Daily Dozen LFD Blocks Normal

May 5, 2009

I recently got a dedi from Hivelocity, and they installed CSF/LFD. On my previous hosts, I didn't have this, just cPHulk. With this dedi, I'm receiving nearly a dozen daily emails from LFD with IPs that have been blocked for multiple failed logins, mostly with username root, but also sales, staff, admin, system, etc., and a few for port scanning.

Is this normal? I've already disabled direct root login via SSH, and I'm not really worried about anyone actually managing to gain access, I'm just curious about the high number of attempts. On previous hosts, where I actually had active sites and forums, with links posted on other forums that are indexed and nicely ranked by Google, I rarely received any emails from cPBrute at all.

View 1 Replies


ADVERTISEMENT

Dozen Personal Sites

Jul 20, 2008

i have about a dozen personal sites for my different hobbies, what have you...and i was trying to find a host for them that will allow me to use Gmail for the domains but to host the sites.

bandwidth isn't that big of an issue but hd size is.

i know about 1and1 and godaddy and see how hostgator gets lots of referrals as well.

my problem is that i need a hosting company that has..ha! a small number of spammers that have taken refuge on them.

the company that i had been hosting these with has had too many problems with spammers and getting domains on the shared server blocked. their support has gone to the dogs and well...i just don't feel like paying them for another month of service.

View 14 Replies View Related

Best Free "remote Control" Software For Managing A Few Dozen Computers? (Nonprofit)

May 23, 2008

I have a client who runs a non-profit organization that puts computer kiosks (running Windows XP) in public areas where low-income people can use them for free. They take old computers, put them back together, and then install them into local grocery stores, gas stations, etc.. where people can use them for free.

This is non-profit work, so their budget is pretty much spent on hardware and upkeep of the computers. (ie: internet connections, Windows licenses, etc.)

They have about 3 dozen computers now, and managing them is becoming more and more time consuming and difficult so they have asked if I can make some suggestions to make things more efficient (easier).

All the computers are built with a hidden partition which contains a drive image. If the computer gets too "screwy", then they can simply re-image the machine and "restart". However, this requires a trip to the local computer, which takes a lot of time, and all of this is done by volunteers...)

One idea I had was to use "remote control" software so the volunteers doing the work don't have to actually go and physically see the computer when debugging a problem, updating software, reimaging the drive, or whatever.

A typical problem might be that the store owner where the machine is deployed will call and say, "It's not working any more". So now a volunteer must go and visit the computer to see what's wrong... but with remote control software they could simply login remotely, fix whatever is the problem, or if needed start the drive re-image.. without ever needing to visit the computer. (Save time!)

So... I've done quite a bit of research on remote control software, and there seems to be lots of "for pay" options. However, the organization just does not have the budget to pay for remote control on a few dozen computers. (Also, they are expecting to roll this out in multiple cities soon, so the solution must be scalable, and paying per computer just isn't realistic given their budget.)

I found the "VNC" remote control software, and that seems to be perfect. It's free, and seems to work well.

However, there are no less then 10 different "flavors" of VNC available, so I'm hoping perhaps a few people here might be able to recommend which one is the best solution. tightVNC, ultraVNC, miniVNC, there are even a few pay (one time small fee) projects.

I have no idea which one is best for them, and I just don't have time myself to investigate and test this all out to make an informed decision.

I'm hoping you can help me narrow down the many choices to either one or two options.

Here's what it needs to do:

- Needs to be "always on" so that the remote control software works immediately after the computer boots. (ie: Even if nobody logs in, remote user should still be able to see the screen and do a login.)

- Be impossible for computer users to remove.

- Be able to take control of the machine without anyone being physically present to click "ok" prompts or accept incoming connection, etc.

- Work with remote machines that are in a LAN with an unknown IP. (Some of the computers are plugged into an existing LAN so that they can use the existing internet connectivity.) In this case, the remote machine does not have a public IP, and the current IP might change after each reboot. The remote control software must be able to "see" the local machine, even if the IP changes, etc... (Maybe some software that runs on the remote machine that "sends" its IP or updates a hostname to an intermediary server every few minutes?

- Allow file transfers between remote machine and controlling machine.

View 9 Replies View Related

APF Blocks My IP Too

May 26, 2007

APF (on my server) often blocks me and some other browsers but I don't want it to do this. Let me give the last one log below;

Code:
May 26 09:38:01 linux apf(9884): (insert) deny all to/from 85.101.x.x (my ip)
After 20 minutes automaticly deleting the block.
May 26 09:58:02 linux apf(11064): {delete} deny all to/from 85.101.x.x

View 7 Replies View Related

Hosting On Different C Blocks

Oct 29, 2009

I guess some of you have had the same problem in the past.

I am looking to host 20 different websites on 20 different C-block ips.

It's very hard to find a provider that does this so up to time I am ordering every account to different provider but this results in a big overhead.

