Ever Seen An Attack From The Console
Aug 29, 2007Terrible
[url]
ADVERTISEMENT
Console Port
Jul 20, 2009I've noticed on some rackmount servers and firewall appliances there are ports labelled console, and look like serial ports. Are these related to connecting to KVM? I am looking for a cheap appliance for some rackmount servers I have (1U half depth would be ideal), to remotely recover the server if it goes down. I figured they'd connect through PS2 connectors, but then I thought that if the console port was related, then going through that might have the option for power cycling or something.
View 7 Replies View RelatedXen/Heron/Console
Aug 8, 2008I'm trying to knock a bug out of our new Hardy Heron Xen template. Basically when the old ones boot up /bin/sh is spawned on the console. Now with Hardy init has been replace with /etc/event.d handling.
So I've replace /etc/event.d/ttyS0 and ttyS1 (not sure which one is the console but I think ttyS0)
Code:
# tty0 - shell
# This service maintains a getty on tty1 from the point the system is
# started until it is shut down again.
start on stopped rc2
start on stopped rc3
start on stopped rc4
start on stopped rc5
stop on runlevel 0
stop on runlevel 1
stop on runlevel 6
exec /bin/bash
respawn
Web Based SSH Console
Jun 15, 2008Is there a good one around on the internet?
HyperVM has a nice one.
Errors In Command Console
Dec 8, 2008I see following error in comand console.
I know its firewall log, but how can disable show firewall logs in command console?
See: [url]
Linux Remote Console
May 31, 2008I am upgrading my current colo'd server from a 1U dual core xeon with 2x500GB drives to a 2U core 2 quad with 8x750GB drives (raid5).So far I have ran into two issues. One is the rails are too large for the cabinets (problem #1 which I put in another thread). The only other problem is I am having problems with remote console on the new hardware.
It should be setup correctly since I basically rsync'd everything from the old server to the new one. The device is detected:
root@houkouonchi: 03:19 AM :~# dmesg | grep -i tty
Command line: root=/dev/sda2 gpt pci=nomsi console=tty0 console=ttyS0,9600 notsc
Kernel command line: root=/dev/sda2 gpt pci=nomsi console=tty0 console=ttyS0,9600 notsc
console [tty0] enabled
console [ttyS0] enabled
serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
00:05: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
But when I connect to the digi I am not getting any console output. I have tried a different serial -> Ethernet adapter and tried a different patch cable/port on the digi so I am pretty sure those are fine. The motherboard (nforce 650i chipset) didn't have an onboard serial port so I am using a port hooked up to a bracket which has a ribbon cable which connects to the motherboards COM port. I also tested another serial connector which the case has built in and both give me problems.
Maybe the motherboard is just busted?
Change Hypervm Console
Jun 17, 2008How can change hypervm console user for a vps?
For example how can change persianwhoisvm@72.xxx.xxx.xx to microvm@72.xxx.xxx.xx
ProCurve 2626 Console Access
Jan 21, 2008What type of cable/settings are needed to access the console port of a ProCurve 2626 J4900A? the recent one I ordered wasnt working with the regular way I access these switches.
I use a null modem (crossover) female-female serial console cable and connect it to my laptop serial port w/9600-8-1-None to access my ProCurve 2900 48G series.
But I tried using a straight/null/rollover(cisco's) and none of them worked. I also tried 9800-8-1-xoff/xon. All of them are giving me weird text when I press [ENTER] numerous times. I can access my 2900 series switches fine, no problem, just these 2626 ones I cant. My laptop can definitely detect the port cause when I disable it, I get a message on my terminal window which says "disconnected". So I am messing up somewhere.
By the way, I actually returned the switch when it came the first time because I thought they gave me a faulty one and I got another one, but it behaves the same way. But the actual switch functionality has no issues as I can assign my servers IPs and be able to access them remotely. I just cant configure the switch itself without the console port.
Text Console Not Working -- Supermicro IPMI
Apr 9, 2008I have a SuperMicro server with AOC-SIM1U.
I was able to login from IPMI View just fine, and everything works as expected except
"Text Console ". I was able to hit the start button and get the black screen on IPMI View, but that was just about it.
Only a cursor blinking without texts.
Is there something else that I should do in order to get text console working? I've tried all baud rates.
Console Cable Pin Out For Extreme Networks Stuff
Jun 16, 2008if anybody know the cable pin out on making a console cable using those serial adapters?
