for a one-time password system to help us secure some systems... we've looked at RSA SecurID but the software licenses are way too expensive.
Is there any reasonably priced one-time password system that we can use to secure SSH and access to internal systems? We'd like something with a keychain device that will generate the password.
way to set up a user in passwd/shaddow to use no passwords. Not looking for keypair authentication or any authentication. just the abulity to run ssh <host> and I'm in.
Why - you might ask would I want something with no security? Because the shell that they are going to run is going to lock their IP out. This is a trap for SSH hackers allowing them to log in with any password/no password and immediately drop into something that runs iptables to kill their IP instantly. So I'll create a number of dummy accounts with names hackers try and it's a trap.
I'm planning on buying my first domain in order to host various sites of mine in one place. I like the idea of subdomains to separate them, but I was wondering... Is it possible to access different subdomains using different passwords? I'm planning to let a friend of mine use a subdomain to host a site of hers that's related to mine, and I'd like it if she had the security of a different password. I just want to know if I can even do this, and if so, what hosts offer this option?
View 9 Replies View RelatedThis is a rare issue i have on a RHEL 5.2 + cPanel server.
Server time is:
Tue Nov 11 17:02:51 CST 2008
Squirrelmail time show:
Code:
Last Refresh:
Tue, 5:02 pm
So, that is correct too..
But email arrives with -4 hours time, example:
webmaster@xxx.com 1:03 pm testing email
I already rebooted httpd, exim, and imap server, and the server itself too.. and problem stills.
I'm very frustated 'cause i found a "****.txt" into my root directoriy of my server with a lot of usernames and passwords (24Mb)
Example:
<<removed, as they might be active accounts>>
I just put here the first lines but I have yahoo, hotmail, facebook passwords etc ...
I have about 7 hosting accounts, am a member of over 60 forums and have many other services that require passwords. Generally, I use the same or similar password. However, recently I have been getting more and more hacking of my sites going on and I worry if it is due to my password "system" (or lack of).
How do you go about creating your passwords, and remembering them?
This is probably a long shot, but is there a workaround way to be able to edit passwords for addon domains in cPanel 11? Apparently you can only manage redirection or remove: ...
View 1 Replies View RelatedToday we received an email saying that the admin password for the server had been changed by them and that we should log in and change the password again ourselves.
49pence have provided no explanation as to why the password was changed and despite multiple requests have refused to give any kind of explanation. I've also asked to speak to a manager and this request was denied (well, more ignored and I was given the same line that they cannot disclose why they changed a customers' password).
And now after creating a Joomla! site for a school that will be moving to my server from a local small isp that doesn't have a control panel (just a screen to allow users to set-up their email name and pwd) I'm stuck with trying to figure out how to set up their email accounts with their current password.
There are about 40 accounts that I can add manually, but when I change the nameservers, these teachers and staff are going to be at a loss as what to do; like I am at the moment.
From time to time all the POP3 user mailboxes get their password reset and users can't access their mail. I have to go in and manually reset each users password.
Why is this happening and how can I stop it?
I got report from webceo that I have some issues. May someone help me fix this?
DNS Lookup: 0.22 sec
Connect time: 0.33 sec
Host ping: 0.10 sec
That mean too slow with the other sites!
I can't get access to a certain site. I always get the page with:
network time out - server at *** takes to long to respons. More people have noticed this and apparently it only happens to people with certain specific providers. And not all the time. Some times they DO get access eventy to they belong to the same ISP. So I guess an ISP isn't blocking access to it otherwise it would be permenantly/The site administrator insists that certain ISP's are blocking his site. He's hosting it on his own server. The domain belongs is registered at namecheap.com.
If an ISP is blocking this site (if that's possible?), that would lead to that 'network timeout' page wouldn't it?
What is the most likely reason for getting a timeout page anyway?
I got up today, went to check my emails and received invalid passwords on all my email accounts. I then went to check in the CPanels and get the same error when I try to login.
Then I try the root and same thing!
BUT all my linked FTP accounts work and the sites are online and working. One is giving a 500 error (cgi program) but besides that, they are all online w/ no changes.
My "host want to do a OS reinstall and let me try and restore my sites from a slave drive. I think thats stupid and shouldnt be needed.
They also automatically say I was hacked...Sure a hacker changed all the cpanel and email passwords but worked it so the linked FTP accounts would work and didnt take any sites offline.
I have setup a test server at home, Datacenter edition 2008.
Now, is there a way to allow only a certain username and password combination to access an FTP session/site?
to change all passwords for user account on cpanel server. Is it possible to do it automatically by using some cpanel script? Also I need this information stored in one file in order to know new passwords.
View 4 Replies View RelatedI'm getting a big problem on my server.
From 1 week until now I got 4 spam attacks. The attacker is the same, because the emails sent are iqual.
The technique is also the same, they use an email account (compromissed password) and send emails through smtp server.
