to install IIS 6.0 instead or is something else wrong? I know for a fact that my operating system (Windows Media Center Edition 2005) will do this list as I have had it before, back before I installed Vista and then decided to come back to MCE.
View 3 Replies
View Related
