Netstat & APF Cron Job
Oct 28, 2008Netstat & APF cron job ...
View 7 Replies
ADVERTISEMENT
Netstat -an Or -tln
Aug 9, 2008netstat -tln shows my port 80 is listening.
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
but netstat -an shows nothing about port 80
actually my web can not be accessed. it shows "Cannot find server or DNS Error " under Internet Explorer.
Netstat, Csf
Jun 11, 2007I am not shure if this is a configuration problem or it's bacause netstat has it's own way to display things.
Recently csf blocked an IP address for flooding.
My server ip address is something like 192.168.1.201.
The ip that csf blocked was 192.168.1.20.
That IP belongs to an other server that is not ours.
netstat was showing a lot of connections from 192.168.1.20 (the ip that is not ours) but the guys that manage the server with that ip (192.168.1.20) did not saw any connection from them to us. So I thought it's just a spoofed flood. But, the thing is I've blocked that ip and still connections were made.
My conclusion was that netstat was showing 192.168.1.20 "flooding" instead of 192.168.1.201. (the server was connectiong to itself).
iptraf also was showing the server was connecting to itself on the lo interface.
My questions are:
csf is based on netstat for tracking connections?
has anyone had ths type of problem before?
If netstat is showing something else isn't this a bad thing for all (a lot) the scripts that use netstat?
Netstat :: How To List IP Addresses?
May 19, 2009My site is under attack, when i run this command
[php]netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -[/php
it show
1 116.xxx
1 118.xxx
1 203.xx
1 222.xxx
1 Address
1 servers)
3 115.xxx
3 123.xxx
4 58.xxx
10 127.0.0.1
694
What 694 connections mean ? Why netstat don't list their IP ? How can i know which IP is attacking my site ?
SSH Command :: Netstat -alpn?
Dec 25, 2008what does the below command actually means I mean when we use it? and in which case it help us? and up to what value there is nothing to worry about? Waiting for detailed reply
netstat -alpn | grep :80 | awk '{print $4}' | cut -d: -f1 |sort |uniq -c
-bash: Netstat: Command Not Found
Apr 2, 2008i got a new sever and was looking at few thing.
just ran netstat and saw this -bash: netstat: command not found
how can i correct it?
Netstat Results Show 3 Ips In Same Location With Several Connections
Mar 13, 2008I'm new to server administration/security/troubleshooting, so I have included a lot of info here hoping it will help.
This started because a Linux VPS with CentOS and Exim crashed after only 3000 emails were sent (of 30000) total
I ran a netstat and several times I get three separate ips with the only difference being the last two digits and the port number:
86.104.230.29:59009
86.104.117.45:18065
89.37.137.157:41593
As far as I can tell they are from Romania, and there are several connections.
I have posted a lot of information below, if someone can take a look and give some ideas, it would be very much appreciated.
netstat:
Code:
tcp 0 0 mydomain.com:http 86.104.117.98:34060 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.82:59022 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.219:52276 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.163:25383 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.154:20794 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.235:39094 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.127:61711 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.127:5748 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.37:63424 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.228:54121 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.226:39605 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.91:6446 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.10:54841 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.100:22842 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.118:32674 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.80:16559 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.64:47817 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.136:21718 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.246:37288 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.28:62119 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.190:4468 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.8:25247 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.100:35503 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.199:20896 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.237:saft SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.199:47952 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.118:60561 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.181:10844 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.125:50584 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.253:17855 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.10:25740 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.109:29528 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.62:47349 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.55:4614 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.226:22001 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.163:11790 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.44:8911 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.46:telnets SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.190:27377 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.181:34031 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.19:41722 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.100:57151 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.145:61402 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.53:52461 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.26:42463 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.217:35530 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.35:63414 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.154:56638 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.26:43972 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.172:6922 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.17:3683 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.210:2397 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.46:18754 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.244:4032 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.235:8602 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.82:39495 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.19:28848 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.163:47624 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.8:2683 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.55:43300 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.37:1664 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.118:36892 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.17:7317 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.109:56229 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.217:45257 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.73:15278 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.64:14076 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.116:14567 SYN_RECV
Listing/banning Ipv6 Addresses From Netstat Output
Jan 19, 2008I've been happily banning ip's using the output from
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
for over a year now, with iptables. However recently, after upgrading to apache 2.2, the connections in netstat get listed as ipv6. A row can look like this for example:
tcp6 0 0 ::ffff:12.123.123.123:80 ::ffff:12.123.12.:12382 ESTABLISHED-
(actual ip addresses changed)
As you can see, the remote ip address isn't complete, it's cut off, so the script used to sum up connections and insert into iptables isnt doing anything.
Netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
Feb 1, 2007What does this string do? I copy and paste it into my SSH Shell and i get ip addresses and numbers next to them.
Each number means one connection?
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
Meaning Of "netstat"
Dec 17, 2007Maybe someone would be kind enough to enlighten me of the meaning of a netstat output. I know netstat is supposed to tell you the current active connections but would like some more details(what does each column mean?):
Code:
[root@]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address Stat
I notice that often times I see my ISP's mail server connecting to domains I didin't even set up yet. Sometimes I see google(I guess indexing my sites). But in addition some times I see some scary foreign addresses like from nigeria or one really common one, one which I see pretty often when I run netstat is:
Quote:
tcp 0 0 mydomain.com:http [somehostname].amenworld.com:40867 TIME_WAIT
I can't seem to make any sense of it, what are they doing and why are they always "connected' to my server?
I could just be over reacting on some of this stuff but just curious about what this all means.
SSH Cron Job
Feb 28, 2007I wanna run this command "./adfsas.sh" Every 4 Hours can someone tell me what command I can use via SSH to set this cronjob?
View 8 Replies View RelatedCron Job
Oct 4, 2008PHP Code:
* */1 * * *
But I didnt understand the difference from
PHP Code:
* * * * *
time property? Why is there a need for /1?
Cron
Sep 17, 2007I have root access to a server. Is it possible to create a cron that would restart my ftp and http server every so often. Like once a week or somthing. If so how would i do it?
View 6 Replies View RelatedCron Job
Feb 24, 2007in order to backup db automatically i want to use cron job. So i set cron job at 00 AM
suppose that : my infos
db name : db
db user : zode
db pass : 123
the command i use is following
PHP Code:
mysqldump -u zode -p123 of -K -c -f --compatible=mysql40 --default-character-set=utf8 db > backup/db_`date +%d%m%y`.sql
in good time i am looking into backup directory db is in it or not
but there is nothing in it
Cron Job
Jun 18, 2007I run A Centos 4.xx latest kernel server and Ive got a problem with Cron Job reporting.
The Cron Jobs themselves are working fine but I keep getting this message, on the hour, every hour
Quote:
Originally Posted by Email from the Cron Daemon
Not a directory: /etc/cron.hourly
The folder etc/cron.hourly DOES EXIST! and I cannot work out what could be causing this?
Does anyone hgave any ideas what could be causing it
CRON Job Timing Out
Sep 19, 2007i have had a problem for some time now, regarding my CRON jobs. I am trying to download a large amount of data from ebay (through their API, totally legal and aboveboard) using php, but my CRONjob times out.
I have tried resetting the timeout variable, but then it exceeds the maximum filesize
SO, my question: is there any way to have a script run as a CRON job, and wen it is complete, call another script?
Per Second Cron Jobs?
Apr 5, 2009Hey everyone, my friend's dad is looking for a web host that will allow his cron jobs to run every second. Most hosts apparently dont allow cron jobs faster than 5 seconds apart.
How often a host can run cron jobs isn't really advertised on their sites so I'm having a bit of trouble finding a host. I've resorted to just sending emails to sales addresses asking about it.
Does anyone know how I can find a host like this?
Reboot Cron Job
Aug 20, 2007VPS isn't rebooting by itself when it goes down. Anyone has any program/script that monitors heartbeat of the server? Like when it goes down, the program will automatically reboots the system. I know there's such a script out there but I forgot what it called.
View 2 Replies View RelatedCron Job Every Month
Jul 12, 2007I want to execute the following command on the 15th of every month at 1AM:
echo > /usr/local/apache/logs/error_log
How to accomplish this?