View 6 Replies View Related

How To Setup IPs From 2 Different IP Blocks On One Server

Aug 31, 2008

does aynone know how to modify the file /etc/network/interfaces (using debian linux) in order to have 2 different 8 IP - Blocks on one server? I guess one needs somehow 2 gateways, but I am not really sure how to set it up. So I did try it that way, which didn´t work: ....

View 2 Replies View Related

Sever Goes Down Cause Csf Firewall Blocks Everything

Mar 27, 2008

This weird issue has poped up only this weekend , when csf blocks all ips and even ssh, email and all services are not accesible, even though server is working, but firewall puts a block on everyone, and appears offline to others, any ideas why csf and iptables are not responding and acting in this behavior, i asked jonesolutions.com last time it happened i got no reason/response which could be the culprit.

Could it be the kernel update/upgrade that was done, to optimize load which broke csf and its working?

as this is 2nd incident over last 2 days , and i had thought my management had fixed it. Upset here over the unwanted for no reason downtimes!

Here is the output for this command after i restart csf again, and thats like average too i get over the entire day.

root@webhosting1 [~]# netstat -an |grep :80 |wc -l
188
root@webhosting1 [~]# netstat -an |grep :80 |wc -l
168

Connections to server dont seem to be high enough to pooch the firewall.

View 14 Replies View Related

My Site Blocks For Some User

Apr 12, 2007

well they get permission denied to view the site, i have flushed the server firewall but yet again several user dont get access to view the site...

View 6 Replies View Related

Default APF Blocks Softlayer IP Range And WHT

Aug 3, 2009

This came as a surprise today, I setup a server-based RSS reader and could not get WHT's forum RSS feeds. A little digging revealed it was the default APF installation that was blocking the 174.0.0.0/8 range, which includes WHT and a chunk of Softlayer's ip range.

The quick fix is easy, just remove that range from the /etc/apf/internals/reserved.networks file and restart, in the latest apf version, I don't know how many apf versions back this block goes.

The APF folks do a fantastic job in keeping APF up to date, but this seems to be recent update to this particular ip range that hasn't made it into APF yet.

View 5 Replies View Related

Byethost Blocks User Agents

Mar 18, 2009

Does any one else use the free hosting byethost and have problems with them blocking user agents like googlebots and phpld site verification agents?

Otherwise their hosting is good but a huge drawback is that Google is blocked from accessing my site and I cannot get back links in many phpld directories because they cannot verify my site as their user agent is banned by the host.

If you upgrade to a paid account are these restrictions removed?

View 7 Replies View Related

Convenient Way To Host 20 Sites On 20 Different IP Blocks

Nov 22, 2008

What is the cheapest and easiest way to have say 20 different sites all on different IPs?
Just buy 20 different cheap hosting accounts?

Or can a reseller account or server add different IPs per site? And I mean a pretty big difference in IP not just last number.

All very small sites, about 3mbs space needed, and probably not even a gig of bandwidth a month.

View 4 Replies View Related

Jetty Server Blocks Safari

Jan 28, 2008

One of my friends has a web server that runs Jetty. And he's having issues with users using Safari getting blocked by Jetty through a login process. The result after attempting to login is a 404 error. That just says machine blocked and URI=

and then below powered Jetty://.

This only happens with Safari.. I was wondering if anyone had any ideas on what could be causing this or is familiar with Jetty?

View 1 Replies View Related

Email Issues With AOL Despite RDNS And No IP Blocks

Jan 25, 2008

This is an issue I've been having for a few months now and haven't been able to resolve yet with my data center, AOL support and the company who manages the server for me. My main reason for posting this is for a fresh set of eyes and to see if anyone else has had a similar problem in the past (and how they fixed it)

The issue is this:

I set up a dedicated server to host my web design clients a few months back and no one has been able to send to or receive mail from AOL addresses. I've gone through everything at the postmaster.aol.com site and have ensured that reverse DNS records are in place for all IPs associated with the server, as rDNS is a mandatory requirement for AOL.

Once my support requested was finally elevated to a real AOL support tech, they confirmed that my IP was not being blocked by their servers and are still under the impression that the problem must be on my end somewhere. Because this problem only occurs with AOL (we can send/receive with all other big providers - yahoo, hotmail, gmail, hush, etc), my server management team are fairly certain it must be an issue on AOL's side.

When sending mail from an AOL address, it bounces back with an error like so (real emails replaced with example addresses):

451 <email@exampledomain.com>... exampledomain.com: Name server timeout
Message could not be delivered for 2 hours
Message will be deleted from queue

When sending mail from my server, it bounces back with an error like so:

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

exampleaddress@aol.com
retry timeout exceeded

When attempting to manually deliver a message to AOL from the Mail Queue in WHM, I get an error like so:

Message xxx-example-number is not frozen
delivering xxx-example-number
Connecting to emr-d01.mx.aol.com [205.188.159.2]:25 ... failed: Connection timed out (timeout=5m)
LOG: MAIN
emr-d01.mx.aol.com [205.188.159.2] Connection timed out
Connecting to emr-m01.mx.aol.com [64.12.136.169]:25 ... failed: Connection timed out (timeout=5m)
LOG: MAIN
emr-m01.mx.aol.com [64.12.136.169] Connection timed out
LOG: MAIN
== example@postmaster.aol.com R=lookuphost T=remote_smtp defer (110): Connection timed out

