SuperbHosting.net & Arvixe.com have generously
sponsored
dedicated servers and web hosting to ensure
a reliable and scalable dedicated hosting
solution for BigResource.com.
Issue With Cron - GET Command Not Found
after domain moved to new server we receive this email alert when cron job run (set under cpanel)
Apt-get Command Not Found
I have recently brought a VPS hosting package. At the moment I am going through the tutoritals on the net that I have researched before getting a VPS package to give me some understanding on what I need to do to securior the server and also how to install the software that I require.
For most of today, I have been trying to sort out a problem that I am currently having.
Of which is I am trying to sort out a part of the tutorial from a website that requires the use of apt commands.
But for every command I am getting the message back apt..... Command not found. I am currently using the ubuntu operating system. And through some research, I have got the feeling that I might have the bare installation done on my server to just make it work.
Would I be right, and with the bare installation apt commands wouldn't be installed?
If I am, how would I go about installing the Apt commands and anything else that I might require?
Delete Emails In Exim - Command Not Found
im trying to delete emails sent to dbmaster@example.com. there are about 2000 emails like that in exim email queue here's what i did:
Random Cron Job Command
I am running wordpress with wp O matic. I want to update my content after 24 hours (but different time each day). Bottom line is I want a cron command which randomly execute after 24 hours instead of a particular time.
For example currently wp o matic shows the following command the following command, would you please advice how i change the this command to achieve the above results (right now wordpress is running on my computer so following thing is just for example)
Cron Working But Command Isn't ?
I'm needing some info i have been pulling my hair out for hours trying to get some cronjobs lined up i started out with knowing nothing about it and i'm a little better off now i got the cron running but the commands aren't executing so maybe someone can help me figure out why i would greatly appreciate it
Here's The deal I telnetted in set the following crontab ...
Ipaliases Error :: /etc/init.d/ipaliases: Line 37: Cat: Command Not Found
root@server [~]# /etc/init.d/ipaliases start /etc/init.d/ipaliases: line 37: cat: command not found Not sure why that's happening, but 4 of 5 IPs are down and I cannot restart the network. Centos 4 / Cpanel The file is there in /etc/init.d/ -rwxr-xr-x 1 root root 2.6K Sep 26 21:54 ipaliases* Line 37 is case "$1" in
Command To Stop The Wget Command
Is there a command i can type into the ssh console to stop a current transfer that i started wit the wget command?
the file im wgeting always stuffs up at 51% but then the server just retries and starts again, its done it 3 times so far and i just want to completely cancle the process if possible....
New Malscripts Found
We were tasked with helping a website owner find all the malscripts on his site and remove them. He, like many, learned that his site was delivering malicious code with an email from Google.
This website owner had tried removing the code himself and yet his site was still blacklisted by Google. This was killing his sales as anyone visiting with Firefox as their browser, or Chrome, were greeted with a big warning:
This site may harm your computer.
After about a week of trying to rectify the problem himself, he contacted us.
He provided us FTP access to his site so we could tackle it.
After downloading his site (which literally took 3 hours) we started scanning. We grep'd for the word "base64_decode" and found over 228 php files all with the following malscript (spaces added to protect the innocent):
Rookit Found. What To Do Next?
For the first time after running a server for about a year I decided to buy a new server and in it I found out that there is a some sort of infection in it. What should I do next. The logs are attached in a n attachment.
Server Not Found
I cant visit my website! <snipped> everytime I go it says server not found. So I told some friends to go and they are able to see and visit <snipped> How is that possible?? They could and I cant? Yesterday same thing but then couple hours later it worked I could visit hmlegends.com but i didnt do anything and now today same thing server not found! i cleaned my history everything and still server not found!
So what I did is used a proxy <snipped> and then it worked!
But then I dont use a proxy SERVER NOT FOUND! Its like my IP cant reach hmlegends.com
I dont know how to solve this?!?? It just says server not found!
But it looks like everyone else could access it!
