Easing Concerns Of Sending Off Hardware
Mar 1, 2007
I have just finished testing with my HP DL380 G3 server and I have been looking at different companies / facilities to ship it off to for co-location.
How do you ease your own concerns of hardware failures on the server (aside from HDD which are easy to replace) when it is so far away.
I control a datacenter / networking environment for my company, so I have immediate access to any of our gear that breaks, but I will not be co-locating within our facility for obvious reason.
Are most people using left over Dell / Compaq / HP stuff or custom builds? I went with HP because of the built-in iLO capability to lessen the need for so much remote hands in the event of a reboot etc.
I guess the biggest thing that is worrying me right now is a catstrophic hardware failure such as motherboard / cpu. All others can be quickly fixed (HDD, RAM, etc), but with a motherboard / cpu failure, the extended downtime can be long while spare are ordered / shipped.
View 6 Replies
ADVERTISEMENT
Jan 7, 2009
I have some concerns with hosting an external URL. I have these two websites www.benchmarkportal.com and www.bmponlinestore.com and my question is, is it possible for www.bmponlinestore.com to launch if ever I click on www.benchmarkportal.com/store/ url with the url name unchanged meaning it wont change to www.bmponlinestore.com?
scenario:
step : when I click on www.benchmarkportal.com/store/
result: the contents of www.bmponlinestore.com shows up but without changing the url name(the url will still be www.benchmarkportal.com/store/)
View 9 Replies
View Related
May 8, 2007
I have been involved in the development of a complex PHP web applications that does very large amounts of processing, includes several files with thousands lines of code, does multiple and complex db queries etc. So far it has been running only on non-public development servers and has been surprisingly fast given what it does.
But I am concerned about what might happen when it is time for it to start running on a website with many users.
Is there a way to estimate in advance how serious that problem may be?
View 3 Replies
View Related
Jul 26, 2008
so let's get this all hashed out... it'll be interesting to see how people handle various situations.
Before responding, let's keep this thread signature free.
I recently came across an issue where a customer wanted to bring their own Microsoft products/licenses to the table. Got a few questions for the other providers out there... this really needs to be hashed out.
Microsoft is very strict when it comes to enforcing their license policies, we all know this much.
So... when a customer wants to install their own software, what do people do to help ensure that whatever agreement you have with your upstream provider or Microsoft isn't in voliation by allowing someone to bring their own licenses?
What steps do you take to ensure validity of said licenses?
How do you define, much less enforce, these guidelines?
What role, if any, should a provider play in doing their part to help stem illicit license abuse?
View 3 Replies
View Related
Nov 7, 2008
I am hosting IPTV ( internet TV ) which might have copyright issue.
how to host website without copyright concerns ( might be in china or russian )
View 2 Replies
View Related
Sep 14, 2007
I am concerned about securing a windows server without the use of a hardware firewall.
I have an idea as follows:
1) have a dedicated server running linux
2) run VMware Server edition on this linux box to host the windows 2003 server.
3) use iptables etc to secure the outer linux layer (only allowing required ports through to the windows box etc)
What does everyone think - is this a potential runner? am I overdoing things?
View 2 Replies
View Related
Oct 16, 2009
I'm starting to test out VPS panels and found vePortal 2. I purchased it and installed it. Now I'm checking some security, as we all know about the terrible result of HyperVM as everyone blindly used it because it was "pretty" but it was not secure.
Some serious concerns I'd like to share with vePortal 2.
1) It makes no backups of any of the files it modifies during install, or so I haven't seen any, like httpd.conf.... more of a pain than anything. There is no way to auto uninstall it either..
2) vePortal gives full root access to the Apache user, letting apache run any root commands!
They add this to your /etc/sudoers
apache ALL=(root) NOPASSWD:ALL
[root@nd11108 myadmin]# su -s /bin/sh apache -c "whoami"
apache
[root@nd11108 myadmin]# su -s /bin/sh apache -c "sudo whoami"
root
This is a root exploit waiting to happen. I asked them about this and got the response.
Quote:
It would be a security breach if a) apache was allowed SSHD Access, or b) the server was running scripts that havn't been marked secure, We have a very comprehensive team of beta testers including one of the largest providers around, They and their staff have not been able to break the security or integrity of the panel as of yet.
All panels in one way or another have root control over the system, for example they wouldnt be able to have a SSH Console without it, as only specified commands would work, we do have a list of the commands required by vePortal if you wish to limit it, but the console and the Shell Commander functions would stop working.
Regards,
Gavin H.
Chief Information Officer
That's funny I have been using the panel a few minutes and already found they've ignored the biggest security hole possible..
