I need a quicker way to find spammers. I've found a decent way to find the scripts, but I want to find heavy offenders by a simple command line or something to identify all scripts sending e-mail in let's say a text document or something.
View 2 Replies
We've been experiencing a lot of trouble with novice customers that want to install an Application Vault package that has sub-optimal default settings, e.g.
customer wants to install wordpress, clicks on Application Vault -> wordpress -> "INSTALL"
This will install, without any questions for settings, wordpress into domain.com/wordpress - which is not what people want. I know that there is a button with teh drop down menu that shows "custom", however, people don't see/know about it and click "install".
Is there a way to remove / replace the "quick install" button and have the "install custom" as default.
I am having some problems with the inbound smtp sockets, we are receiving a constant attack from spammers, and they are taking all the sockets we have open for our users. We have enable SPF, greylisting, inbound control access through authentication, relay access with authentication also. but after some weeks we are on the same situation yet. We have spam assasin also installed as power pack from plesk, and we have add DSN black list from b.barracudacentral.org, bl.mailspike.net and bl.spamcop.net but we still suffer from this problem.
We have also try to increase the socket assigned to 200 and after some minutes they used all again and the CPU change increase up to 25% of the total capacity.
I am running a website with a huge traffic on a single server with 2GB Ram and its working fine from last 3 years but from last 1 week the website is being unstable, not all the time but sometimes,
Following are the conditions when the problem occures:-
- When we enter the URL in browser and hit enter, it takes bit long on connecting...before reaching to the website, once the title appear at the top of the browser the page loads normally and while browsing the website, sometimes it gives page cannot be displayed error and we have to refresh the page.
- at that time when I check the result from [url]it gives bit high Average Response Time.
- On the other everything seems to be normal on SSH,
load average: 0.90, 0.96, 0.79
Mem: 3116360k total, 2841948k used, 274412k free,
root@silver [~]# netstat -alpn | grep :80 | awk '{print $4}' |awk -F: '{print $(NF-1)}' |sort |uniq -c
1 0.0.0.0
1197 ***.101.37.**
This is the normal traffic, not the attack and site was working fine from 3yrs but I guess some recently made changes is causing this issue.
How can we know about our server is dedecated or not.
View 5 Replies View Relatedif there is any specific way (maybe logs) to see what is using the swap memory of a dedicated server..
its a server with 8GB ram.. it has 60% of memory used, and a constant swap memory usage of 30%.. i thought that in normal conditions swap memory was not used..
its a centos / cPanel/WHM based server
i've recently ran into a problem that i do not have power to solve as it requires my datacenter to fix.
I did like to know how could i verify, monitor and come up with enough data to prove where and that there is a problem within the network so they can at least see and think if they want to keep the problem or solve it at some point ?
Tools that i could use, methods everything is welcome.
I also belive that many that do not have this knowledge will like this topic if any experts could come by and share a little of knowledge.
Is there a way to determine from monitoring the packets coming in to my IP address what domain on my server is being attacked? Something like Tcpdump maybe can tell me? Having DDoS trouble and I'm trying to identify the domain being hit.
View 2 Replies View RelatedHow do you know or identify if you're under ddos?
View 12 Replies View RelatedDoes anyone have experience with the cheap $1 web hosts?
I don't mind paying for hosting, but I only need one script installed on a server that runs a cron file once per day and I don't want to pay $5 to $10 for that.
My question is basically this: is my credit card safe with these $1 web hosts? Can they be trusted to keep my identity safe?
I`ve read this about allowing certain IPs access to the server
Quote:
More advanced: /etc/apf/allow_hosts.rules
10. As a safety precaution, you might want to add your ip to the '/etc/apf/allow_hosts.rules' file.
Open the file in your favorite editor.
11. Add the ip of your computer to the end of the file. This will cause all traffic to and from that ip not to be filtered. You can also add the ip's of other servers.
If you want to specify what kind of traffic to allow from those ips that is not covered with the current firewall rules (ie. you blocked all traffic to SSH and only want a few ips to be able to access the SSH port), then this is the format you would use:
Protocol : direction/flow : source/destination port : s/d ip
[tcp/udp] : [in/out] : [s=/d=]PORT : [s=/d=]IP
Ex (let the ip 192.168.0.100 access to port 22):
tcp:in:d=22: s=192.168.0.100
What I`d like to know is if its possible to put an IP range in there instead of just one ip address
such as you specify a range in the conf.apf file upon setup
eg:
tcp:in:d=99_123: s=192.168.0.100
where 99_123 is the port range
I am building a server using two Clovertown E5320 processors for a project. I need some suggestions for a motherboard and memory. I have looked at some boards on Newegg, but I'm still unsure. I do not have a large budget for the motherboard, so the cheaper, the better.