Anyways im using Firefox 2 but then maybe i thought it was my browser so switched to 3 so currently on firefox 3 and no its not its something with my IP cuz when i use proxy i could go to my site
but point is i dont wanna use proxy i wanna use my IP to go to hmlegends.com
Botnet Found
Our Security Technician found yesterday a 200 user botnet on a hidden IRC server and was able to quickly email the compromised systems information (just hostname) to our abuse email. So today i spent the last 2 hours sending emails off to web hosting companies, educational institutions and corporate companies telling them that their systems have been compromised, we regulary email out systems we have found compromised. The thing that stuns me is that most of the systems we found compromised on IRC are dedicated lines between 10MBPS to 1GBPS... I found a few hosting companies and will list them so they can be found by them:
lvps212-241-192-85.vps.webfusion.co.uk wp056.webpack.hosteurope.de wp097.webpack.hosteurope.de wp049.webpack.hosteurope.de wp055.webpack.hosteurope.de m2.wrango.com - Dedicated Server with NetworkSolutions server1.hostfree.com.br
Script Found
I just found a script on a customers account after some problems they were having, they mentioned injecting php code, that immediately threw up a red flag, when i took a look i found c99.php
I checked up and this seems to be the web equivalent of a rootkit.
Are there any legitimate reasons for this script? The customer is one of the strangest i've came accross because he had the lowest fraud score yet, used a Lady's name at signup/payment, yet calls himself Michael and seemed to do something with WHMcs security wise.. i dont want to post details as checks are still ongoing but it seems to be a problem with Language scripts and the customer was able to sign up on a monthly plan but Biannually... so no more invoices till 2009 ... strange, although wether innocently this was done or is a known security hole in WHMCS is not known yet.
Found Eggdrop
after a day of crappy performance from one of my VPS accounts, I decided to start digging, and found eggdrop, and couple of other not so nice files in my /tmp directory.
I panicked, of course, and removed all traces of anything I could find that was bad, so I've unfortunately got no way to see how it happened, as far as I know (but I'm far from a security expert)
I need your help in shutting the system down to users. This is an HTTP/SSH/SMTP/POP3/IMAP server.
Tell me what you need to know and I will do my best to get it to you. Basically I'm just frustrated that I've been on it for 3 hours now.....wasting time because some SOB was bored....
Server Down, Root Can't Be Found
I'll try to make this long story short, but this morning I logged into one of my servers and it showed a read-only filesystem, which I thought my server guys could fix easily. So I put in a ticket. 6 hours later, they tell me that they think the OS is corrupted and I need a new install. They give me KVM over IP so I can go in and 'do' things. I tried to log in as root and it wouldn't let me, so they finally booted in single mode and I can get in and such. When I try to su - root, it tells me that user root can't be found. I also tried to ftp into and out of the server with no luck. I really need this box back up. If not, I need to get all the accounts saved off so that I can build a new box. Everything is there, so I don't want to give up yet.
Error_log Files Nowhere To Be Found
When I was a customer at hostgator, whenever a terminating error within php was displayed it would log in the parent directory in a file called "error_log".
I want this to happen now on our dedicated server. I've looked at my local apache error log and it doesn't appear to show the same info as hostgator's setup showed.
Error Page Not Found
Im facing problem from last 48 hours when i try to access my site
www.yourdomain.com/forum
then it showing me error Page not found Not Found
The requested URL /forum was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
and when i checked this forum folder through shell and cpanel then its there and when i try to access it through [url] then its working fine does any of you know whats the problem was plz help me my site was already closed from 48 hours God Bless you
Here is the full story: I have setup a WDS server running DHCP, DNS, WINS and WDS services on it.
After I succesfully boot the network image I try to mount a network share located on this server running "net use * IPofServer"
At this monent I reiceve System Error 67 has occured. The network name cannot be found. I've tried "net use * NameOfServer" but still no luck. (net use z: or net use * don't matter in this case).
I though that since it could not resolve the name, I've installed a WINS server on the server but this client that I boot still cannot do the job.
Also not to forget the server is an Win 2k3 SP2 Active Directory one.
If I traceroute the server IP from the client it resolves the server name. nslookup doesn't work since the network booted image is WinPE 2.0 which is Vista.
I've looked closely on internet for a way to solve this but all the solutions that I've found failed to work though.
<Directory "/usr/local/apache/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all
</Directory>
And the error logs say..
