I've noticed on some rackmount servers and firewall appliances there are ports labelled console, and look like serial ports. Are these related to connecting to KVM? I am looking for a cheap appliance for some rackmount servers I have (1U half depth would be ideal), to remotely recover the server if it goes down. I figured they'd connect through PS2 connectors, but then I thought that if the console port was related, then going through that might have the option for power cycling or something.
I'm trying to knock a bug out of our new Hardy Heron Xen template. Basically when the old ones boot up /bin/sh is spawned on the console. Now with Hardy init has been replace with /etc/event.d handling.
So I've replace /etc/event.d/ttyS0 and ttyS1 (not sure which one is the console but I think ttyS0)
Code: # tty0 - shell
# This service maintains a getty on tty1 from the point the system is # started until it is shut down again.
start on stopped rc2 start on stopped rc3 start on stopped rc4 start on stopped rc5
stop on runlevel 0 stop on runlevel 1 stop on runlevel 6
I am upgrading my current colo'd server from a 1U dual core xeon with 2x500GB drives to a 2U core 2 quad with 8x750GB drives (raid5).So far I have ran into two issues. One is the rails are too large for the cabinets (problem #1 which I put in another thread). The only other problem is I am having problems with remote console on the new hardware.
It should be setup correctly since I basically rsync'd everything from the old server to the new one. The device is detected:
root@houkouonchi: 03:19 AM :~# dmesg | grep -i tty Command line: root=/dev/sda2 gpt pci=nomsi console=tty0 console=ttyS0,9600 notsc Kernel command line: root=/dev/sda2 gpt pci=nomsi console=tty0 console=ttyS0,9600 notsc console [tty0] enabled console [ttyS0] enabled serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A 00:05: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
But when I connect to the digi I am not getting any console output. I have tried a different serial -> Ethernet adapter and tried a different patch cable/port on the digi so I am pretty sure those are fine. The motherboard (nforce 650i chipset) didn't have an onboard serial port so I am using a port hooked up to a bracket which has a ribbon cable which connects to the motherboards COM port. I also tested another serial connector which the case has built in and both give me problems.
What type of cable/settings are needed to access the console port of a ProCurve 2626 J4900A? the recent one I ordered wasnt working with the regular way I access these switches.
I use a null modem (crossover) female-female serial console cable and connect it to my laptop serial port w/9600-8-1-None to access my ProCurve 2900 48G series.
But I tried using a straight/null/rollover(cisco's) and none of them worked. I also tried 9800-8-1-xoff/xon. All of them are giving me weird text when I press [ENTER] numerous times. I can access my 2900 series switches fine, no problem, just these 2626 ones I cant. My laptop can definitely detect the port cause when I disable it, I get a message on my terminal window which says "disconnected". So I am messing up somewhere.
By the way, I actually returned the switch when it came the first time because I thought they gave me a faulty one and I got another one, but it behaves the same way. But the actual switch functionality has no issues as I can assign my servers IPs and be able to access them remotely. I just cant configure the switch itself without the console port.
I was able to login from IPMI View just fine, and everything works as expected except "Text Console ". I was able to hit the start button and get the black screen on IPMI View, but that was just about it.
Only a cursor blinking without texts.
Is there something else that I should do in order to get text console working? I've tried all baud rates.
We have a windows 2003 machine that is currently responding properly to all services that it's running (including IIS and FTP), however RDP connections just close right away and the server isn't responding when a local keyboard & monitor is plugged in.
The last thing that I want to do is pull the power out while it's on - any ideas?
I tried a remote shutdown, but the response is: C:Users>shutdown /r /m HOSTNAME HOSTNAME: The entered computer name is not valid or remote shutdown is not supported on the target computer. Check the name and then try again or contact your system administrator.(53)
Since some days I have the strange issue that all logings from DrWeb is shown directly into the console. For example if I connect to my Server via SSH and then I sned an email to my email accoutn I see the logging of the spool.
root@************:~# 2015 Mar 25 16:44:57 * 127.0.0.1  /var/spool/drweb/spool/drweb.tmp.tWcneM - archive MAIL 2015 Mar 25 16:44:57 * 127.0.0.1  >/var/spool/drweb/spool/drweb.tmp.tWcneM/3.part - Ok 2015 Mar 25 16:44:57 * 127.0.0.1  >/var/spool/drweb/spool/drweb.tmp.tWcneM/4.part - Ok 2015 Mar 25 16:44:57 * 127.0.0.1  >/var/spool/drweb/spool/drweb.tmp.tWcneM/5.reexport - Ok 2015 Mar 25 16:44:57 * 127.0.0.1  /var/spool/drweb/spool/drweb.tmp.tWcneM - Ok
this happens in my root shell. if I disable the Email check then this will not happen anymore. another strange issue is that if I restart drweb and I have more than 1 ssh shell open I see the output of the restart on all shells, this issue is only for drweb not for any other service. How to config drweb to log only into logfile not to the console?