If anyone has other processors they would go with alternatively I'm open to suggestions there as well. It was either going to be a single Clovertown (later to be two) or two AMD Opteron 2212's....
I find it worrying when new or relatively new users post "[XYZ]VPS PROVIDER IS A SCAM" or "[XYZ]VPS ROBBED ME" in a topic because they didn't get the instant ticket response or fast enough setup time on their $10 VPS..
I'm planning on setting up a budget UK based VPS service myself some time soon, and users would do well to remember that a lot of hard work goes in to the management and set up of such providers. This kind of negative publicity can not be taken back once posted. A quick google search will throw this kind of a post up and cause irrepairable and often, completely unnecessary harm to a business..
Quick IPTables Commands
List: iptables -L -n | grep <IP Address>
Remove: iptables -D INPUT -s <IP 1> -d <IP 2> -j DROP
Insert: iptables -I INPUT -s <IP> -j DROP
Flush: iptables -F
Remove: iptables -D OUTPUT -s 0.0.0.0/0 -d 66.93.33.185 -j DROP
netstat -nap | grep :80 | wc –l (shows # of connections to HTTP)
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort –n (shows total connections per IP, if more than 100 block)
I currently switched from XXX to infinitie.net vps service. I was tired of foreign help dealing with people with poor english. Tech support has been very good, and good response times. Servers themselves have good performance. Not the fastest, but the mysql performance has been very good. It's also nice to have a VPS but setup and stuff can be somewhat intimidating. They were very helpful, but I did opt to pay them a small fee to do it for me. The hourly rates aren't a bargain, but when you factor in the time you would need to do it right, if you are just so-so at it, then it was probably worth it.
So far it's only a week, but it's been a happy week. No downtime at all so far. I'll report to you in a month and tell you how things are going.
During the past 24 hours, two things have happened with iMountain.com that I wanted to let you all know about.
1. I uncovered a bug in the Webshell application that they use (bundled with Hsphere) which was preventing me from gzipping up my and my buddy's owsweather.com site for weekly backups. Reported it in an email, and in 2 minutes I had a reply back saying that they would notify Hsphere of the issue since it's a bug in the software. Good job there.
2. The big one is that the same owsweather.com site is getting clobbered by HUGE amounts of traffic - more than we ever have in our 8 year history. We have received over 2500 unique IP visits since midnight (it is now 5 minutes until 6:00 am PDT in California).
I must give major props to iMountain for building rock solid servers which don't bog down under high traffic load, and also for allowing us to "use" their servers for what they are INTENDED to be used for! If it wasn't for them and allowing our site to have bursts of traffic like this *see Dreamhost, Bluehost, and other similar reviews*, we would be in a very tight spot indeed. So thanks Brandon and crew. You have done us well.
I recently changed providers after a short search, including input from this thread [url].
I opted to go with a semi-dedicated package from Iron Mountain ( www.imountain.com ). I was mostly impressed with their clustered solution and dedicated mySQL servers to host our increasingly busy Vbulletin forums. They also answered email inquires very quickly; another good sign, given the few comments I could find about them at WHT.
While I was intrigued about the solar-powered claim, I knew that many in our community would appreciate that aspect as well.
Ultimately, I wasn't quite convinced our forum issues were mainly related to CPU/memory resource use. So, I narrowed my search to providers that also claimed to have a good setup for SQL. These included Cartika Hosting and MediaLayer, among others (Thank you to all who responded with input and offers!). At that point, it came down to lowest price and iMountain's offer was also in the upper end of the price range supported by recent member donations. In case I was wrong about the CPU resources, at least this would at least allow some time to save for the dedicated solution that many recommended.
As it turns out, the CPU/memory resources were not the issue at all. It seems that our forum issues at the previous provider were primarily due to their SQL implementation.
In fact, they were going to generously allow us to continue on our $50/year plan for a while given that we weren't yet hogging resources. Nonetheless, the slowdowns and SQL errors continued until the last day. In any case, I can still recommend AddAction.net for anyone looking for a competitively priced basic hosting package if you don't have major SQL requirements. It was inexpensive, but I believe I got a lot more than I paid for.