[Sun Jan 20 18:09:56 2008] [error] [client xx.xx.xx.xx] File does not exist: /home/goewowc/public_html/404.shtml [Sun Jan 20 18:09:56 2008] [error] [client xx.xx.xx.xx] script not found or unable to stat: /usr/local/apache/cgi-bin/first.txt
The CGI-bin directory is chmodded correctly, the files are also chmodded and belong to the correct group
Found An IRC Bot On My Server
After going back and forth with the folks that are supposed to be managing my server they finally checked and found an irc bot. Here is their message:
I have found a irc bot running on your server. The binaries are located at /var/lib/texmf/.dat/. You can see the tar file which the hacker uploaded at /var/lib/texmf/. I have changed the permissions to 000 so that you can verify the files.
The user of the files are nobody. Hence it is clear that the files were uploaded via url injection using some vulnerable script under some domain. Unfortunately there are no helpful logs to find the exact domains and the vulnerable script. It is certain that the files were first uploaded to /tmp and then moved from there. You can see some similar hack files at /tmp/.dat, /tmp/var and /tmp/.dev12. Also the permission of /var/lib/texmf/ was 777.
You should update all your web softwares to latest version so that they will include latest security patches. Also I will recommend you to enable mod_security in your server to prevent further hacks.
Centos Grub.conf Not Found
I was tring to upgrade my kernel and after installing new kernel i tried to select kernel but i was unable to find grub.conf file ! /boot/grub/grub.conf
You can get it for 747 € ( plus VAT ) and it comes with 2 CPU cables. Each additional cable costs only 5.80 €. For 828 € you can manage 16 servers, 52 € per server.
How Do I Found Out What Script Is Sending Mail
My VPS keeps being blacklisted, I asked my provider to look into it, they say a script is sending mail, but they can't find out which one.
Found Email Address I Never Created
This is twice I have found email addresses on the web that I have never created. Both domain names are the new extensions and I purchased them the first day they become public. .biz the other is .US
One of the domains I never even created a web page until yesterday. And today I find a German site using my domain as an email address. One note on this, this domain name is extremely unique and related to certain German ideas or thoughts.
I am thinking someone at the server created them and used them for their personal use. Is this possible?
Not only that, but I have sent email to these addresses and there was no bounce back. No bounce back meaning these are valid email addresses?
Several potential security issues have been identified with cPanel software and Horde, a 3rd party bundled application. cPanel releases prior to 11.18.4 and 11.22.2 are susceptible to security issues, which range in severity from trivial to medium-critical. Along with the discovery of these potential issues, cPanel has released a new security tool to provide users with protection from XSRF attacks.
Quote:
All STABLE and RELEASE users are strongly urged to update to their respective 11.18.5 release. CURRENT and EDGE users should update to the latest 11.22.3 release. No releases are deemed susceptible to severe, critical or root access vulnerabilities.
i had install cpanel on Cent Os 5 on a VPS Cpanel Correctly Running but named does not working ! i try to restart named but it say : root@server [/etc]# service named restart Stopping named: [ OK ] Starting named: Error in named configuration: none:0: open: /etc/named.conf: file not found [FAILED]
Svchost.exe Found In C:WindowsDriver Directory
I have found svchost.exe file in a number of Windows 2003 and a Windows 2008 RC1 server. This file does not seem to be normal as it was found in the C:WindowsDriver directory. As far as I know, the svchost.exe file should be only in the C:WindowsSystem32 directory. Can anybody let me know what kind of virus/trojan is it and what can be done to remove this?
I Was Reading Through My Logs On My VPS Today And I Found
I was reading through my logs and came across about 100 attempts to login to my server via ssh. They were all blocked, but should I get these IPs blacklisted or what? I've already blocked em from the server, but should I try and blacklist them?
Sendmail | Name Server: 127.0.0.1: Host Not Found
I am running CentOS and everything is almost perfect, except when I try and send email via the sendmail smtp service the email gets bounced back with the following information:
The original message was received at Tue, 20 Mar 2007 15:27:26 -0700 from localhost.localdomain [127.0.0.1]
----- The following addresses had permanent fatal errors ----- <jkeller@<myrealdomaingoeshere>> (reason: 550 Host unknown)
----- Transcript of session follows ----- 550 5.1.2 <jkeller@<myrealdomaingoeshere>>... Host unknown (Name server: 127.0.0.1: host not found)
Multiple security vulnerabilities were discovered in hyperVM and Lxadmin/Kloxo. It is recommended that you update your hyperVM/Kloxo systems to the latest version, as soon as possible.
Details of the vulnerabilities will be posted in the coming days in our forum.
TRACKER