I search the web and the only thing I can find was
In the FreeBSD operating system, syslog service can intercept information output by Dr.Web Daemon to the console. In this case, the information is logged character-by-character. That occurs when the logging level is set to *.info in the syslog configuration file (syslog.conf).
i have setup fresh Centos 6.5 with Plesk Pannel 12.0.18. When i execute the attached command from the console, i get it work, some posts are auto created within wordpress. When i enter the attached command within Plesk (Tools / Settings - Taskmanager - root New Task, the command is not executed...
My server stop responding, I couldn't access via webmin or ssh, and DNS were not responding, so I have to ask for a reboot and now everything is fine.
Looking at the logs I found this:
Code: Jul 18 19:23:12 server sshd: Failed password for root from 220.127.116.11 port 56817 ssh2 Jul 18 19:23:12 server sshd: Failed password for root from 18.104.22.168 port 60227 ssh2 Jul 18 19:23:13 server sshd: Failed password for root from 22.214.171.124 port 38038 ssh2 Jul 18 19:23:15 server sshd: Failed password for root from 126.96.36.199 port 49884 ssh2 Jul 18 19:24:30 server sshd: Failed password for root from 188.8.131.52 port 37929 ssh2 Jul 18 19:25:06 server sshd: Did not receive identification string from 184.108.40.206 Jul 18 19:25:09 server sshd: Did not receive identification string from 220.127.116.11 Jul 18 19:25:14 server sshd: fatal: Timeout before authentication for UNKNOWN Jul 18 19:26:00 server sshd: Did not receive identification string from 18.104.22.168 And searching that IP on google I found it here: http://www.tcc.edu.tw/netbase/net/in...?fun=240&prd=3
And is flagged as a SSH Attack.
Any ideas why my server stopped working? and how to prevent it?
My site currently in prolong HTTP flood attack since 2 weeks ago. The attack was never stop and for this moment i could only mitigate the attack using my own firewall (hardware).
Since my ISP is not interested to help from upstream, even provide any mitigation services, i could only doing mitigation on my own source or using proxy services alternatively as well, but i've chose to tried on my own. I've tried once on one of well-known mitigation services out there but it seems not fully satisfied me since most of legitimate traffic is blocked from their source.
What i could do now is keep staying alive as well as will not going down on whatever situation becomes worst (but if the attack change to udp attack, i couldn't help myself coz there must be high incoming bandwidth into my network). My network is totaling 10MB last time but since this attack i've been forced to subscribe for 30MB in order to keep balance on the attack.
I've blocked all access except for my country and some other neighbours. If i change policy to allow all countries, the load of firewall will become max and after that hang will hang in less than a minute. I've done load balancing of 4 servers (8GB memory each one) and it seems the condition is getting under control with slight problem of server hang (memory shortage) and very limited keep alive connection.
Now what am i thinking is to buy a router objectively to null route incoming specific IP of countries so i can change my firewall policy to allow all connections as well as to help the firewall itself release its burden halting blocked IP that currently keep hitting itself that could might impact its performance.
Which brands of router is possible doing this thing?
Do you have some other suggestions instead of buying router?
i am just having one issue in one of my highly visited website hangibar.com, its being hosted in softlayer, we are facing synattack too much in this website.
the solution which microsoft given in their website related with tcp/ip registry entry but thing is same , some where and some connections become increases too much over tcp/ip. due to that reason website become very sticky and it stop functioning the execution of sql process, during this issue i have to restart the server to establish a fresh connection.
When i tried to view this http://gihkus.com/Lnx.txt it seems to be attack on my server. http://gihkus.com/Lnx.txt is not hosted by us. I have disabled perl support on all domains hosted on our server but still we are under attack. There is nothing special in /tmp.
Over the past day one of my servers has seen a huge rise in incomming traffic (from normal web requests to a constant 4Mbit/s, peaking upto 80Mbit/s). My outgoing traffic has remained at its normal profile, so I am pretty sure that these are not web requests, and it does not seem to be having an adverse effect on the server (the site still runs perfectly well and quick and load is still less than 1).
However, I am unsure as to how to identify what this traffic is? Are there any easy ways to tell on a FreeBSD server what the source and type of incomming traffic is? I have tried playing with netstat, but an not getting anything useful - I would like to see which ports are involved.
Am Really suffering here for ddos attack ( apache - pop3 ) every week my server under attack am using APF but now am really wanna get red from it am looking for a powerfull firewall I do not know if CSF Could stop this attack like limiting receiving SYN from an ip or any other policy another thing . i have get this rules from forums but am really weak at iptables rules so can any one help my if these rules useful or not . against Dos attack:
iptables -t nat -N syn-flood iptables -t nat -A syn-flood -m limit --limit 12/s --limit-burst 24 -j RETURN iptables -t nat -A syn-flood -j DROP iptables -t nat -A PREROUTING -i eth0 -d (dest ip) -p tcp --syn -j syn-flood
I have a windows server, and today it has a large inbound traffic, so I tried to disable all web service, and after that, the result of netstat -an shows no connection at all, but the server still has large inbound traffic,