Dealing With Strange File Names

Apr 30, 2007

I have a spider that is saving a few images files everyday on my servers. Due to the fact that the images are dynamically created the spider is not only saving them without an extention, but also using charachters from the link to create those file names.

I end up with:

.... and so on.

(there is no problems browsing those image files

What I need is to copy those files or move them to file names with an extention (png) for protection reasons.

I failed using cp, mv in doing so. it seams that the OS doesn't see those files as files.

That is how those files appear in ssh:

2&Y=0 ...

View 3 Replies


Strange PHP File On My VPS. (oxb.php)

Jul 16, 2009

I found a strange PHP file in a strange folder on a VPS I am using to host a few sites. I've looked through the logs but can't figure out how it got there and I've look at the code and can't make any sense of it. Can somebody take a look at the code and tell me what they think of it: .....

View 12 Replies View Related

Strange File Download

Jan 25, 2007

Users of my web site, running MD-Pro, a PostNuke (php-based) clone, suddenly started to report difficulties downloading files from the download module. We assumed it was the download module and spent ages diagnosing it, uploading fresh versions etc. After some time someone had the bright idea to see if the files could be downloaded direct (using the URLs) to eliminate the web application.

We found: Some users can download all files from the server with no problems.
Some users can download some files but not others.

So far as we can tell only MS Word files are affected, but not all.

The files on the server are not corrupted and there are no permissions issues

Disabling antivirus and firewalls locally makes no difference.

REloading fresh originals to the servedr does not help.

The host reports that no changes to the server have been made recently.

We have discovered that files in the web root are OK. The furhte down the directory structure they are, the less likely they are to download. Performance varies according to the browser in use. According to the host technical support, 'Firefox appears to be returning the data from its own cache. IE is only doing so for root. For the other places IE tries to download the file but stops receiving at exactly the same number of bytes from different locations.'

Using another server on a different host, the problem disappears so it must be due to the host setup in some way. Diagnosis is difficult because the host technical support can't reproduce it.

Platforms include Mac, Windows and Linux and browsers include IE7, Firefox and Safari.

One user with Mac isn't having problems, another with Mac is. All others reporting problems are on Windows. Users are at different locations, using different ISPs so it is unlikely there are common local problems.

The only common element I can see is that the ony files causing trouble are MS Word, though some of these do download OK

We have run out of ideas why this should be happening. How can some users have problems with the same files on the same server and others not?

What could have happened to cause this problem on a site that has been functioning correctly for several months on this server?

View 14 Replies View Related

Extract Domain Names From .txt File

Jan 9, 2008

a command to extract the domain names from the following .txt file. 59 01/09/2008 13:45 59 01/09/2008 13:45

i want to extact the domains and in another txt file.

View 7 Replies View Related

Hosts That Allow Spaces In File Names?

Apr 17, 2008

Are there any web hosts that allow spaces in file names?

I am building a web site using Adobe GoLive. It contains many photo galleries using Adobe Photoshop CS3 (Adobe Media Gallery). When I upload a test site to my domain hosted by Yahoo using SmartFTP, it is rejected because the file names of my photos contain spaces. See <> When I look at other photographers' sites, many use real world file names with spaces. I have inquired at two other large web hosts and they tell me that spaces will appear on their sites as "%20". My test site looks fine when previewed on my web browser with spaces. Their answer is to use underscores. Am I asking too much for a web host that allows file names in english?

View 8 Replies View Related

Kernel Segmentation Fault And Strange File Caching

May 31, 2009

we have little problem on our server - from some time it starts reporting some errors:

kernel: spamd[6479]: segfault at 9a16000 ip 467840ac sp bffe9b5c error 6 in[46713000+13e000]
kernel: webalizer[12318]: segfault at 81a80cc ip 080d9279 sp bff2f230 error 4 in webalizer[8048000+b2000]
kernel: spamd[6515]: segfault at 9cbb000 ip 467840ac sp bffe9b5c error 6 in[46713000+13e000]
kernel: pure-quotacheck[16285]: segfault at bf3c9ff8 ip 46769d76 sp bf3c9fec error 6 in[46713000+13e000]
kernel: php[14910]: segfault at bf727da0 ip 080b0edc sp bf727d30 error 6 in php[8048000+64d000]

errors appear 2-3 times every 10min and always in this 4 programs: webalizer, php, spamd, pure-quotacheck

and second thing there is problem with some file caching or sth - for example when we restarts named it reports:

/etc/named.conf:23564: open: /var/named/slaves/slaves.named.conf: file not found

file of course exist but funniest thing is when we remove this line from named.conf and tries restart it, error appear again, even when this line is empty in named.conf and there is no other include of this file
even after server restart (without this include in named.conf) it still reports this error

server config: C2Q Q9550, 8GB ram, 2x500GB in hw Raid1, Centos 5.3 32bit, cPanel
maybe someone have any idea what it could be, and what else we can check ?

View 0 Replies View Related

Proc List Only Shows "/usr/bin/php" - No More File Names

Jan 8, 2008

We use cpanel on our centos servers and we've updated our servers recently using easyapache to the latest php4 and mod_suphp and I've noticed that in top (running "top c" in shell) all php processes by any user are simply displayed as "/usr/bin/php"

Before this update the processes also showed the file name eg. "/usr/bin/php lamescript.php" which allowed to easily find troublesome scripts ... but now there's no way of knowing what the script in question is that's eating up 100% of the cpu .. or is there?

View 3 Replies View Related

Dealing With Bad Connections

Jun 20, 2008

I've had a problem a couple of times where there is a bad ftp connection to a host. A trace reveals that there is a node timing out. What is a good way to work around this. Web based ftp client or other solution?

View 0 Replies View Related

Dealing With Log Files

Jan 21, 2007

I have apache rotate the logs daily and keep them in the users home directory in /logs/, however; these logs pile up over time and I need to delete them by hand. What is the best way to automate deletion of these log files? For example, i'd like to delete the logs after 7 days of logging. Can I do this with newsystemlog or somethign similar? Or do I need a shell script?

View 2 Replies View Related

Dealing With Max_user_connections In SQL

Jun 13, 2007

I've had an issue come up recently that I haven't had to deal with before. I'm starting to get regular errors during peak traffic times saying that I have more then the max_user_connections allowed.

I tried setting this to a higher number using ini_set. Unfortunately my host overrides this. I've talked with the host and they cannot up the 15 user maximum.

I've been with this host a while and they have great support and really great service. I understand their need to limit this because it is a shared environment.

I'm wondering if there's anything I can do on my end to help avoid this problem.

Is the only option switching somewhere that lets me have more maximum connections? At the rate I'm going this problem will continue to grow, so it needs to be solved quickly.

View 4 Replies View Related

Dealing With A DDoS Attack

Feb 8, 2008

I've got CSF setup, but the problem is, I can't seem to keep the SYN Attack blocked without blocking all my legit hits.

View 5 Replies View Related

Dealing With A Persistent Hacker

Aug 25, 2007

I was checking my business server's IIS errors logs when I ran across the following error:

2007-05-19 08:21:10 2243 80 HTTP/1.1 GET

/ 400 - Hostname -

Additional information about the those responsible for the hack attempts are as follows

(retrieved from

CustName: ----------------(hidden by me)
Address: Private Address
City: Plano
StateProv: TX
PostalCode: 75075
Country: US
RegDate: 2005-08-27
Updated: 2005-08-27

Apparently this person was trying to use the dfind hacker tool to find vulnerabilities on my server. The IP address belongs to AT&T Yahoo; and I've already contacted them by email. I believe that subsequent hack attempts have originated from this IP, however, the IP address has been masked by the use of proxies. I think that this may be someone I know because the IP is only about an hours drive from me. I'm starting to suspect a disgruntled former client who has friends living where that IP's from.

Has anyone here had any similar experiences?

What do you think AT&T Yahoo's response will be?

Is there anything else I can do or should not do?

I am also considering reimaging my server because of system issues but I am concerned that would erase any information needed for investigative purposes. I have saved my log files, though, on a CD but I'm thinking that AT&T Yahoo or whoever investigates this needs the server as it is.