3) In 5 minutes I've found multiple XSS vulnerabilities in the admin area... Like search customers, I was able to generate JavaScript alerts in multiple fields....
4) It stores the MySQL root password in clear text in a .php file... yeah that's real secure. Why does it even operate under the MySQL root user, its using a single database....
5) I forgot to add, it doesn't recognize ANY OpenVZ Vps's you've created manually. It has no idea they exist and you cannot view them at all.
I'm sure I could dig deeper into the source code and find more but it's not worth it. Judging by what I found without actually trying to spend time on security I completely removed the product.
The panel does look nice but it sure gets a mark of insecure for me, I would advise others seriously look into the security of this new panel if you're considering using it.
View 14 Replies
View Related
Jul 29, 2008
Unlike earlier versions of Microsoft Windows Server, the 2008 version gives you a default logon screen that is very similar to Vista. Instead of the the interactive dialog box that prompts you for a username, password, and sometimes domain, users will find a “push button” screen displaying all users with login permissions. To log into an account all the users will now need to know is the password. This makes things much easier for hackers as the only thing they will now need to guess is the password.
There are a couple of ways to resolve this problem. First, the server administrator can set the local security policy to not display the last username and disable fast user switching. Second, in the System Remote Settings dialog, the remote desktop options can be set to allow computers with Remote Desktop that support Network Level Authentication.
Since the first method is covered in a few blogs, I’ll limit myself to discussing the second method. In the latest versions of Remote Desktop Connection client (version 2.0 for Mac and the version shipped with Windows Vista), Network Level Authentication is supported. This means users must send the username and password before Windows 2008 accepts the connection. Earlier versions of RDC (like the one found in many installations of Windows XP) don’t support NLA. So technically, users will only need to supply the IP or domain name of the remote Windows server, leave the username and password blank, and interact with the logon process that is provided at connection time. Windows 2008 servers that do not have the NLA option set for remote desktop connections are vulnerable since the interactive logon screen (post-connection) is displayed to users using earlier versions of RDC.
This last point may be of significance to service providers offering Windows 2008 dedicated servers. If the server is set up with default settings, the NLA option is disabled and new users will by default be made to change passwords on first logon. Users using new versions of RDC will not be able to logon because the initial password change sequence on first logon is not compatible with NLA. The server will return an incorrect password message to the RDC client even though the user has provided the correct username and password. The only way to establish first connection is thus to use a non-NLA supporting version of RDC so that the user can establish connections without supplying credentials and then going through the password change wizard during the initial login. But as mentioned, having NLA disabled on server side is not an ideal practice at this point.
So there are a couple ways to do this. The service provider should disable the “change password on next logon” option during the user creation process and get user to manually change the password after logon. Or alternatively, assist the client/user in changing passwords through the console internally.
View 0 Replies
View Related
Jun 19, 2007
I migrated a client from a Windows server to Linux and everything is fine except that mail sent to this client (say, example1.com) from a particular domain (say, example2.com) simply disappears and does not reach at all. Mail sent to that other domain (example2.com) from my new client (example1.com) is delivered correctly.
Incidentally, that other domain (example2.com) from which the mail is sent is with the hosting provider who was earlier providing services for my newly acquired client. Should I suspect anything? Or, is there a way to figure out what's happening?
I have MailScanner running on my VPS, but it isn't configured to filter at RBL level, only at Exim level, so I don't think this is the issue.
View 1 Replies
View Related
Jun 3, 2009
This is the qmail-send program at ultimatemedicalresearch.theplanet.host.
I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<abc@xyz.com>:
TLS connect failed: error:14077410SL routinesSL23_GET_SERVER_HELLOslv3 alert handshake failure; connected to <IP>.
I'm not going to try again; this message has been in the queue too long.
Executed the following commands as root on both servers (recipient and sender):
openssl s_client -connect [host]:993 returns OK both ways.
openssl s_client -connect [host]:995 returns OK both ways.
openssl s_client -connect [host]:465 very slow response. CONNECTED(00000003) appears then it waits for quite some time (>20s). Then it says: 30179:error:14077410SL routinesSL23_GET_SERVER_HELLOslv3 alert handshake failure23_clnt.c:578. This is shown only when I execute the command on server 1. Server 2 hangs also but returns the 220 message which is OK.
It is odd that the above commands return different certificates, not the ones that are set up on the servers. I am using Plesk, I have set up my certificates and assigned them to those IP addresses.
What could be done to make the mailing system between these two server to work ?
View 6 Replies
View Related
Jul 3, 2008
I have a problem with sending emails, previously could not send e-mails using port 25, but this is changing under the port 26. and now they are sent.