When attempting a manual telnet test from my server to AOL's mail server at , it also times out with the following:

Trying 64.12.137.184 (connection timed out)
Trying 205.188.156.248 (connection timed out)
Trying 205.188.159.57 (connection timed out)

telnet: Unable to connect to remote host: Connection timed out

The AOL support tech explained that if my server IP were being blocked, it would return messages with a block error code instead of timing out. They suggested my firewall was blocking AOL's server....but both my data center and server management company said that isn't the case.

Because I can't duplicate this problem with anyone but AOL accounts, I don't know what else to troubleshoot or look for. I know AOL is notorious for blocking IPs and most email related problems are usually for lack of rDNS, but neither of those issues are the problem in this situation...so I don't know what else to try. My server management company (PSM) and AOL (once they finally elevated me to a real tech support person), have been very patient and helpful....but we still haven't been able to identify the problem and I feel incompetent for not being able to contribute on my own. I've researched for weeks and certainly understand more than I did, but still far less than they do.

AOL did direct me to a Windows Server troubleshooter relating to UDP packet size limitations with some firewalls that could cause MX query timeouts with AOL, Earthlink and Quest...but because I'm on an Apache server...I didn't know if that could be related at all to my issues (not to mention that I didn't even know what any of that meant until I went and looked up what a UDP packet actually was. I'm still not entirely sure I understand it). Even so, I did send the information to Platinum Server Management a short while ago, but haven't heard back yet.

Anyways.... in the meantime, I thought I'd check here in case anyone else had the same issue or saw something obvious we might not be considering.

My server details are as follows. I included my data center and management company details to illustrate that people far more qualified and intelligent than myself have performed the most common and obvious troubleshooters so far:

Pentium IV 2.8GHz /1GB DDRAM /120GB EIDE HDD
OS: CentOS 4.3
cPanel/WHM
Main Server IP: 66.79.163.138
Example Domain on the server: vedadesigns.net

Data Center: Dediwebhost.com (awesome service & fast support)
Initial Server Setup & Management: Platinum Server Management (I just can't say enough good things about these people)

View 5 Replies View Related

Firewall Blocks Server (or Eth0) Itself

Jun 1, 2007

I just uninstall apf and install csf firewall on 4 servers

There is a problem after that. 2 of the server actually was OFFLINE by 12 midnight sharp yesterday night. This is the second time (second day) it happens.
I went into the datacenter and

#ping yahoo.com
*Host not found*

#service csf stop
#ping yahoo.com
*Responding*

So how is this related to eth0 making my server offline by itself? Was it Iptable problem or Csf problem? or Kernel problem?

View 7 Replies View Related

Plesk 12.x / Linux :: Firewall Blocks Emails Every Day

Sep 14, 2014

I have a brand new and fresh installed server with:

Parallels Plesk v12.0.18
openSUSE 13.1

My Problem is, every day i have to click on activate in the settings of the firewall. Otherwise i have no Mail. The rest (Hosting, etc.) works fine.

No changes in the firewall settings where made, just a migration from my old server.

View 6 Replies View Related

Plesk 12.x / Linux :: Fail2ban Blocks Courierimap And Postfix For No Reason

Dec 3, 2014

we use CentOS Linux 7.0.1406 (Core) Plesk Version 12.0.18 Update #26 I got reports of several users on my system, and i can confirm this myself, that fail2ban is blocking courier imap and postfix connections when i try to connect to the Plesk Server with Outlook 2013 and theBat and the Apple Mac Mail Client.

I used the correct login information but fail2ban blocked the IPs for no obvious reason:

Code:

2014-12-03 12:46:57,908 fail2ban.actions[920]: WARNING [plesk-postfix] Ban 82.134.94.102
2014-12-03 12:46:58,049 fail2ban.actions[920]: WARNING [plesk-courierimap] Ban 82.134.94.102
I disabled the two jails now and it works perfectly. But why is fail2ban blocking valid requests ? I tried it myself and i did not enter a wrong password or something. MaxRetry is 5 so this should not be a problem. The problem is not affecting all users but just a few. However all of them are using correct credentials so i dont understand why they are being blocked at all.

View 1 Replies View Related

Is This Normal In Tmp

Apr 9, 2007

I found these strange random name files on the tmp anyone know what are they and are that normal?

4Hq7Xb Dbrfns lost+found MGlWaF p6w849 PP5uVI SoArWn spamd_light.sock ToL3Ah Vt0ICH xEgXsU zVLVDa
AGs49w fcKNmJ LyC11q O3VQwM pAD0WL psa spamd_full.sock tLnzRx tXqqGI x7uxxo XuFzJl

View 5 Replies View Related

SSL On Normal Site ?