When I detect the attack, i do:
1. identify the compromised account
2. Change password from the compromised account
3. Stop qmail
4. Clear queue with qmail-remove
5. Start qmail
The problem is that they already used 4 diferent domains since the first attack. So, here is my problem, how do they discover the passwords?! How can I solve this problem? I have hundreds of emails accounts and can't change it all.
CentOS release 5.10 (Final)
Plesk 11.0.9
Why can i login with two different passwords for the user admin in plesk control panel?
View 1 Replies View RelatedCame across an answer within google, but wanted to make sure I have an updated tutorial to prevent crashing the mysql and or server as others did.
How can we reset all customer account passwords at once, whether it be a preset one and or random?
I am having a Plesk server and when I scanned it with tools like OpenVas, It detected the following vulnerabilities with CVE acronym. As the corresponding ports and services are being controlled by Plesk, I require to patch it.URL....As you can see this vulnerability has been hit on port 106. I checked the Plesk server and found the port 106 being used by service "poppassd". This was nothing I installed and came along with the Plesk installation. Hence just wanted to make sure whether it has a patch from Parallels. As per my investigation this service is used for changing mailbox passwords and I am currently using Roundcube client. How to patch this vulnerability.
As per the solution in pic, the vulnerability "SMTP antivirus scanner DoS" can be resolved by upgrading or installing anti virus for Plesk mail server. I am ready to buy Dr.Web or Kaspersky from Parallels. But wanted to make sure whether any of the above antivirus can resolve the vulnerability.
cat /usr/local/psa/version
11.0.9 CentOS 6 110120608.16
I moved from a host to another and wanted to restore/use the email adresses that are already saved on my old host account.
I did a full backup by using Cpanel's wizard and saved it on my computer. Extracted everything and then by using FTP I have put all the files on my new server which is using Cpanel as well.
Although all email adresses are now visible in my Cpanel the old passwords will not work anymore......
We use our own backoffice for remote logins. Passwords for panel login are encrypted. Is it possible to remove the option for customers to change their password for panel login so they will stay in sync with our own backoffice?
If it's not possible, is there a way to decrypt the panel login passwords, like there is for the admin-password (/usr/local/psa/bin/admin --show-password)?
I have a dedicated server specs: AMD 3500+ 64 Bit CPU, 1 GB Ram, 160 GB Sata Drive. For 1 month, CPU load average reaches 40-50 value. This happens about 5-6 times in a day. When I stop httpd service for 30 seconds everything goes normal. I think this is not a DoS attack because it comes systematic, I dont believe no one makes this regularly except bots.
Maybe its a system service or a cronjob but it stops when I turn off httpd service?
How can I be sure about what's making this regularly load?
I also did set up a script which mail me when load average of system goes crazy and restart httpd service. But instant restart is not working to stop load increase.
The server is going down from time to time, every 12 days or so the site hosted there is no longer accesible, everything starts with the site slowing don and down and then is not longer reachable, what we do is to request a power cycle, and with this we start all over again till next power cycle, so on so on, of course, here are my server details and more info on this:
- MySQL - 5.1.41-3ubuntu12.10
- Apache - 2.2.14-5ubuntu8.4
- PHP - 5.3.2-1ubuntu4.9
- operating system: Ubuntu Server 10.04 LTS
After some time emailing the support guys to barely check about what's going on, we received an email with a few things:
1.- found a few errors that likely would cause issues with Apache. The first error is:
[Mon Feb 04 05:03:10 2013] [error] mod_fcgid: fcgid process manager died, restarting the server and the next error is:
[Mon Feb 04 14:32:34 2013] [error] server reached MaxClients setting, consider raising the MaxClients setting ...
Both these errors seem to indicate that you have a process that is running out of control on your server. We were unable to determine what script on your site is running caused your connections to be maxed out however it does appear that before these errors were generated there was a WordPress plugin referenced in your access logs...
2.- Additionally during our review we did find that your error log for mercadodedinerousa.com is 45 GB's which is excessively large and can cause problems when Apache is trying to write a such a large file.
3.- The majority of the errors being logged are:
[Wed Feb 06 12:12:31 2013] [error] [client 200.76.90.5] Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /var/www/vhosts/mercadodedinerousa.com/httpdocs/index.pl, referer: [URL]
I need to be able to access email passwords in plain text (not encrypted). I'm running with updates so as to not force encryption, which I'm told is a one-way deal. I'm going to have to go to new hardware soon, as I'm finding the hardware starting to fail.
I understand the "mail_auth_view" utility shows the passwords, and was wondering if it will decrypt them for you?
If not, how can I keep the behavior of non-encrypted email passwords so that the customer administrators still have access to them for their users? I know a new install forces encryption, which is why I can't do that. How can I preserve the non-encrypted passwords and move to new hardware? This seems to be a deal breaker for my customers.
I bought a new server ...
It had 2GB RAM, 2.8 GHz processor ,NIC fast Ethernet , 500GB HD.
Window server 2003 standard x64.
4 ip.
The ip ping but I cannot connect to server using remote desktop.
Is this problem related to firewall, or the network it self.