But probelma now is that when sending emails to gmail and hotmail arrive as SPAM. Yahoo definitely dont get
Similarly using webmail mail arrives as SPAM.
Someone knows how to fix this problem?
Or someone knows how to make the mail arrives well?
View 3 Replies
View Related
Sep 23, 2008
for a week now for some reason noone from my server can send emails or some going some times.i can receive correctly but i cant send.why might be the problem,what i must check.
View 6 Replies
View Related
Feb 13, 2007
someone is sending spam using my smtp on qmail. I have authentication on sending messages, but my host company is complaining about spam messages that are sending to numerous emails. is there any solution? or how to fix that...
View 3 Replies
View Related
Jan 22, 2007
I've managed to setup my cPanel box to allowed connections to port 995 for receiving POP email over an SSL connection.
However, I can't get sending to work.
My setup:
RHEL 4
cPanel 10.9.0 Stable
APF firewall
I allow outbound ports 25 and 26.
I'm not sure where to put them in APF to allow this.
Also - it won't work with the firewall off either.
This is the error I receive in OE:
Quote:
Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: 'mail.EDITED.com', Server: 'mail.EDITED.com', Protocol: SMTP, Port: 26, Secure(SSL): Yes, Error Number: 0x800CCC0F
View 3 Replies
View Related
Sep 17, 2007
I have been able to get my server to notify me fast enough so I can delete the account and all he messages sent by that user fast enough. Taking to long might result in getting blacklisted, etc..
So, my question is, how can I prevent something like this? Isn't there a way to completely disable mail for an account (cPanel server) so they can't send mail in the first place? Or, is there a way to somehow silently discard all the eMail sent by a user in a specific group?
View 14 Replies
View Related
Mar 29, 2007
We have a site with about 50,000 members.
Now we want to send newsletters to each of our site members.
If we use the normal "mail" command in PHP, it will create a heavy load for the server so that after sending the email, because of the heavy traffic which gets created on the server, the email will either not be send or it can take up to one week till it gets send out.
Is there any better and easier procedure or method for sending these types of emails?
View 1 Replies
View Related
May 10, 2007
Over the past few months I have noticed an increase in the number of people who state they have not received my emails. I decided to investigate this further and there appears to be a problem which backs these claims.
The server I am sending from has reverse DNS. I have checked on DNSstuff and spamcop and the IP is not on there. I have sent several emails to a test account I have on a different server which is running spam assassin, but the emails are not being received. There is no record of them in any spam folder either? I have sent emails to other account for example, AOL and they seem to receive them? Does anyone have any clue whatsoever is going on? Or possible areas I can further check?
View 2 Replies
View Related
Feb 13, 2009
I am looking at a VPS purely to outsource email sending to.
I curently use a cloud system - which is great - but they limit my email sending.
I need to send 25,000 a day and 10,000 during a one hour period.
Will any VPS allow this? Who?
Is this recommended.
View 14 Replies
View Related
Jun 5, 2009
one of our dedicate server which host only one website and use vbulletin.
we are unhappy about sending mail and it goes to spam box.
but we see that some website send many mail. for examle they have 1,000,000 user and send email to them every day.but their email send to inbox
what can we do about it?
View 14 Replies
View Related
May 21, 2009
I purchased a shared hosting with these guys. I transfer domain / Set up email accounts, ect. Everything is working flawlessly.
So, yesterday my boss was riding my ass because he said he couldn’t send email. I went over to his house, and he was right it wouldn’t send (his client is entourage). I verifier’s smtp settings, and it just wouldn’t send. I found the problem to be his SBC.
Of course he doesn’t believe that (still thinks the mailserver is the issue).
So to draw this to a close. is there any way to verify that an email is being sent.. such as a receipt that the 'message has been sent'? He's using entourage on the mac.
Also, what is you're normal procedure to troubleshoot smtp/pop issues?
View 3 Replies
View Related
Jan 11, 2009
I currently have a dedicated server, Linux, with 1 website on it that is sending spam.
At first I thought it was someone spoofing my email address, however when I check my servers Email queue I can see the spam emails in there being sent.
My problem is that I have contacted my server provider and support for the scripts I'm running and everyone is saying its the other persons fault. My server provider is saying everything is up to date and it must be a software exploit on one of my scripts, and the support team from my software is saying its not them that its the server.