Since the switch, the forums have been running great. No slowdowns, no freezes, no infinite waits to read/make a post, no flood of SQL error email messages. Most importantly, no user complaints so far. In addition, I've been told that we aren't even putting a scratch in our resource allocations in any area and there should be plenty of room for growth that has been doubling about every 6 months for the last few years.
The transfer was quick and the switchover had minimal downtime given that the new plan included a dedicated IP address for me to direct users of the forums during the DNS propagation. There were a couple minor issues during the switch, but their tech support team responded very quickly. They also helped setup a memcache for the forums and suggested some other tweaks to further improve performance.
Overall, I am very satisfied so far. I'll report again in a couple months when I have a better feel for downtime and more time for users to comment.
We've recently decided to move a sizable web project to a VPS located at bigvps.com (colo4jax). Although I had some initial concerns about them being single homed to Cogent, I have actually been pleasantly surprised at the speeds of the network. I have seen some very good speeds to some of my key servers located on the West Coast and even better on the East Coast (expected). For grins, we even tested a proprietary voip software between the datacenter (It's in Jacksonville) to one of our offices in San Francisco. It was perfect!
The hardware seems solid and support has been quick to respond to any inquiries.
Although we havent moved over the web project yet, the work we have done on the server has been no problem at all. We expect that when we move over the web project, the VPS will continue to hum along.
As with all providers, it's been a short life with them thus far - I'll post back in a few months and let you know how things progress.
I'm a non-techie trying to choose a dedicated hoster. From searching through reviews and prices, I've come down to Lunar Pages or Liquid Web. Would you please give me your opinions of these two, and if there are others that you feel strongly about instead, mention those as well? I would really appreciate it -- I'm very anxious about choosing a reliable company with good service, b/c I'll pretty much be at their mercy! (Life is hard for the non-technical
My programmer gave me these requirements: managed hosting, windows server 2003 or 2008, web edition, 2 GB ram, ms sql server 2005 or above, quad core processor from 1.8 - 2.4 ghz, firewall, automatic backup -- 10 GB, remote desktop connection.
I've been a long time reader but I figured I would finally sign up for an account and post a review of my current VPS host, WingSix.com.
Ratings range: 0-10
0 being the worse and 10 being the best
Uptime: 7/10
The uptime has been pretty good. Over the course of six months I had about 1 hour of downtime due to a hardware failure but over the last month I have had nearly 20 hours of downtime due to unexplained outages and migration issues.
Support: 4/10
The support has been horrendous. My average response to tickets is measured in days, if they respond at all, and I still have tickets opened from when I initially ordered the account relating to creeping file corruption which support just dances around. I have also had my IPs changed and server moved twice in the last month with little to no advance notice. Usually nothing actually gets done until I call them and even then it's a crapshoot.
Performance: 9/10
The performance on the server is excellent. The server is primarily a DNS and Mail host for my domains and, so far, I have had no problems with the speed or responsiveness of the service. Take this rating with a grain of salt, however, because I have never done much that would put an incredible load on the server.
Price: 8/10
Their pricing is fairly competitive with other hosts I have looked at. I am currently on their VPS Hawk plan ($25/mo) which offers:
2 dedicated IPs
15 GB storage
400k inodes
100 GB bandwidth
256 MB RAM / 1GB burstable
CPanel
Conclusion
While the uptime, price and performance are good I am hesitant on recommending them to anyone based on my experience thus far with their support
My domain has been reported to the mods.
server intrusion: quick fixes
View 12 Replies View RelatedI another thread recently I done a 5 year review for another provider hover circumstance changed and I took on a couple of Gigenet servers ( relatively high end)
Sales were extremely efficient working with me to achieve what I needed at a price I was comfortable with, replies were fast and concise so I ended up with 2 new machines and backup service.
Normally I don't need a lot of support and for the first few weeks nothing bar rDNS set ups - However I ran into some serious post migration issues over the past few days that had me stumped, support has been some of the best I have ever received both in speed and efficiency -
Anyway I sincerely hope I will be coming back to this thread in 5 years time to update it.
There's a new Wordpress out, so it's a good time to make sure you have any/all wordpress installs updated.
Running this will find versions for every one installed in /home/
Code:
find /home/ -type d -name wp-includes -exec grep -H wp_version {}/version.php ;
The latest version is now 2.0.6
I'm about to purchase a 2nd server to be used as a database/app server alongside my current server (of which will be the web server).