View 1 Replies View RelatedWindows 2003 Server - IIS & FTP Up, But No RDP Or Physical Console
Jun 2, 2008We have a windows 2003 machine that is currently responding properly to all services that it's running (including IIS and FTP), however RDP connections just close right away and the server isn't responding when a local keyboard & monitor is plugged in.
The last thing that I want to do is pull the power out while it's on - any ideas?
I tried a remote shutdown, but the response is:
C:Users>shutdown /r /m HOSTNAME
HOSTNAME: The entered computer name is not valid or remote shutdown is not supported on the target computer. Check the name and then try again or contact your system administrator.(53)
Linux Console Program For Hardware Monitoring
Nov 3, 2007Anybody knows a good console app. for monitoring hardware as CPU temperature etc.?
View 4 Replies View RelatedOut Of Band Connectivity- IPMI- Serial Console- KVM Over IP
Sep 23, 2008When you can't access your server via SSH or Remote Desktop, what do you use to fix the problem without filing a ticket?
IPMI?
Serial console?
KVM over IP?
Dial up connection?
Backup network connection?
Get up and walk to the server? :-)
If you had a choice between them, what did you pick and why?
Does your dedicated server provider give it to you for free, or do you have to pay extra for it?
Plesk 12.x / Linux :: DRWeb Logging To Console
Mar 25, 2015Since some days I have the strange issue that all logings from DrWeb is shown directly into the console. For example if I connect to my Server via SSH and then I sned an email to my email accoutn I see the logging of the spool.
root@************:~# 2015 Mar 25 16:44:57 * 127.0.0.1 [13727] /var/spool/drweb/spool/drweb.tmp.tWcneM - archive MAIL
2015 Mar 25 16:44:57 * 127.0.0.1 [13727] >/var/spool/drweb/spool/drweb.tmp.tWcneM/3.part - Ok
2015 Mar 25 16:44:57 * 127.0.0.1 [13727] >/var/spool/drweb/spool/drweb.tmp.tWcneM/4.part - Ok
2015 Mar 25 16:44:57 * 127.0.0.1 [13727] >/var/spool/drweb/spool/drweb.tmp.tWcneM/5.reexport - Ok
2015 Mar 25 16:44:57 * 127.0.0.1 [13727] /var/spool/drweb/spool/drweb.tmp.tWcneM - Ok
this happens in my root shell. if I disable the Email check then this will not happen anymore. another strange issue is that if I restart drweb and I have more than 1 ssh shell open I see the output of the restart on all shells, this issue is only for drweb not for any other service. How to config drweb to log only into logfile not to the console?
I search the web and the only thing I can find was
[URL]
In the FreeBSD operating system, syslog service can intercept information output by Dr.Web Daemon to the console. In this case, the information is logged character-by-character. That occurs when the logging level is set to *.info in the syslog configuration file (syslog.conf).
Importing Data From Oracle Enterprise Manager Console
Jun 12, 2007how can I import a database dump from the Oracle Enterprise Manager 10g console? The Oracle is running on a Red Hat Linux Server.
View 0 Replies View RelatedPlesk 12.x / Linux :: Cron Job Working On Console But Not Automatic In Task Manager
Aug 19, 2014i have setup fresh Centos 6.5 with Plesk Pannel 12.0.18. When i execute the attached command from the console, i get it work, some posts are auto created within wordpress. When i enter the attached command within Plesk (Tools / Settings - Taskmanager - root New Task, the command is not executed...
/usr/bin/wget --post-data='id=4&minposts=1&maxposts=3' -O /dev/null http://www.mydomain.com/wp/wp-content/plugins/WPRobot3/cron.php?code=UNIQUEID
I tried also without /usr/bin at the beginning, but its not working with cron automatic
Is This A DOS Attack?
Mar 11, 2008Quote:
Mar 10 20:17:55 host kernel: printk: 102 messages suppressed.
Mar 10 20:17:56 host kernel: printk: 3 messages suppressed.
Mar 10 20:18:01 host kernel: printk: 98 messages suppressed.
Mar 10 20:18:35 host kernel: printk: 34 messages suppressed.
Mar 10 20:18:51 host kernel: printk: 189 messages suppressed.
Mar 10 20:18:56 host kernel: printk: 195 messages suppressed.