Cron: How To Run Php File
Feb 7, 2007My server with cPanel, I'd like run file http://domain.com/file.php at 0h00 everyday, I have set the Cron Job in cPanel :
Code:
0 0 * * * /usr/bin/ehpwget http://domain.com/file.php
but The cron is not working well
Code:
/bin/sh: /usr/bin/ehpwget: No such file or directory
Can any one please let me know how to run a php file with cron.
(as user or root)
Cron: First Of The Month
Jun 13, 2005Anyone know how I'd run a cron job on the begining (first day)of every month?
View 2 Replies View RelatedDoes Cron Timeout?
May 23, 2007Simply wondering, does cron timeout?
I have heard mixed reports and can't find any good info. Personally i've run a cronjob for up to 6 minutes, but as my best method was sending myself emails through php, its not exactly a highly accurate testing method.
On the same note, what would happen if one cronjob is running a php script for over 10 minutes, then another cron job starts on the same script, before the first one has finished?
Cron Run Php Scripts
Sep 27, 2006I have my own server. I create php file for adding cronjobs. I checked /etc/cron.deny and /etc/cron.allow. both of them is empty so no problem. I execute the php script but nothing : I check with crontab -u user l and it told me no cronjobs for that user. When I access as root from ssh and try teh same command, it works fine. I don't understand how to fix that.
View 0 Replies View RelatedRsync And Cron
May 5, 2009I have a bit of a strange problem, I have an rsync command setup in the servers crontab and from the cron log it show it ran the command but the files don't copy to the backup server. If I take the rsync syntax and run it manually all the files copy across with no errors, but I can't figure out why the cronjob doesn't work properly.
View 8 Replies View RelatedRemote Cron
Mar 30, 2009I've just noticed that many people may have a free remote cron facility without realising it.
If you have any domains registered with Godaddy, you get free web space that includes a cron facility. It only runs every half hour, but you could set six jobs at 5 min intervals to get an effective 5-minute poll, which is good enough for many purposes. You could use it to check uptime on another site, for example. Has anyone tried this?
Cron Job Deleted - Is Their A Log?
Jul 4, 2009We are running cpanel on one of our servers. Several cron jobs were deleted from the cron panel of one acct. I have no idea of the paths to re-enter these jobs. Is their a log file on the server that will show cron job history from previous runs so I can recover the proper paths?
View 4 Replies View RelatedCan Cron (back Ups)
Jul 10, 2009I want to set up a cron job to make daily back-ups of my database, but by turning my site off first.
This is how I envisage it to work:
1: rename '.htacess' (in public_html folder for the site) to .htaccess-open
2: rename '.htaccess-closed' to .htaccess
// this closes the site down so no-one can write/access the db (they are basically shown a 'site down for maintenance' page - I already have the code for this)
3: mysqldump --opt (DB_NAME) -u (DB_USERNAME) -p(DB_PASSWORD) > /path/to/dbbackup-$(date +%m%d%Y).sql
// this backs up the database
4: wait for 3 to finish
5: rename '.htaccess' to .htaccess-closed
6: rename '.htacess-open' to .htaccess
// this opens the site back upIs this easy enough to do? Anyone got any tips/pointers?
Cron Job Email In DA
Aug 5, 2009I've got limited knowledge in scripting so I've come to the interweb for help. Google hasn't answered any of my queries so the trusty WHT is next.
I'm trying to create a script cron that will email my clients once per month with space and bandwidth useage reminders. I'd prefer not to have to set up crons in each individual account, but rather email all with tokening including |name| |bandwidth| |space| out of the allowed space & bandwidth according to the clients package.
Cron Commands
Jan 28, 2008I've been reading through tutorials for setting up cron commands via cPanel, but everything I have tried does not work. What I need to do is simple - I just want to run a php file on my server once every 15 minutes.
View 1 Replies View RelatedError In Cron
Feb 25, 2007Got this from the daily.cron email:
/etc/cron.daily/chkrootkit.sh:
/proc/18927/fd: No such file or directory
really weird, when I run that command manually, it doesn't show that error.