I wish to use 2 x 146GB 10K SCSI hard disks (in RAID 1) on the database server, but will be keeping 2 x 320GB SATAII 16M in RAID 1 on the web server. Will the SATA hard disks affect the performance / effectiveness of the SCSI disks or will I benefit from SCSI even though they're only in the database server?
Also, I'm going for 10K hard disks over 15K because they $20 per month cheaper and it's already expensive ($150 p/m for the two 10K or $170 p/m for 2 x 15k). Taking into account the already hefty price, is it worth the extra for 15K?
This can be adapted to other operating systems, for the scope of this tutorial it will be designed for Redhat enterprise / Centos ....
View 0 Replies View RelatedAny thoughts, or opinions are welcome. Looking for options on how to stop this.
Recently I've started receiving spam that appears to originate from a hosted domain on my VPS. It appears to only be an issue with this website account and not the VPS generally.
I've disabled the IMAP service to ensure the spam was not being sent from the server. The spam continues which leaves the POP email accounts as a possibility or something else.
My hosting provider says it looks like email spoofing.
Someone seems to be using the address at foobar.com to send out spam. The method that he has employed is called email spoofing. Email spoofing is the practice of changing your name in email so that it looks like the email came from somewhere or someone else. However, you need not be concerned.
Individuals, who are sending "junk" email or "SPAM", typically want the email to appear to be from an email address that may not exist. This way the email cannot be traced back to the originator. The spammer is not using our server to send out spam, hence your email address will never be blacklisted.
There is really no way to prevent receiving a spoofed email. Remember that although your email address may have been spoofed this does not mean that the spoofer has gained access to your mailbox.
The following are headers of two spam emails. Both of these addresses are setup as forwarders and not actual email accounts. The spam came to our attention because it is being sent to addresses on foobar.com with headers as also originating from foobar.com
I changed the actual names for privacy
host.vpsdomain.com [123.123.123.123] - VPS domain
foobar.com - website account on VPS
myemailaccount@gmail.com - address foobar forwarders send to
Delivered-To: myemailaccount@gmail.com .....
It looks like someone spammng from our server. I have checked exim_mainlog and got the this info.
2007-01-23 03:12:32 1H99Fz-0004wl-RV => erio@erio.com R=lookuphost T=remote_smtp H=mail.erio.com [217.220.27.241]
2007-01-23 03:12:40 1H99Fz-0004wl-RV => brown2525@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> beth46@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> dstanfie@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> harris3943@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> yumyyelow@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> gloverlm@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> debilu@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mosleyclan4@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> 61369@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> melabong@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> k_mcmull@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> anniern@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> bannaj1@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> lizzied@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> gillumd@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> pfeiferk36@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mommyof2@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> tongem@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> whitsonswrecker@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mmal63@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> goosynina1@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> malenat@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> jlhk@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> tawndawn@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> usnssn@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> crazybutcute0304@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> thomas0421@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mercibw@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> crouch1966@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> pj16@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> alba93@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> sassyd69@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> bettysue57@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> jimfiscus@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> nvonalme@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> breweragency@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> annaksimpson@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
In the log file is showing like this.
2007-01-22 19:11:24 1H99Fz-0004wm-Vp <= <> R=1H99Fz-0004wl-RV U=mailnull P=local S=605030
2007-01-22 19:11:24 1H99Fz-0004wl-RV <= stlawson100@yahoo.com.hk U=churchre P=local S=3558 id=23894.217.194.149.171.1169511083....el@65.xx.xx.xx
I couldn't find who is sending.
problem with spammers.. i installed bruteforce attack and apf but spammers still trying to use my mail server to spam.. bfa sending me 20-30 warning emails everyday like
Quote:
The remote system 200.83.230.214 was found to have exceeded acceptable login failures on xxxxxx; there was 62 events to the service exim. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible.
Executed ban command:
/etc/apf/apf -d 200.83.230.214 {bfd.exim}
The following are event logs from 200.83.230.214 on service exim (all time stamps are GMT -0600):
this spammers causing to load cpu very hi and freeze my server sometimes.
is there any way i can setup to only allow authenticated users to access the mail server. or any idea..
im not a hosting company hosting my websites and im a poor guy can't hire server admin.. and i have search it on google could'nt found anything..