Mar 10 20:19:02 host kernel: printk: 249 messages suppressed.
Mar 10 20:19:06 host kernel: printk: 36 messages suppressed.
Mar 10 20:19:21 host kernel: printk: 3 messages suppressed.
Mar 10 20:19:26 host kernel: printk: 342 messages suppressed.
Mar 10 20:19:31 host kernel: printk: 509 messages suppressed.
Mar 10 20:19:47 host kernel: printk: 54 messages suppressed.
Mar 10 20:19:51 host kernel: printk: 421 messages suppressed.
Mar 10 20:19:56 host kernel: printk: 542 messages suppressed.
Mar 10 20:20:01 host kernel: printk: 785 messages suppressed.
Mar 10 20:20:16 host kernel: printk: 340 messages suppressed.
Mar 10 20:20:21 host kernel: printk: 337 messages suppressed.
Mar 10 20:20:26 host kernel: printk: 430 messages suppressed.
Or is this something else? It's been going on for about 40 minutes. I seen my load jump to 20, to 100 and back and fourth
Under Attack
May 24, 2009I'm sure that i have Trojans and Viruses on my Server but every time i contacted My Company they ask me to pay money and then they will check and scan my server
so is it any Free application which can scan and remove all bad files on my Server? i'm looking for free applications to scan the whole server
SSH Attack
Jul 18, 2009My server stop responding, I couldn't access via webmin or ssh, and DNS were not responding, so I have to ask for a reboot and now everything is fine.
Looking at the logs I found this:
Code:
Jul 18 19:23:12 server sshd[18484]: Failed password for root from 61.145.196.117 port 56817 ssh2
Jul 18 19:23:12 server sshd[18485]: Failed password for root from 61.145.196.117 port 60227 ssh2
Jul 18 19:23:13 server sshd[18488]: Failed password for root from 61.145.196.117 port 38038 ssh2
Jul 18 19:23:15 server sshd[18493]: Failed password for root from 61.145.196.117 port 49884 ssh2
Jul 18 19:24:30 server sshd[18497]: Failed password for root from 61.145.196.117 port 37929 ssh2
Jul 18 19:25:06 server sshd[18521]: Did not receive identification string from 61.145.196.117
Jul 18 19:25:09 server sshd[18508]: Did not receive identification string from 61.145.196.117
Jul 18 19:25:14 server sshd[18505]: fatal: Timeout before authentication for UNKNOWN
Jul 18 19:26:00 server sshd[18509]: Did not receive identification string from 61.145.196.117
And searching that IP on google I found it here: http://www.tcc.edu.tw/netbase/net/in...?fun=240&prd=3
And is flagged as a SSH Attack.
Any ideas why my server stopped working? and how to prevent it?
Im using CentOS 5.0
SYN Attack
Jun 11, 2009i found my site load slowly, the cpu load is good. I run this command
[root@host ~]# netstat -nap |grep SYN |wc -l
526
It's seem my server is having problem with SYN attack. Is there anyway to protect it ?
I'm running apache 2.
Under Attack
May 12, 2009My site currently in prolong HTTP flood attack since 2 weeks ago. The attack was never stop and for this moment i could only mitigate the attack using my own firewall (hardware).
Since my ISP is not interested to help from upstream, even provide any mitigation services, i could only doing mitigation on my own source or using proxy services alternatively as well, but i've chose to tried on my own. I've tried once on one of well-known mitigation services out there but it seems not fully satisfied me since most of legitimate traffic is blocked from their source.
What i could do now is keep staying alive as well as will not going down on whatever situation becomes worst (but if the attack change to udp attack, i couldn't help myself coz there must be high incoming bandwidth into my network). My network is totaling 10MB last time but since this attack i've been forced to subscribe for 30MB in order to keep balance on the attack.
I've blocked all access except for my country and some other neighbours. If i change policy to allow all countries, the load of firewall will become max and after that hang will hang in less than a minute. I've done load balancing of 4 servers (8GB memory each one) and it seems the condition is getting under control with slight problem of server hang (memory shortage) and very limited keep alive connection.
Now what am i thinking is to buy a router objectively to null route incoming specific IP of countries so i can change my firewall policy to allow all connections as well as to help the firewall itself release its burden halting blocked IP that currently keep hitting itself that could might impact its performance.
Which brands of router is possible doing this thing?
Do you have some other suggestions instead of buying router?