Jan 2, 2008

I had a client ask me earlier if there was any downsides to having his main site be SSL only ,not his billing his actual site.

For exmaple it would be https://www.yoursite.com rather than the normal http and having that redirect to the https.

Obviously he would need all his images being linked to https in order for it to be secure but apart from that, I couldn't think of any of the top of my head, I was wondering what you guys all thought.

View 3 Replies View Related

Is This Ram Usage Normal

Jun 27, 2009

I just uploaded a wordpress site and it already used up 300mb ram. The site receives very little traffic so I doubt the traffic is the cause of the ram usage. Is this normal? my control panel is webmin

Code:
ID Owner Size Command
17691 mysql 129620 kB /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-f ...
13799 named 70392 kB /usr/sbin/named -u named
14329 apache 44176 kB /usr/sbin/httpd
28588 apache 41028 kB /usr/sbin/httpd
7812 apache 38016 kB /usr/sbin/httpd
23719 apache 37416 kB /usr/sbin/httpd
23825 apache 36800 kB /usr/sbin/httpd
19656 root 24224 kB /usr/sbin/httpd
23973 root 12628 kB /usr/libexec/webmin/proc/index_size.cgi
23972 root 12232 kB /usr/libexec/webmin/blue-theme/left.cgi
19533 root 10776 kB /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/webmin/miniserv.conf
18376 root 9024 kB sendmail: accepting connections
18384 smmsp 8116 kB sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
17479 root 7120 kB /usr/sbin/sshd
32654 root 5568 kB /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2
32655 root 5568 kB /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2
32644 root 4396 kB crond
17631 root 3608 kB /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/my ...
32594 root 2716 kB xinetd -stayalive -pidfile /var/run/xinetd.pid
7794 nobody 2480 kB proftpd: (accepting connections)
11909 root 2144 kB /sbin/udevd -d
1 root 2060 kB init [3]
32556 root 1716 kB syslogd -m 0

View 13 Replies View Related

Normal Or Server Hdd

Jul 4, 2008

my server runs sata 2 but this is only consumer and recommended to use 7 hours per day while there is sata 2 server hdd type

which one should i pick?

i have this hard disk ST3500830AS

i want to get this instead but will that be necessary? will RE3 get a longer lifespan ST3500830AS

re3 [url]

And i dont plan to get raid

View 5 Replies View Related

Exim_mainlog Is This Normal

Dec 1, 2007

just reading my exim mainlog

there are soo many entries in there like activities every second

is this thing normal? does everyone get things like that?

2007-12-01 15:39:03 [24780] H=(acasa-wunxr966z) [89.137.206.241]:4505 I=[69.16.237.199]:25 F=<hurdlingm290@tulipjewelry.com> rejected RCPT <a$
2007-12-01 15:39:03 [24780] SMTP connection from (acasa-wunxr966z) [89.137.206.241]:4505 I=[69.16.237.199]:25 closed by DROP in ACL
2007-12-01 15:39:03 [24777] H=pool-71-178-230-135.washdc.fios.verizon.net (Wireless_Broadband_Router) [71.178.230.135]:4624 I=[69.16.237.199]$
2007-12-01 15:39:03 [24777] SMTP connection from pool-71-178-230-135.washdc.fios.verizon.net (Wireless_Broadband_Router) [71.178.230.135]:462$
2007-12-01 15:39:03 [24776] H=pool-71-178-230-135.washdc.fios.verizon.net (Wireless_Broadband_Router) [71.178.230.135]:4623 I=[69.16.237.199]$
2007-12-01 15:39:03 [24776] SMTP connection from pool-71-178-230-135.washdc.fios.verizon.net (Wireless_Broadband_Router) [71.178.230.135]:462$
2007-12-01 15:39:03 [1382] SMTP connection from [200.61.182.11]:55819 I=[69.16.237.199]:25 (TCP/IP connection count = 7)
GNU nano 1.2.4 File: exim_mainlog