View 8 Replies View Related

Dealing With A Distributed Spam Attack (exim)

May 16, 2007

We've been seeing sluggish performance on our mail gateways, and so I started doing some digging in the logs. It looks like we are filling up with messages like:

2007-05-16 12:22:16 Connection from [xx.xx.xx.xx] refused: too many connections

We have our max connections set to 20 (total, not host-specific) in exim4. So I started tailing the logs, and sure enough, we are getting bombarded with requests to coming from all over the map. The requests are getting denied of course, but that doesn't help the connection issue since they are consuming all of them, preventing real mail (for the most part) from getting through.

What is the proper way to deal with something like this? I could certainly just up the max connections value from 20 to 40 or 50 or whatever, but I'm not sure what kind of performance impact that will have on the rest of the traffic going through our gateways.

Since the spam attempts are coming from all over the place, it doesn't seem like I can just firewall out a few addresses and be done with it.

This particular rack is a cluster of web and database servers behind two gateway boxes, which handle the mail traffic (so this problem is on the gateways, the actual mail server itself sits behind the gateways and never actually sees these fake emails).

View 1 Replies View Related

Dealing With ThePlanet Sales Staff Is Like A Trip To The Dentist

Apr 17, 2008

I've been pretty happy with my servers with theplanet/ev1servers for the past, err, 5 years. But the OSes were out of date and it seemed like I could stand to get some significantly improved hardware for what I'm paying now (or, comparable hardware for a lot less).

I put in a RFQ from ThePlanet to see what I could do as far as upgrading my current server, hoping for something a little better than buying a new server while the old one is up and moving everything over, and also hopefully avoiding re-paying a one-time fee I had for a secondary hard drive.

Now I have no problem whatsoever with the result -- that my only option is to buy a new server, they won't migrate my HDs, and they won't upgrade my current server, and they won't give me any kind of credit for the second hard drive or let me transfer it to a new server. I get where they're coming form, even though it might make sense to figure out something a little better for a customer of 5 years that's dropped about $25k over that time period.

The problem is their sales staff. I'm surprised that theplanet (at least theplanet I remember from when I signed up) would have sales people so apathetic and basically useless.

Getting information I requested in my initial ticket took back-and-forth with a sales rep over the span of over 24 hours (and I still haven't really gotten an answer on one part, about my secondary hard drive). Actually looking at the ticket now, the initial response was over 24 hours after I opened a ticket (and it was opened during working hours).

Heck, the first two responses didn't even include a price for the hardware he wanted me to buy, just if I wanted to proceed and buy it.

Figuring it beats waiting I did one of their instant chats and before answering my questions I was told to be sure to give the guy credit for the servers I order. In fact, him telling me his contact information and to choose him were the only complete sentences I got, and roughly 80% of the communication I received.

I haven't needed support on my server recently, so I can't speak to if this is the quality of their support department now. I don't think I'll be around to find out though.

(Executive summary: Hello SoftLayer!)

View 5 Replies View Related

Plesk 12.x / Linux :: Deny User Upload File Via File Manager Or Hidden File Tab?

Feb 10, 2015

I'm build Plesk Panel for Linux and Presence Builder, I don't want my user can upload their website to hosting via File Manager. How can I do it...

View 2 Replies View Related

Strange Bot

Jul 4, 2007

I don't quite know what to make of this, but I am getting hits to my search pages with the following:


There are multiple occurrences of this at any one time, and the interesting thing is that it appears to be spoofing the source IP addresses - most are all different with few exceptions.

Has anyone else seen this and know of a solution? Normally I would simply use IP deny but given the addresses appear to be spoofed and too numerous it would be futile.. I thought if I programmed OSC to quit if it matched the keywords might be a decent solution, but so far I haven't had any luck

I searched google and this forum to see if I could find out anything with no luck at all, so I'm guessing this
is fairly new.

View 2 Replies View Related

Strange RAM Status

Aug 22, 2008

This month I just pruchase dedicated server, spec are AMD X2 with 1GB RAM.