SYN Attack
Apr 12, 2008i am just having one issue in one of my highly visited website hangibar.com, its being hosted in softlayer, we are facing synattack too much in this website.
the solution which microsoft given in their website related with tcp/ip registry entry but thing is same , some where and some connections become increases too much over tcp/ip. due to that reason website become very sticky and it stop functioning the execution of sql process, during this issue i have to restart the server to establish a fresh connection.
Syn Attack
Dec 9, 2008im getting a syn attack and my vps getting overloaded what im doing is banning ip's that gets most connections
after banning server get normal but if there anyway to stop this post method
DOS Attack And APF
Oct 30, 2008My server is under dos attack (http) , I have installed APF firewall and ddos deflate. I configure them to work together.
now if any IP with more than 100 connections is black listed by dos deflate, I can see it in apf's deny_hosts.rules file.
everything seems correct, but my server still very slow.
the ip which is causing that has more than 1000 request and is blacklisted.
I Am Under Attack
May 15, 2007There are lot of perl process with 100% usage on server. When i tried to view error_log it shows following:
[root@local ~]# tail -f /var/log/httpd/error_log
=> `Lnx.txt'
Resolving gihkus.com... 208.98.48.116
Connecting to gihkus.com|208.98.48.116|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16,577 (16K) [text/plain]
0K .......... ...... 100% 316.78 KB/s
05:26:03 (316.78 KB/s) - `Lnx.txt' saved [16577/16577]
When i tried to view this http://gihkus.com/Lnx.txt it seems to be attack on my server. http://gihkus.com/Lnx.txt is not hosted by us. I have disabled perl support on all domains hosted on our server but still we are under attack. There is nothing special in /tmp.
Possible Attack
Jan 4, 2007Over the past day one of my servers has seen a huge rise in incomming traffic (from normal web requests to a constant 4Mbit/s, peaking upto 80Mbit/s). My outgoing traffic has remained at its normal profile, so I am pretty sure that these are not web requests, and it does not seem to be having an adverse effect on the server (the site still runs perfectly well and quick and load is still less than 1).
However, I am unsure as to how to identify what this traffic is? Are there any easy ways to tell on a FreeBSD server what the source and type of incomming traffic is? I have tried playing with netstat, but an not getting anything useful - I would like to see which ports are involved.
Dos Attack
Jul 15, 2007Am Really suffering here for ddos attack ( apache - pop3 ) every week my server under attack am using APF but now am really wanna get red from it am looking for a powerfull firewall I do not know if CSF Could stop this attack like limiting receiving SYN from an ip or any other policy another thing . i have get this rules from forums but am really weak at iptables rules so can any one help my if these rules useful or not . against Dos attack:
iptables -t nat -N syn-flood
iptables -t nat -A syn-flood -m limit --limit 12/s --limit-burst 24 -j RETURN
iptables -t nat -A syn-flood -j DROP
iptables -t nat -A PREROUTING -i eth0 -d (dest ip) -p tcp --syn -j syn-flood
DDOS Attack
May 29, 2009My server is using too many httpd process..I think iam under DDOs attack..I executed the following command..
netstat -an | grep :80 | sort
and the result is this
tcp 0 1491 ::ffff:95.211.10.169:80 ::ffff:213.215.100.110:2263 LAST_ACK
tcp 0 1493 ::ffff:95.211.10.169:80 ::ffff:85.207.126.231:52694 LAST_ACK
tcp ....
Is This A DDoS Attack?
Aug 4, 2009I have a windows server, and today it has a large inbound traffic, so I tried to disable all web service, and after that, the result of netstat -an shows no connection at all, but the server still has large inbound traffic,
Do you have any idea about this?
What should I do now?
DDOS Attack Help
Mar 19, 2008Our server is in attack since 4 days. Http port busy all the time.
When I type :
netstat -na | grep ":80" | awk '{print $5}' | cut -d. -f1-4 | cut -d: -f1 | sort -n| uniq -c | sort -n | tail -5
It shows :
[root@ ~]# netstat -na | grep ":80" | awk '{print $5}' | cut -d. -f1-4 | cut
-d: -f1 | sort -n| uniq -c | sort -n | tail -5
2 65.19.130.24
2 83.149.120.9
4 204.15.73.243
35 222.254.103.142
5128
[root@ ~]#
I wonder the hidden IP of 5128 ??? How to know it?