2007-12-02 01:25:14 [17530] ident connection to 85.168.154.92 timed out
2007-12-02 01:25:15 [1382] SMTP connection from [75.82.171.71]:1614 I=[69.16.237.199]:25 (TCP/IP connection count = 9)
2007-12-02 01:25:16 [17527] H=adsl196-236-229-217-196.adsl196-16.iam.net.ma [196.217.229.236]:59900 I=[69.16.237.199]:25 F=<patti@myrealbox.c$
2007-12-02 01:25:16 [17527] SMTP connection from adsl196-236-229-217-196.adsl196-16.iam.net.ma [196.217.229.236]:59900 I=[69.16.237.199]:25 c$
2007-12-02 01:25:16 [17528] H=79.red-83-42-176.dynamicip.rima-tde.net [83.42.176.79]:29547 I=[69.16.237.199]:25 F=<mostafa.Brindel@bhcat.com>$
2007-12-02 01:25:16 [17528] SMTP connection from 79.red-83-42-176.dynamicip.rima-tde.net [83.42.176.79]:29547 I=[69.16.237.199]:25 closed by $
2007-12-02 01:25:16 [1382] SMTP connection from [79.120.55.8]:4202 I=[69.16.237.199]:25 (TCP/IP connection count = 8)
2007-12-02 01:25:17 [17531] ident connection to 75.82.171.71 timed out
2007-12-02 01:25:17 [17529] H=(cpe-76-91-84-170.socal.res.rr.com) [76.91.84.170]:4913 I=[69.16.237.199]:25 F=<occurrenceq@bhrugu.com> rejecte$
2007-12-02 01:25:17 [17529] SMTP connection from (cpe-76-91-84-170.socal.res.rr.com) [76.91.84.170]:4913 I=[69.16.237.199]:25 closed by DROP $
2007-12-02 01:25:17 [17530] H=m92.net85-168-154.noos.fr [85.168.154.92]:1310 I=[69.16.237.199]:25 F=<Eng-Mroz@ROWELLMANAGEMENT.COM> rejected $
2007-12-02 01:25:17 [17530] SMTP connection from m92.net85-168-154.noos.fr [85.168.154.92]:1310 I=[69.16.237.199]:25 closed by DROP in ACL
2007-12-02 01:25:18 [17531] H=cpe-75-82-171-71.socal.res.rr.com [75.82.171.71]:1614 I=[69.16.237.199]:25 F=<Kallio@jeunesfilles.org> rejected$
2007-12-02 01:25:18 [17531] SMTP connection from cpe-75-82-171-71.socal.res.rr.com [75.82.171.71]:1614 I=[69.16.237.199]:25 closed by DROP in$
2007-12-02 01:25:18 [1382] SMTP connection from [201.228.173.190]:48177 I=[69.16.237.199]:25 (TCP/IP connection count = 6)
2007-12-02 01:25:18 [1382] SMTP connection from [24.29.242.1]:1137 I=[69.16.237.199]:25 (TCP/IP connection count = 7)
2007-12-02 01:25:18 [1382] SMTP connection from [189.138.165.115]:3302 I=[69.16.237.199]:25 (TCP/IP connection count = 8)
2007-12-02 01:25:19 [17535] H=ppp1-139.ciscom.ru [79.120.55.8]:4202 I=[69.16.237.199]:25 F=<attorneylff8@torborg.com> rejected RCPT <azeer@mp$
2007-12-02 01:25:19 [17535] SMTP connection from ppp1-139.ciscom.ru [79.120.55.8]:4202 I=[69.16.237.199]:25 closed by DROP in ACL
2007-12-02 01:25:19 [1382] SMTP connection from [189.31.128.172]:52503 I=[69.16.237.199]:25 (TCP/IP connection count = 8)
2007-12-02 01:25:20 [17538] ident connection to 201.228.173.190 timed out
2007-12-02 01:25:20 [17538] no host name found for IP address 201.228.173.190
2007-12-02 01:25:20 [17538] list matching forced to fail: failed to find host name for 201.228.173.190
2007-12-02 01:25:20 [17539] ident connection to 24.29.242.1 timed out
2007-12-02 01:25:20 [17539] no IP address found for host cpe-24-29-242-1.neo.res.rr.com (during SMTP connection from [24.29.242.1]:1137 I=[69$
2007-12-02 01:25:20 [17539] list matching forced to fail: failed to find host name for 24.29.242.1
2007-12-02 01:25:20 [17540] ident connection to 189.138.165.115 timed out
2007-12-02 01:25:20 [17540] no IP address found for host dsl-189-138-165-115.prod-infinitum.com.mx (during SMTP connection from [189.138.165.$
2007-12-02 01:25:20 [17540] list matching forced to fail: failed to find host name for 189.138.165.115
2007-12-02 01:25:21 [17539] H=(cpe-24-29-242-1.neo.res.rr.com) [24.29.242.1]:1137 I=[69.16.237.199]:25 F=<lesley.Ervamaa@agustinbarreto.com> $
2007-12-02 01:25:21 [17539] SMTP connection from (cpe-24-29-242-1.neo.res.rr.com) [24.29.242.1]:1137 I=[69.16.237.199]:25 closed by DROP in A$
2007-12-02 01:25:21 [17541] ident connection to 189.31.128.172 timed out
2007-12-02 01:25:21 [17541] no host name found for IP address 189.31.128.172
2007-12-02 01:25:21 [17541] list matching forced to fail: failed to find host name for 189.31.128.172
2007-12-02 01:25:21 [17538] H=(201.228.173.190) [201.228.173.190]:48177 I=[69.16.237.199]:25 F=<thiam3@searchhound.com> rejected RCPT <larifi$
2007-12-02 01:25:21 [17538] SMTP connection from (201.228.173.190) [201.228.173.190]:48177 I=[69.16.237.199]:25 closed by DROP in ACL
2007-12-02 01:25:22 [1382] SMTP connection from [82.73.58.94]:1465 I=[69.16.237.199]:25 (TCP/IP connection count = 7)
2007-12-02 01:25:22 [17540] H=(dsl-189-138-165-115.prod-infinitum.com.mx) [189.138.165.115]:3302 I=[69.16.237.199]:25 F=<emasculateq@tulsavrp$
2007-12-02 01:25:22 [17540] SMTP connection from (dsl-189-138-165-115.prod-infinitum.com.mx) [189.138.165.115]:3302 I=[69.16.237.199]:25 clos$
2007-12-02 01:25:22 [1382] SMTP connection from [71.107.124.63]:1886 I=[69.16.237.199]:25 (TCP/IP connection count = 7)