View 1 Replies
View Related
Apr 4, 2009
i have a proeblem regarding my whmcs billing script. It is not sending any kind of emails (welcome emails or support ticket notification mails etc). i even looked in my spam folder of my personal gmail account, as well as other email accounts. The server can send out emails, but not WHMCS. Port 25 also, is not blocked on the server
View 13 Replies
View Related
Jul 23, 2008
a client get the following error message when he tries to send an attach of 13 mb with horde
Quote:
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 36859419 bytes) in /usr/local/cpanel/3rdparty/lib/php/Net/SMTP.php on line 836
and as far as i know: 36859419 < 134217728, so i dont know why it shows that error.
btw the memory limit in the php.ini is of 48 mb (quite a lot) so i dont know where else i have to look.
View 7 Replies
View Related
Mar 23, 2008
Does anyone has knowledge or tutorial that works for CDONTS or JMAIL?
I am unable to get them working
View 2 Replies
View Related
Mar 14, 2008
I run the website, [url]and am looking for a way to send newsletters to the members of the website.
There are currently over 53,000 registered members. We have tried emailing the database before using a variety of techniques but they are not all fool proof.
Is there any software you could recommend or would I have to use a 3rd party provider? If so, how much would this cost (to do a weekly or monthly mailshot).
The website is run on a core2duo E6750 with 4GB RAM and a 100mbps port - is this high end enough to support e-mailing this quantity of messages?
View 14 Replies
View Related
May 23, 2008
I was thinking if anyone knew a good VPS hosting company who would allow me to send out around 10.000 emails on a daily basis. I will ofcourse not break any state laws and all emails will include an opt-out option.
View 8 Replies
View Related
Feb 6, 2008
I've notice that LFD (from CSF) is not sending SSH Login notification anymore...
I've tried "mail root" and "mail <my email>", it's working.
I see the login line in /var/log/secure
Tried to tail exim_maillog and I did not saw it at all!
I've tried to restart CSF and also look at the configuration, SSH is still there...
I'm running CentOS 4.x with cPanel
Got any clue ?
I've got an other server, same configuration and he's still sending the notification.
View 3 Replies
View Related
Jan 6, 2008
i run vbulletin, and set it to send out confirmation e-mail after registration, but for some reason mail doesn't send out to the user it stay in mail queue for days after days until i delete it.
View 7 Replies
View Related
Jun 13, 2008
i Own an e-marketing company and i have about 600000 email account
i want a web hosting solutions ( VPS or dedicated server) for sending 25000 email every day
so what is the best cheap choice VPS or server or what do you thing
i will host only one domain name
View 1 Replies
View Related
Jul 25, 2008
my server is still effed up from the MPack attack that I received.
I just received the following email, does anyone know what this means or how it could be done? The client IP is mine, so some how my server is sending that request?
72.233.79.2 (malwarebytes.org) Server Log:
[Thu Jul 24 13:05:07 2008] [error] [client 72.55.184.144] mod_security:
Access denied with code 403. Pattern match ".../" at THE_REQUEST
[id "300006"] [rev "1"] [msg "Bogus Path denied"] [severity "CRITICAL"]
[hostname "www.malwarebytes.org"] [uri
"/errors.php?error=[url][unique_id "tNAGeH8AAAEAAEsfD7wAAAAO"]
[Thu Jul 24 13:05:07 2008] [error] [client 72.55.184.144] mod_security:
Access denied with code 403. Pattern match ".../" at THE_REQUEST
[id "300006"] [rev "1"] [msg "Bogus Path denied"] [severity "CRITICAL"]
[hostname "www.malwarebytes.org"] [uri
"/forums/errors.php?error=[url][unique_id
"tNAPAn8AAAEAAD7mqWQAAAAl"]
[url]is the RKHunter scan log
[url]is the ChkRootKit scan log.
I'm going through this thread right now:
[url]("How-to detect a possible intruder?") and I've come across a handful of hidden directories:
/home/mifbody/public_html/vbulletin/arcade/images/. /. /xh
/home/mifbody/public_html/vbulletin/arcade/images/. /. /xhide.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/convertxdccfile.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_admin.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_dccchat.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_display.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_main.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_md5.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_misc.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_statefile.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_transfer.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_upload.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_utilities.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/convertxdccfile.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_admin.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_config.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_dccchat.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_defines.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_display.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_globals.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_headers.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_main.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_md5.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_md5.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_misc.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_statefile.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_transfer.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_upload.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_utilities.c
I was able to successfully delete all the files, but how do I now get rid of the directories themselves? When I do:
rm -fr "/arcade/images/. /"
and then locate ". "
I still get:
/home/mifbody/public_html/vbulletin/adserver/banners/.
/home/mifbody/public_html/vbulletin/alice/src/admin/.
/home/mifbody/public_html/vbulletin/arcade/images/.
View 2 Replies
View Related