On ssh, the memory result is:
root@server1 [~]# free -m
total used free shared buffers cached
Mem: 883 836 47 0 163 397
-/+ buffers/cache: 275 608
Swap: 2047 0 2047

My question:

1. Why the total ram just 883MB? I think it should 1024Mb?

2. The server still empty, but why I see the total used memory is 836Mb?

I only have experience with cpanel vps and when my server empty it only use around 200MB RAM and around 400MB ram usage when my vps load with 30+ account.

View 10 Replies View Related

Strange Network

Jun 23, 2007

A couple of days ago I came across site (it's a simple ping test site).

I tested my site (IP: with it, and got bad results like this one:


Santa Clara, U.S.A. Packets lost (20%) 50.6 51.9 52.8
Florida, U.S.A. Packets lost (80%) 45.6 45.6 45.7
Vancouver, Canada Packets lost (80%) 56.5 56.6 56.7
New York, U.S.A. Packets lost (20%) 50.7 57.2 61.5
Austin, U.S.A. Packets lost (60%) 9.5 9.6 9.9
Austin, U.S.A. Packets lost (90%) 9.4 9.4 9.4
Amsterdam, Netherlands Packets lost (60%) 121.6 122.4 123.3
Amsterdam1, Netherlands Packets lost (60%) 121.5 123.6 125.6
London, United Kingdom Packets lost (90%) 111.4 111.4 111.4
Sydney, Australia Packets lost (90%) 200.2 200.2 200.2
Stockholm, Sweden Packets lost (20%) 144.7 147.7 148.3
Cologne, Germany Packets lost (80%) 133.3 135.6 137.8
Madrid, Spain Packets lost (70%) 150.7 150.8 151.0
Paris, France Packets lost (60%) 128.4 132.5 135.5
Hong Kong, China Packets lost (30%) 196.1 196.4 196.8
Munchen, Germany Packets lost (60%) 131.7 131.8 132.0
Krakw, Poland Packets lost (70%) 196.3 198.5 200.2
Cagliari, Italy Packets lost (40%) 154.9 155.3 156.3
Melbourne, Australia Packets lost (50%) 199.6 205.5 208.2
Singapore, Singapore Packets lost (70%) 257.4 260.3 262.5

I'm trying to figure out if this is a network problem or a problem with my server. I don't get it, because there are no lost ICMP packets when I ping another hosts from my server, or when I ping my server from home PC.

And here is what server4sale support wrote:


This is what we received from data center and will update you, when they get back to us.

"We apologize for the delay in responding to you. We are aware of an issue that involves our upstream provider, and we have opened a ticket with them to get the issue resolved ASAP. We have asked them to investigate this issue and attempt to isolate the cause. Once we have more information from them, we will update you here in this ticket.

In the meantime, if you note any changes (good or bad), please provide traceroutes BOTH "TO" your server, and "FROM" your server, as well as a 300 count ping summary. This request has been made by our upstream provider, as we will forward any additional pings and traceroutes we receive directly to them. Without the traceroutes both to and from the servers, the information will not be useful for their investigation.

We will provide you with updates thru this ticket as we receive information from our provider. If you have any additional questions, or need further assistance, feel free to contact us. We appreciate your patience, while we work with to resolve this issue."

Second message from support:


The data center has informed that they have not yet received an update from their upstream provider as they used to inform them after performing changes.

However, for better investigation and providing the results more precisely to their upstream provider they have asked you to provide the latest:


1) 300 ping results from your PC to server

2) Traceroute from your PC to Server and

3) Traceroute from Server to your PC

I'd really appreciate if you help me to get these results and isolate the problem.

IP of my server:

What's even stranger is that when I run a test over IP (a machine in the same SAVVIS data center, I guess), I get "All OK results":


Santa Clara, U.S.A. Okay 50.9 52.3 55.3
Florida, U.S.A. Okay 46.1 51.5 54.6
Vancouver, Canada Okay 56.1 56.7 57.1
Austin, U.S.A. Okay 9.7 9.9 10.2
New York, U.S.A. Okay 49.8 51.9 54.7
Austin, U.S.A. Okay 9.7 10.0 10.3
Amsterdam1, Netherlands Okay 122.0 123.6 127.8
Amsterdam, Netherlands Okay 121.2 123.4 127.5
Sydney, Australia Okay 204.1 205.2 208.6
Hong Kong, China Okay 203.6 204.5 206.1
Stockholm, Sweden Okay 144.8 147.7 149.7
Cologne, Germany Okay 133.0 135.0 137.5
London, United Kingdom Okay 118.5 121.7 124.7
Munchen, Germany Okay 136.7 139.0 140.5
Krakw, Poland Okay 192.3 195.9 205.8
Cagliari, Italy Okay 156.3 156.8 157.4
Paris, France Okay 123.0 124.5 127.7
Madrid, Spain Okay 158.8 161.5 164.5
Amsterdam3, Netherlands Okay 125.7 130.9 134.8
Singapore, Singapore Okay 255.3 256.7 259.2
Melbourne, Australia Okay 229.8 230.3 231.0

View 2 Replies View Related

Strange Port Connection

Dec 28, 2007

Im running RHEL 3, Apache and Cpanel. When I ran: "netstat an" I found this in the results:


If Im reading this right these two unprivileged ports are open and talking to my privileged http port 80. Does this seem right? Why would these two ports on my machine have a connection. All this attention was sparked by abnormal spikes in load. Now Im getting paranoid that something may be off even though Im clean when scanning for rootkits etc

View 3 Replies View Related

Strange Bandwidth Behaviour

May 26, 2009

I'm very new to dedicated hosting, but not to server admin in general, and have come across what seems to be to be a problem.

I'm based in the UK, and the dedi I went with is in the US, i have several VPS in the US, and I can download to them pretty consistently from a UK based server at around 5MB/s... this is on a VPS.

The dedi I signed up to lease has a 100Mb card, and a fairly well known provider, and yet the connection I get to the UK is terrible. It fluctuates wildly between 200KB/s and 5MB/s, seemingly at random, for example, downloading a 100MB file, i'll start at 500KB/s initally, and within a few seconds it might be 3.5MB/s, this could then go either way, but i'll usually end up with an average of about 800KB/s - which really seems awfully slow.

The traceroutes appear fine, there's around 110ms on ping and that is consistant, and similar to the figure the VPS get.

I've been in touch with their support, and after trying the usual suspects - including swapping the NIC - they lost interest. I was actually very impressed with them up until this point so feel pretty let down.

Is this normal? I've honestly never seen a download vary so wildly in speed. Unfortunately i'm tied in on a 3 month contract otherwise i'd drop them in a heartbeat right now.

View 12 Replies View Related

Error_log - Strange Entries

Nov 4, 2009

All accounst in my dedicated server start to show a very strange error_log with the following entries:

[04-Nov-2009 21:28:51] PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20060613/php_interbase.dll' - /usr/local/lib/php/extensions/no-debug-non-zts-20060613/php_interbase.dll: cannot open shared object file: No such file or directory in Unknown on line 0 .....

Always when a php script is accessed, new entrie with this error above is created.

I dont understand because php script have not any relation with intebase or pgsql and my server have not this e db installed.

View 5 Replies View Related

Strange Browser Agent

May 10, 2009

i recently got multiple logs regarding this weird browser user agent,

Browser Agent:
XXX<? echo "w0000t"; ?>XXX

anyone have information regarding this?

View 3 Replies View Related

Strange Apache Prefork

Jun 2, 2008

I've got a few machines where Apache acts really strange and curious if anyone has any suggestions. I'd love to figure this out so it can actually be deployed to a larger amount of machines and not just test instances.

- Basic Information
Apache 2.2.8 (Tried a few 2.2 versions)
PHP 5.2.6
suPHP based

Prefork Based
- Once a day at a random time Apache fails a request from remote monitoring. It comes back within a minute however is is inaccessible for that time. It sometimes gets picked up by 5 minute monitoring on the machine itself and it restarts the service obviously.

- PHP scripts fail to be killed at times resulting in memory being used. They need to be killed in order to go away.

Worker Based
- Apache can stay up forever it does not fail any requests

- PHP scripts do not get killed at a more frequent basis than in prefork. You need to `kill -9 pid` in order to get rid of the php processes.

I read about very few issues with 2.2 so I'm quite confused by this.

View 5 Replies View Related

Strange HTTPD Permissions

Mar 12, 2008

I have an issue I've never seen before, and hope someone here can shed some light on this odd problem.

Just brought a new server online running Apache 2.2.3. The DocumentRoot was originally set to /var/www/html but I changed it to /home/[sitename]/public_html. I've done hundreds of Apache configs before and this one is no different.

Anyhow, here's the issue:

In SSH (logged in as root), if I create a file (let's just say I do a vi index2.php, enter "test" and save), when I try to go to pull the file in my browser, I get a 403 permission denied error. However, if I create the file in /var/www/html then move it to /home/[sitename]/public_html, the file comes up fine in a browser. Same goes for JPEG images. If I wget a JPG from another site directly into /home/[sitename]/public_html, get a 403 permission denied. If I wget it into /var/www/html then move it, it loads just fine.

It's important to note that the file permissions, owner, and the actual file itself are all identical. Both directories are chowned and chmodded identically.

View 1 Replies View Related

Strange Ioncube Loaders

Feb 12, 2008

I run WHMCS as my billing system for my company and everything is working fine, except piping emails to WHMCS.

The people I am hosting WHMCS with are running PHP 4.4.8 and so I have the loaders for 4.4 uploaded to my account. When I try to send an email to an address that is set to pipe to WHMCS I recieve the following:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

pipe to | /usr/local/bin/php -q /home/user/domains/
generated by
local delivery failed

The following text was generated during the delivery attempts:

------ pipe to | /usr/local/bin/php -q /home/user/domains/
generated by ------

Site error: the file <b>/home/user/domains/</b> requires the ionCube PHP Loader to be installed by the site administrator.

Now why would the script want when the site works fine?

The site can be found on [url]

View 5 Replies View Related

Strange Urls In 404 Logs

Aug 15, 2008

I just found hundreds of rubbish urls in awstats for a particular domain. Is this referrer spam or something more serious and can I do something about this?

I have attached a screenshot.

View 4 Replies View Related

Strange Characters After Migration

Nov 18, 2008

after i move this accounts from old server to new server it shows me confused characters . ...

View 12 Replies View Related

Strange Access Logs

Jun 3, 2008

Lately we have been getting log entries similar to the following from different IPs all over the US: - - [03/Jun/2008:18:12:36 -0500] "GET / HTTP/1.1" 200 6205 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)" - - [03/Jun/2008:18:12:37 -0500] "GET /scripts/javascript.js HTTP/1.1" 200 9153 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)" - - [03/Jun/2008:18:12:37 -0500] "GET /scripts/overlib.js HTTP/1.1" 200 50733 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)"

That is all there is to each hit.

Obviously, the default index.php file is being loaded and is calling the javascript files, but what we can't understand is why the CSS files and images are not being downloaded as well.

Any ideas on why this would be occurring?

Caching and text based browsing are unlikely scenarios due to the quantity and varied locations of the IPs.

View 0 Replies View Related

Strange Hostname- With Curl

Sep 25, 2008

I have one server with multiple websites hosted on it. It's powered with Cpanel / WHM.

When I run the command 'wget' from this server, I download a Cpanel / WHM landing page instead of the actual homepage from

I can successfully load in a browser. I can also run the 'wget' command from my local computer and download the correct homepage.

When I run this command from the server is hosted on, Apache returns the home page for the default virtual host for my IP address (ie. cpanel landing page). I encounter this same problem when using CURL or PHP Sockets.

I am behind a firewall. Could this be causing the issue? Does anyone have any ideas how I could fix this?

This is a big problem as I have websites that need to use a web service from a domain hosted on the same machine.

View 3 Replies View Related

APF Firewall Strange Restarts

Feb 20, 2008

Anyone is an expert for apf firewall here? I check my apf_log and saw it was automatically restarted every 12 hours. This is strange because the developer mode was disabled, and usually developer mode was only for 5 minutes and not for 12 hours.

Yes, the apf was restarted and function, but it's strange to see it restarted every 12 hours.

View 5 Replies View Related

Copyrights 2005-15, All rights reserved