View 3 Replies View Related

How Many Connections Per IP Is Normal

Mar 28, 2007

I plan on installing dos_evasive as it can temporarily kill/ban an IP that makes over X amount of connections.

I ran netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n, and this is what I got:

10 218.111.214.231
10 219.95.251.185
10 222.124.226.228
10 58.187.167.20
10 61.94.234.75
10 62.168.125.217
10 82.160.42.74
10 87.116.131.18
10 89.41.71.178
11 200.193.24.226
11 218.186.9.1
11 219.93.199.121
11 220.235.171.64
11 59.128.43.234
11 60.53.77.34
11 63.109.246.234
11 83.20.72.102
11 83.237.102.75
11 84.234.144.107
11 88.226.100.145
11 88.240.137.82
12 195.229.236.216
12 203.79.252.192
12 212.90.248.182
12 220.132.87.2
12 80.130.75.239
12 82.114.184.16
12 83.26.18.242
12 85.30.223.227
12 86.108.127.28
12 87.109.49.69
12 88.247.64.131
13 200.52.193.228
13 202.155.71.40
13 222.124.172.177
13 82.116.129.110
14 195.93.21.1
14 41.251.65.79
14 80.5.154.95
14 81.10.80.75
14 82.224.40.111
14 86.17.117.193
15 196.218.42.134
15 201.19.134.99
15 212.200.185.213
15 217.171.180.249
15 218.208.196.224
15 222.124.101.183
15 80.134.70.222
15 85.160.97.238
15 88.232.120.183
16 200.188.254.9
16 200.52.193.236
16 212.118.15.140
16 81.192.124.52
16 83.14.145.170
16 85.138.71.91
16 87.207.16.154
16 89.113.75.141
17 61.196.234.202
17 82.89.37.29
17 86.135.231.183
18 80.232.249.45
18 82.114.184.206
18 88.101.26.210
19 163.121.149.170
19 194.29.137.41
19 194.44.45.13
19 195.242.99.125
19 196.202.14.244
19 196.218.117.135
19 202.158.121.223
19 81.67.245.180
19 84.255.141.132
20 200.52.193.229
20 219.83.5.20
20 88.229.128.50
20 89.245.120.136
21 196.218.143.124
21 203.130.201.196
21 63.170.84.176
21 66.249.72.173
21 72.14.207.191
21 81.192.135.224
21 82.66.227.150
21 84.29.1.151
22 155.143.244.17
22 195.207.101.112
22 202.153.240.168
22 61.94.125.143
22 85.101.146.161
23 124.106.151.75
23 88.149.99.7
24 82.77.27.129
24 88.16.34.231
25 160.39.145.94
25 202.153.240.70
25 216.125.127.12
26 196.205.97.92
26 200.104.157.183
26 202.163.117.8
26 213.180.127.198
26 60.50.95.39
26 85.71.230.49
27 194.29.137.52
27 195.189.142.249
27 201.226.162.206
27 210.6.13.208
27 81.203.41.204
27 86.90.238.96
28 193.0.240.121
28 212.76.37.150
28 89.120.133.44
29 125.162.66.116
29 74.53.121.131
30 203.222.202.121
30 213.39.219.81
30 71.109.116.122
31 222.124.143.18
31 89.34.87.91
33 193.0.240.113
33 201.9.175.242
33 212.71.37.101
33 70.68.249.239
33 81.77.85.207
34 195.229.236.215
34 86.123.142.128
35 72.49.255.217
35 85.31.137.11
36 193.231.17.50
36 202.69.97.206
36 90.156.29.82
37 77.122.158.251
37 89.40.138.184
38 121.52.52.6
38 203.218.71.132
38 82.167.71.189
39 213.17.10.87
40 196.218.145.82
40 201.22.94.226
40 206.73.210.65
40 86.9.66.1
41 152.78.243.248
42 201.220.93.84
42 210.5.121.190
43 196.204.241.250
43 196.218.89.213
44 196.218.96.82
46 84.56.103.77
48 125.212.148.112
48 41.251.69.199
49 83.203.134.84
50 213.119.151.116
50 80.133.209.50
52 81.38.15.124
53 195.245.232.26
54 88.0.63.179
57 82.201.222.144
57 83.131.27.137
57 84.226.41.129
61 129.215.149.96
64 195.113.227.31
65 198.150.36.49
65 61.102.87.80
71 84.56.109.139
73 82.216.54.222
76 196.218.136.202
76 87.118.157.79
77 89.35.90.211
78 59.127.203.49
79 81.10.35.77
81 82.148.97.68
82 213.171.62.94
84 84.36.132.189
104 213.6.215.214
108 213.51.9.184
108 41.250.0.35
110 83.41.58.76
125 84.22.2.55
132 87.209.11.249
155 196.218.142.212
165 195.242.99.84
176 200.73.225.104
190 62.135.105.86
2946 195.242.99.102
server:/#

Does that look normal to you? Because I read somewhere that you should allow no more then 30 connections per IP. But most are taking much more then that.

View 8 Replies View Related

Normal VPS Load

Nov 26, 2007

the Normal VPS load,

As for mine is:
Server Load 0.35 (2 cpus)
Memory Used 57.5 %
Swap Used 0.00 %
Disk /dev/simfs (/) 27 %

Also I am not getting why the swap on VPS is not used at all...

View 6 Replies View Related

VPS Resources - Normal Or Not

Jun 7, 2007

We've just started to use a VPS, and so far no problems I've been looking at the resources and they seem a little high considering it's pretty much out of the box, and I've only setup 4 sites which aren't even public yet. The only thing I've changed is the php.ini to increase the memory limit to 32mb. My main concern is that these sites don't suffer when they go live.

In the Plesk control panel the memory says:
3.8 GB of 3.8 GB used; 47.1 MB available
The 47.1mb is pretty much average, although I've seen it go as low as 115mb.

In Virtuozzo the system usage (resource: capacity) is usually around 60-75%

Both of these seem a little high, but I'm not sure if these readings are for the whole physical server, or just my portion of it.

Also in the (Virtuozzo) QoS alerts I've had quite a few Yellow zone, black zone and one red zone reports, at around 5am - quite possibly the quietest time on a server which isn't hosting any live sites yet. These have both been on the numproc and the privvmpages services (the red zone was one the privvmpages). Is there anything I should be looking at or is this fairly normal operation for a VPS? I have nightly backups scheduled for around 1am. These were originally set for 4am, but reports were showing that they were running out of memory, so I’ve now staggered the times of these to see if that helps. I've haven't changed anything resource-wise other than the php, so I thought it would be good to go from the start, but maybe it needs some fine tuning.

View 7 Replies View Related

Reboots It Like A Normal Cpu

Feb 8, 2007

i type in reboot in my root. does it break it or just reboots it like a normal cpu?

View 4 Replies View Related

Creating Daily Backups

Mar 30, 2009

I want to set up my server (a linux dedicated server) to automatically create daily backups of the pop3, mysql, & webfiles. I want it to go to a server which i have purchased with the exact same specifications.

I am not very good at unix command line/scripting. So what I need is for someone to help me define the backup strategy, select the scripts, and tell me of how to make sure backup server is secure.

View 7 Replies View Related

Apache Crashes Daily

Apr 21, 2009

I am running a dedicated server.

My apache crashes daily and I am investigating the cause of it.

I have found this strange message in my apache error_log....

View 12 Replies View Related

Daily Attack From The Same Network

Apr 8, 2009

Our website is receiving a daily attack from a french network called Neuf Cegetel. The IP is different each day but the network is always the same. The attack is daily and during several hours.

The website does not use ajax (the request is an ajax request) and there is no URL /0_0?_=... But the attacker use a random URL similar to this /0_0?_=1238873869634. Since the URL is always different the page is not cached so it is compressed by mod_deflate and therefore the attack is more harmful. The User-Agent and the cookies changes quite a lot but it is always an ajax request. Taking in account that it is the only ajax request in the server that would be the easily way to stop it. But it seems that when we try to stop the attack, the attacker try another way, what makes me think that the attack is voluntary (not a virus nor something like that).

Since it seems that the attacker can be easily found it (we are a Spanish website and the attacker comes always from the same French network), should we report this? If it were a virus in a remote server, the solution maybe is just to contact the abuse department of the network but if it is voluntary I think that we should discover who is behind the attack since it might be a company that want to bother us, a competitor or something like that. What do you think?

This is a very small copy of the logs containing a few examples:

Code:
4087 ReqStart c XX.XXX.42.189 52592 517548693
4087 RxRequest c GET
4087 RxURL c /0_0?_=1238873869634
4087 RxProtocol c HTTP/1.1
4087 RxHeader c x-requested-with: XMLHttpRequest
4087 RxHeader c Accept-Language: fr
4087 RxHeader c Referer: http://thewebsite.com/
4087 RxHeader c Accept: application/xml, text/xml, */*
4087 RxHeader c x-requested-handler: ajax
4087 RxHeader c UA-CPU: x86
4087 RxHeader c Accept-Encoding: gzip, deflate
4087 RxHeader c User-Agent: Mozilla/4.0 (compatible; MSIE 7.0;
Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET
CLR 3.5.30729; .NET CLR 3.0.30618; FDM; OfficeLiveConnector.1.3;
OfficeLivePatch.0.0)
4087 RxHeader c Host: thewebsite.com
4087 RxHeader c Connection: Keep-Alive
4087 RxHeader c Cookie:
__utma=9819446.1354119376.1238785835.1238785835.1238865537.2;
__utmz=9819446.1238865537.2.2.utmccn=(organic)|utmcsr=msn|utmctr=thewebsite|utmcmd=organic;
__utmc=9819446; /=
4087 VCL_call c recv lookup
4087 VCL_call c hash hash
4087 VCL_call c miss fetch
4087 Backend c 3052 default default
4087 ObjProtocol c HTTP/1.1
4087 ObjStatus c 404
4087 ObjResponse c Not Found
4087 ObjHeader c Date: Sat, 04 Apr 2009 19:37:47 GMT
4087 ObjHeader c Server: Apache/2.2.3 (CentOS)
4087 ObjHeader c Vary: Accept-Encoding
4087 ObjHeader c Content-Encoding: gzip
4087 ObjHeader c Content-Type: text/html; charset=iso-8859-1
4087 TTL c 517548693 RFC 120 1238873867 0 0 0 0
4087 VCL_call c fetch
4087 TTL c 517548693 VCL 3600 1238873868
4087 VCL_return c deliver
4087 Length c 235
4087 VCL_call c deliver deliver
4087 TxProtocol c HTTP/1.1
4087 TxStatus c 404
4087 TxResponse c Not Found
4087 TxHeader c Server: Apache/2.2.3 (CentOS)
4087 TxHeader c Vary: Accept-Encoding
4087 TxHeader c Content-Encoding: gzip
4087 TxHeader c Content-Type: text/html; charset=iso-8859-1
4087 TxHeader c Content-Length: 235
4087 TxHeader c cache-control: max-age = 300
4087 TxHeader c Date: Sat, 04 Apr 2009 19:37:47 GMT
4087 TxHeader c X-Varnish: 517548693
4087 TxHeader c Via: 1.1 varnish
4087 TxHeader c Connection: keep-alive
4087 TxHeader c age: 0
4087 ReqEnd c 517548693 1238873867.757586718
1238873867.758437872 0.936849117 0.000804424 0.000046730

View 6 Replies View Related

HostV Daily Load

Aug 27, 2008

customer of HostV's VPS hosting, and for the past 3 days, at almost exactly 01:20 GMT, CPU load jumps from an average of about 0.10 to 2.5+, stays there for over an hour, then drops back down.

During this time, there are NO processes on my virtual server using any significant amount of CPU time, memory, or IO. No cron jobs are running on my server, etc.

Note the output from 'uptime' below (I was monitoring it waiting for the problem to occur, which it did at exactly the time I expected):

00:32:05 up 22:01, 2 users, load average: 0.09, 0.11, 0.08
00:32:07 up 22:01, 2 users, load average: 0.08, 0.11, 0.08
01:09:49 up 22:39, 2 users, load average: 0.06, 0.03, 0.00
01:10:03 up 22:39, 2 users, load average: 0.05, 0.03, 0.00
01:19:26 up 22:48, 2 users, load average: 0.46, 0.16, 0.04
01:20:42 up 22:50, 2 users, load average: 1.53, 0.55, 0.18
01:21:39 up 22:51, 2 users, load average: 1.40, 0.67, 0.24
01:46:04 up 23:15, 2 users, load average: 3.06, 2.02, 1.52

Also note output from 'top', taken when load average was at 3.06 shown on the last line above:

Cpu(s): 0.1% us, 0.0% sy, 0.0% ni, 91.0% id, 9.0% wa, 0.0% hi, 0.0% si

My cpu usage is very low (0.1%) but wait time is at 9.0%, and I've seen this go as high as 70% during these times.

So, basically, there is a problem that exists on the host node somewhere that is causing my site to become effectively unresponsive (page load 20 seconds+ - measured), and it happens every single day at the same time.

So, why am I posting it here instead of logging a trouble ticket? I have logged a trouble ticket, but when I encountered the problem yesterday, despite logging it as "CRITICAL", I had to wait nearly 5 hours for a response, which effectively said not much beyond "we noticed the problem and fixed it and we're monitoring it". So I don't have a lot of faith that today's response will be any better.

I moved to HostV because of similar problems I was encountering with shared hosting, and was assured before signing up that the kind of problem I'm seeing doesn't happen. So now I'm outlaying more than 10 times the cost for almost exactly the same problems and a similarly unhelpful response to it.

By publicly posting the problem, I would hope that someone at HostV will ensure the problem is addressed PROPERLY, rather than bandaided again, and that hopefully we will all be able to see just how good HostV's support CAN be (as evidenced in another similar post).

I await HostV/Cirtex's response.

As shown in the uptime information about, server uptime is 23:15, because I rebooted the virtual server yesterday to see if that helped. It didn't. In fact, it took over 20 minutes for the server to come back up, which is why I'm not going to do it again.

View 14 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved