Rogue Network Activity From Dedicated Box

Aug 6, 2007

I have a dedicated box with Fasthosts and they tell me they've detected that the server is talking out to other networks via IRC although there's no activity on port 53.

Can anyone point me in the right direction of steps to take to find out what this is and eliminate it?

Recent changes to server include...
Started SpamAssassin (with network checks on - could these be the cause?)
Installed Mongrel as a proxy server for RoR apps and configured Apache on port 80 to make use of two Mongrel processes.

Some other data about server as requested on sticky thread on this board:

Linux OS: Fedora Core 6
Kernel: 2.6.18-1.2798.fc6
Control Panel: Matrix LSA

Processes (ps -auxf):

Quote:

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 2032 556 ? Ss Jul31 0:01 init [3]
root 2 0.0 0.0 0 0 ? S Jul31 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SN Jul31 0:00 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S Jul31 0:00 [watchdog/0]
root 5 0.0 0.0 0 0 ? S Jul31 0:00 [migration/1]
root 6 0.0 0.0 0 0 ? SN Jul31 0:00 [ksoftirqd/1]
root 7 0.0 0.0 0 0 ? S Jul31 0:00 [watchdog/1]
root 8 0.0 0.0 0 0 ? S< Jul31 0:00 [events/0]
root 9 0.0 0.0 0 0 ? S< Jul31 0:00 [events/1]
root 10 0.0 0.0 0 0 ? S< Jul31 0:00 [khelper]
root 11 0.0 0.0 0 0 ? S< Jul31 0:00 [kthread]
root 15 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kblockd/0]
root 16 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kblockd/1]
root 17 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kacpid]
root 123 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [cqueue/0]
root 124 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [cqueue/1]
root 127 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [khubd]
root 129 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kseriod]
root 194 0.0 0.0 0 0 ? S Jul31 0:00 \_ [pdflush]
root 196 0.0 0.0 0 0 ? S< Jul31 0:14 \_ [kswapd0]
root 197 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [aio/0]
root 198 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [aio/1]
root 363 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kpsmoused]
root 393 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [ata/0]
root 394 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [ata/1]
root 395 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [ata_aux]
root 399 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [scsi_eh_0]
root 400 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [scsi_eh_1]
root 401 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kjournald]
root 421 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kauditd]
root 1305 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [hda_codec]
root 1461 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kmpathd/0]
root 1462 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kmpathd/1]
root 1469 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kmirrord]
root 1491 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [kjournald]
root 1493 0.0 0.0 0 0 ? S< Jul31 0:01 \_ [kjournald]
root 1495 0.0 0.0 0 0 ? S< Jul31 0:07 \_ [kjournald]
root 2105 0.0 0.0 0 0 ? S< Jul31 0:02 \_ [rpciod/0]
root 2106 0.0 0.0 0 0 ? S< Jul31 0:00 \_ [rpciod/1]
root 2143 0.0 0.0 0 0 ? S Aug04 0:00 \_ [pdflush]
root 447 0.0 0.0 2212 332 ? S<s Jul31 0:00 /sbin/udevd -d
root 1629 0.0 0.0 1624 364 ? Ss Jul31 0:00 cpuspeed -d -n
root 1630 0.0 0.0 1624 348 ? S Jul31 0:00 \_ cpuspeed -d -n
root 1931 0.0 0.0 1692 580 ? Ss Jul31 0:06 syslogd -m 0
root 1934 0.0 0.0 1640 316 ? Ss Jul31 0:00 klogd -x
root 1943 0.0 0.0 1632 280 ? Ss Jul31 0:00 irqbalance
rpc 1964 0.0 0.0 1776 416 ? Ss Jul31 0:00 portmap
root 1982 0.0 0.0 1884 604 ? Ss Jul31 0:00 rpc.statd
root 1989 0.0 0.0 1628 232 ? S Jul31 0:00 /usr/sbin/courierlogger -pid=/var/spool/authdaemon/pid -star
root 1990 0.0 0.0 2120 544 ? S Jul31 0:00 \_ /usr/libexec/courier-authlib/authdaemond
root 2008 0.0 0.1 2964 1452 ? S Jul31 0:01 \_ /usr/libexec/courier-authlib/authdaemond
root 2009 0.0 0.0 2172 752 ? S Jul31 0:01 \_ /usr/libexec/courier-authlib/authdaemond
root 2010 0.0 0.1 2584 1172 ? S Jul31 0:01 \_ /usr/libexec/courier-authlib/authdaemond
root 2011 0.0 0.0 2172 752 ? S Jul31 0:01 \_ /usr/libexec/courier-authlib/authdaemond
root 2012 0.0 0.1 2964 1456 ? S Jul31 0:01 \_ /usr/libexec/courier-authlib/authdaemond
root 2022 0.0 0.0 4932 308 ? Ss Jul31 0:00 rpc.idmapd
dbus 2034 0.0 0.0 3140 308 ? Ss Jul31 0:00 dbus-daemon --system
root 2042 0.0 0.0 2344 416 ? Ss Jul31 0:00 hcid: processing events
root 2048 0.0 0.0 1712 368 ? Ss Jul31 0:00 /usr/sbin/sdpd
root 2072 0.0 0.0 0 0 ? S< Jul31 0:00 [krfcommd]
root 2107 0.0 0.0 0 0 ? S Jul31 0:00 [lockd]
root 2124 0.0 0.0 12692 552 ? Ssl Jul31 0:00 pcscd
root 2141 0.0 0.0 1876 348 ? Ss Jul31 0:00 /usr/bin/hidd --server
root 2154 0.0 0.0 9044 708 ? Ssl Jul31 0:00 automount
root 2170 0.0 0.0 1640 392 ? Ss Jul31 0:00 /usr/sbin/acpid
root 2187 0.0 0.0 5172 716 ? Ss Jul31 0:02 /usr/sbin/sshd
root 14427 0.0 0.2 8172 2468 ? Ss 14:09 0:00 \_ sshd: root@pts/0
root 14432 0.0 0.1 4620 1472 pts/0 Ss 14:09 0:00 \_ -bash
root 17290 0.0 0.0 4192 936 pts/0 R+ 16:35 0:00 \_ ps -auxf
root 2258 0.0 0.0 4488 544 ? S Jul31 0:00 /bin/sh /usr/bin/mysqld_safe --defaults-file=/etc/my.cnf --p
mysql 2294 0.0 0.6 139508 6432 ? Sl Jul31 1:26 \_ /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedi
root 2401 0.0 0.1 6240 1344 ? Ss Jul31 0:06 /usr/libexec/postfix/master
postfix 20416 0.0 0.1 6484 1612 ? S Aug03 0:01 \_ qmgr -l -t fifo -u
postfix 16541 0.0 0.1 6300 1664 ? S 15:31 0:00 \_ pickup -l -t fifo -u
postfix 17111 0.0 0.1 6292 1644 ? S 16:21 0:00 \_ anvil -l -t unix -u
postfix 17248 0.0 0.1 6308 1980 ? S 16:33 0:00 \_ trivial-rewrite -n rewrite -t unix -u
postfix 17273 0.0 0.1 6468 1876 ? S 16:34 0:00 \_ smtp -t unix -u
postfix 17274 0.0 0.1 6468 1880 ? S 16:34 0:00 \_ smtp -t unix -u
postfix 17275 0.0 0.1 6468 1876 ? S 16:34 0:00 \_ smtp -t unix -u
postfix 17276 0.0 0.1 6464 1832 ? S 16:34 0:00 \_ smtp -t unix -u
postfix 17277 0.0 0.1 6468 1880 ? S 16:34 0:00 \_ smtp -t unix -u
postfix 17278 0.0 0.1 6468 1880 ? S 16:34 0:00 \_ smtp -t unix -u
postfix 17281 0.0 0.1 6340 1660 ? S 16:34 0:00 \_ bounce -z -n defer -t unix -u
postfix 17283 0.0 0.1 6340 1640 ? S 16:34 0:00 \_ bounce -z -n defer -t unix -u
root 2411 0.0 0.0 1864 292 ? Ss Jul31 0:00 gpm -m /dev/input/mice -t exps2
root 2434 0.0 0.1 5804 1648 ? Ss Jul31 0:00 /usr/sbin/httpd-matrixsa
apache 15100 0.0 0.1 5948 1856 ? S Aug05 0:00 \_ /usr/sbin/httpd-matrixsa
apache 15101 0.0 0.1 5948 1704 ? S Aug05 0:00 \_ /usr/sbin/httpd-matrixsa
apache 14593 0.0 0.1 5948 1852 ? S 14:22 0:00 \_ /usr/sbin/httpd-matrixsa
root 2442 0.0 0.0 5216 596 ? Ss Jul31 0:00 crond
xfs 2465 0.0 0.0 3132 548 ? Ss Jul31 0:00 xfs -droppriv -daemon
root 2480 0.0 0.0 2204 348 ? Ss Jul31 0:00 /usr/sbin/atd
root 2501 0.0 0.1 24212 1372 ? S Jul31 0:00 /usr/bin/python /usr/sbin/yum-updatesd
avahi 2510 0.0 0.0 2864 612 ? Ss Jul31 0:00 avahi-daemon: running [server88-208-201-113.local]
avahi 2511 0.0 0.0 2864 124 ? Ss Jul31 0:00 \_ avahi-daemon: chroot helper process
68 2520 0.0 0.1 5708 1100 ? Ss Jul31 0:00 hald
root 2522 0.0 0.0 3336 520 ? S Jul31 0:00 \_ hald-runner
68 2553 0.0 0.0 2292 568 ? S Jul31 0:00 \_ hald-addon-acpi: listening on acpid socket /var/run/
root 2554 0.0 0.0 3392 520 ? S Jul31 0:00 \_ /usr/libexec/hald-addon-cpufreq
68 2560 0.0 0.0 2288 564 ? S Jul31 0:00 \_ hald-addon-keyboard: listening on /dev/input/event2
68 2563 0.0 0.0 2288 564 ? S Jul31 0:00 \_ hald-addon-keyboard: listening on /dev/input/event0
ntp 2607 0.0 0.0 4128 944 ? Ss Jul31 0:00 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
root 2667 0.0 0.0 1628 380 tty1 Ss+ Jul31 0:00 /sbin/mingetty tty1
root 2668 0.0 0.0 1628 360 tty2 Ss+ Jul31 0:00 /sbin/mingetty tty2
root 2671 0.0 0.0 1628 360 tty3 Ss+ Jul31 0:00 /sbin/mingetty tty3
root 2672 0.0 0.0 1628 360 tty4 Ss+ Jul31 0:00 /sbin/mingetty tty4
root 2673 0.0 0.0 1628 360 tty5 Ss+ Jul31 0:00 /sbin/mingetty tty5
root 2683 0.0 0.0 1628 360 tty6 Ss+ Jul31 0:00 /sbin/mingetty tty6
root 4656 0.0 0.0 1628 296 ? S Jul31 0:00 /usr/sbin/courierlogger -pid=/var/run/imapd.pid -start -name
root 4657 0.0 0.0 1732 504 ? S Jul31 0:00 \_ /usr/lib/courier-imap/libexec/couriertcpd -address=0 -ma
1003 8661 0.0 0.1 2344 1316 ? S 10:00 0:11 \_ /usr/lib/courier-imap/bin/imapd /home/default/polloc
1001 9528 0.2 0.2 3860 2772 ? S 10:24 1:05 \_ /usr/lib/courier-imap/bin/imapd /home/default/aaronp
1003 15914 0.0 0.1 2200 1072 ? S 14:43 0:00 \_ /usr/lib/courier-imap/bin/imapd /home/default/polloc
1001 17199 0.0 0.0 2124 1020 ? S 16:27 0:00 \_ /usr/lib/courier-imap/bin/imapd /home/default/aaronp
root 4663 0.0 0.0 1632 168 ? S Jul31 0:00 /usr/sbin/courierlogger -pid=/var/run/imapd-ssl.pid -start -
root 4664 0.0 0.0 1732 428 ? S Jul31 0:00 \_ /usr/lib/courier-imap/libexec/couriertcpd -address=0 -ma
root 4669 0.0 0.0 1632 300 ? S Jul31 0:00 /usr/sbin/courierlogger -pid=/var/run/pop3d.pid -start -name
root 4670 0.0 0.0 1732 500 ? S Jul31 0:00 \_ /usr/lib/courier-imap/libexec/couriertcpd -address=0 -ma
root 4675 0.0 0.0 1628 168 ? S Jul31 0:00 /usr/sbin/courierlogger -pid=/var/run/pop3d-ssl.pid -start -
root 4676 0.0 0.0 1736 428 ? S Jul31 0:00 \_ /usr/lib/courier-imap/libexec/couriertcpd -address=0 -ma
root 14860 0.0 1.5 33316 15544 ? Ss Aug03 0:01 /usr/sbin/httpd
apache 30327 0.0 2.1 43480 21688 ? S 01:55 0:16 \_ /usr/sbin/httpd
apache 30328 0.0 2.0 43220 21180 ? S 01:55 0:15 \_ /usr/sbin/httpd
apache 30329 0.0 2.1 43616 21868 ? S 01:55 0:13 \_ /usr/sbin/httpd
apache 30330 0.0 2.1 44132 22308 ? S 01:55 0:16 \_ /usr/sbin/httpd
apache 30331 0.0 2.2 44660 23384 ? S 01:55 0:15 \_ /usr/sbin/httpd
apache 30332 0.0 2.2 44604 22820 ? S 01:55 0:14 \_ /usr/sbin/httpd
apache 30333 0.0 2.0 43576 21532 ? S 01:55 0:17 \_ /usr/sbin/httpd
apache 30334 0.0 2.1 43908 22064 ? S 01:55 0:17 \_ /usr/sbin/httpd
apache 11425 0.0 1.9 42328 20276 ? S 10:53 0:12 \_ /usr/sbin/httpd
apache 16125 0.0 1.6 40572 17052 ? S 15:04 0:01 \_ /usr/sbin/httpd
apache 16126 0.0 1.6 40564 16696 ? S 15:04 0:01 \_ /usr/sbin/httpd
apache 16581 0.0 1.5 40508 16412 ? S 15:34 0:00 \_ /usr/sbin/httpd
apache 16582 0.0 1.6 40612 16436 ? S 15:34 0:00 \_ /usr/sbin/httpd
apache 16637 0.0 1.6 40496 16660 ? S 15:38 0:00 \_ /usr/sbin/httpd
mongrel 15242 0.0 2.8 45536 29104 ? Sl Aug03 0:03 /usr/bin/ruby /usr/bin/mongrel_rails start -d -e production
mongrel 15245 0.0 0.0 42184 828 ? Sl Aug03 0:02 /usr/bin/ruby /usr/bin/mongrel_rails start -d -e production
apache 27873 0.0 0.0 1608 244 ? Ss Aug04 0:00 /usr/local/apache/bin/httpd -DSSL
apache 28536 0.0 0.2 4556 2408 ? S Aug04 0:01 /usr/local/apache/bin/httpd -DSSL
apache 32052 0.0 0.2 4552 2400 ? S Aug04 0:01 /usr/local/apache/bin/httpd -DSSL
apache 32094 0.0 0.2 4552 2400 ? S Aug04 0:01 /usr/local/apache/bin/httpd -DSSL
root 15106 0.0 0.2 9836 2056 ? Ss Aug05 0:00 cupsd
root 15135 0.0 1.2 90504 12360 ? Sl Aug05 0:11 python2 MatrixSALaunch.py ThreadedAppServer
apache 19934 0.0 0.3 6096 3864 ? S Aug05 0:00 /usr/local/apache/bin/httpd -DSSL
1001 8664 0.0 0.1 2524 1044 ? S 10:00 0:00 /usr/libexec/gam_server
1003 8666 0.0 0.1 2528 1040 ? S 10:00 0:00 /usr/libexec/gam_server
root 17068 0.0 2.6 31508 27016 ? Ss 16:16 0:00 /usr/bin/spamd -d -c -m5 -H -r /var/run/spamd.pid
root 17070 0.1 2.8 33752 29236 ? S 16:17 0:01 \_ spamd child
root 17071 0.0 2.7 32432 27772 ? S 16:17 0:00 \_ spamd child

vmstat 5 5:

Quote:

procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
r b swpd free buff cache si so bi bo in cs us sy id wa st
0 1 86800 26008 285380 234780 0 0 3 10 21 1 0 0 99 0 0
0 0 86800 26716 285396 234792 0 0 0 98 289 538 4 1 94 0 0
0 0 86800 26764 285404 234792 0 0 0 62 254 333 0 0 100 0 0
0 0 86800 26772 285404 234792 0 0 0 0 255 346 0 0 100 0 0
0 0 86800 26772 285416 234792 0 0 0 16 253 408 0 0 100 0 0

View 3 Replies


ADVERTISEMENT

Scraper, Rogue Bot Or Phishing

Jun 9, 2009

I spotted a user on my site with the hostname: gator832.hostgator.com
This particular visitor identified themselves as a "visitor", with the user agent: Mozilla/4.8 [en] (Windows NT 6.0; U)

Upon typing the user's IP into google, a boatload of "phishing" / "bad bots" logs come up.

My question: Can I identify visitors like this via automation?
i.e.: fake users. People who masquerade themselves as a human, while they're really a bot.
(I only noticed this potentially 'bad' user because I was viewing my visitor log in real-time. -I was on at the very moment they were-)

In previous experience, not every user with the "host" phrase in their hostname are bad users, so sniffing those bits wouldn't do anything useful.

View 0 Replies View Related

Limestone Network - Dedicated Hosting

Feb 14, 2008

I recently signed up with Limestone Networks after dealing with Ipower's nonsense for so many years

[url]read it, it's kind of funny in a horrific kind of way )

I was impressed with the detail and attention I got with all of my questions- Talk with Ryan - he's such a helpful and upfront person if you are looking for a good dedicated server.

They may not be the cheapest out there, I wouldn't know but from the amount of SUPPORT I received even before I signed up made it worthwhile for me.

View 14 Replies View Related

Log SSH Activity/ Keylogger

Oct 10, 2009

I was just wondering is there any way to log SSH activity on server. or some sort of keylogger.

View 3 Replies View Related

Activity On Ports 1028 And 135

Jan 14, 2008

my Windows 2003 server is showing a very steady amount of action on Port 1028 and Port 135.

The Process is listed as "Unknown" with a PID of 0
The Local IP is 127.0.0.1
The Remote IP is 127.0.0.1
The Remote Port is either 1028 or 135
The State is "TIME_WAIT"
The Protocol is TCP

The path to the executable is blank. At any given time there are at least 20 active processes of this. The virus scan says all is well.

View 1 Replies View Related

SSH User Activity History

Sep 11, 2007

Does CentOS4 logs every activity done by a SSH user? Or is there such script/software to do that?

View 10 Replies View Related

Limiting User Activity

Jul 29, 2007

I am interested in setup user activity limits to avoid peaks on the server load, I have readen a lot about PAM and limits.conf but still have no idea on how set this limits. Most of the examples are similar to this page http://www.seifried.org/lasg/users/ but they are still confusing to me

>> I would like to setup rules like this:

Customers may not use more than 2% CPU daily, 3% memory daily, run more than 10 simultaneous processes per user, allow any process to run for longer than 30 CPU seconds, run any process that consumes more than 20% of available CPU at any time, or run any process that consumes more than 16 MB of memory.

View 6 Replies View Related

Jarhosts Limited (Fraudulant Activity)

Jan 23, 2009

Last week, we received a letter [url] from Companies House (the UK entity which governs companies).

It was addressed to Exoware, with all the correct contact details, reminding me to submit statutory documents by a certain date or face a fine and/or prosecution.
It was sent to us, because apparently, Exoware is a director of Jarhosts limited. This is not true. We have never even heard of Jarhosts limited up to this point, but it appears they had ceased trading by the time we received the letter.

A few emails were exchanged between us and Companies House, which didn't really get us anywhere as they couldn't seem to understand our position, so I phoned them up myself. I got through to someone and explained our position and she informed me about the company and said they registered Exoware as a director of Jarhosts limited on 05/12/08 and they themselves promptly resigned from the company afterwards, so Exoware was the only remaining director.

After I declared that Exoware had no affiliation whatsoever with Jarhosts limited, she promptly forwarded the case to a department for dealing with fraudulent documents and said the company will dissolve soon and that we may hear from Companies House fraud department in the future.

So, my concerns are now at ease, but my curiosity still remains.

Does anybody know Jarhosts; how long they were around for, who they were owned by, or any relevant information about them? Or does anybody know of any reason that people would sign up a random business in the same industry as a director before bailing out of their own company? It all seems very obscure.

View 10 Replies View Related

Highly Suspicious Activity - Log Files

Dec 17, 2007

what to look out for in the log files, but a couple of things jumped out at me over the weekend:

I had 5 of these, I followed the link (I suppose is the referrer) but it takes you to a polish-hosted russian webpage that tries to infect your browser. So DONT VISIT THE WEBSITE unless you're virus checker is fully up to date!

Code:
shop.######.com: [15/Dec/2007:02:52:43 +0000] 87.118.120.23 - - "GET / HTTP/1.0" 200 21466 [url] (compatible; MSIE 6.0; Windows NT 5.2; Win64; AMD64)"
As this is only a GET, I'm not sure what the purpose of this really was.

Also I seem to be getting loads of these recently:

Code:
shop.######.com: [17/Dec/2007:08:21:41 +0000] 82.19.60.98 - - "GET /_vti_bin/index.php?main_page=page_not_found HTTP/1.1" 301 5 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1)"
Which I read is an automated hacker-bot checking for an unpatched MS server.

So my question is this;

What's the most effective thing we (as webmasters/hosts) can do to combat and report this sort of thing so we fight back against what's likely to be related to organised crime?

View 4 Replies View Related

Apachetop / Munin / Nagios - Best Way To View Apache + Other Service Activity

Nov 12, 2008

On Cpanel/WHM. I have just moved from a VPS to a dedicated server. I reinstalled munin, so get some stats via that. I used to have apachetop loaded on my VPS for when I wanted a 'near realtime' streaming view of apache access.

I'm wondering what the best solution is to get a good view of apache, like what apachetop did, plus also it would be nice to have a real-time monitor of MySQL activity, HDD activity (such as I/O queues, etc. Something along the lines of the perfmon on Windows servers.

What is my best option?

Also, with Nagios, when I look at the website, it seems there are two options. Load it on a single server and then load the stats via [url]or have the Nagios 'stat collector' on one machine, and have it gathering stats from multiple machines.

If you only install it on a single dedicated server, do you really have to be on the console and connect to the Nagios stats via localhost, rather than connecting remotely?
Ideally, I would like a quick, easy to setup solution, but if it takes some configuring, I can deal with it, as long as there is some documentation. My main goal is to get the real time type monitoring, you get with window's perfmon.

View 11 Replies View Related

Trojan Activity - Running Perl With High CPU Usage, With User Apache

Sep 5, 2007

Running programs named Perl with Heavy CPU usage, with the ownership of user apache.

We found the problem on Fedora 3 and Fedora 6.

In our case, it was the result of a Trojan activity.

Quick Solution

Check the cron jobs of user apache
crontab -u apache -e
*/1 * * * * perl /tmp/.tmp/tmpfile
delete the cronjob entry.
Also delete the file /tmp/.tmp/tmpfile
also added "apache" to the file /etc/cron.deny

That's all

Problem and solution in detail....

View 1 Replies View Related

Network Liquidators / Network Hardware

Oct 14, 2009

any experiences to report about purchasing used / refurb gear from either Network Liquidators (nweq.com) or Network Hardware (networkhardware.com)?

View 12 Replies View Related

Time For A Dedicated? And Opinions On Future Hosting Dedicated Servers?

Mar 26, 2009

Some information about my forum:

I run a VBulletin forum with - 575,614 post, 14,369 members and 2.9 million page views per month. On average there are 300 - 400 people on the site.

The server right now is a Linux CentOS VPS with 1.1 gigs of memory. The hosting provider keeps telling me that I need a dedicated server.

Question # 1 - In your opinion - do you think its time for a dedicated server?

The server I am looking at has these stats:

E8300
2 GB RAM
250GB HD
cPanel
Management

The price I was given is pretty good. So the offer is going to be hard to pass up.

Question # 2 - Has anyone here used Future Hosting for their dedicated server solution?

View 9 Replies View Related

Dedicated With Cpanel Migration From Shared To Dedicated

Sep 8, 2008

I have an account that is going from a shared hosting account to a dedicated with theplanet and I want to transfer it. Concerns I have is that the site is using an SSL. What things do I need to watch out for when transferring. Since I don't have root access I will have to do this transfer with the account function, correct?

This site has a database and SSL, so I thought it would hopefully be easier to use the cpanel account migration tool

View 6 Replies View Related

Dedicated Virtual Server Vs Regular Dedicated

Sep 3, 2007

What is the difference between Dedicated Virtual vs Regular Dedicated Server?

Also what are the pros and cons of going with Virtual?

View 8 Replies View Related

VPN Network

Sep 25, 2006

Okay, I have been trying to get a VPN network setup here between our DC and our office for weeks now and have not been sucessful.

Here is our goals:

-use 10.x.x.x/255.0.0.0 as a local backend network at our DC
-be able to assign a 10.x.x.x address at the office to all workstations and be able to access any of the local machines at the DC
-we have a asterisk server that we use and want to run that on the same network, asterisk box at the DC, phones at the office

We are wanting to impliment this for allot of security procedures and for ease.

But I also want to be able to have this like at my house so I can still be on the VPN. I want to have my house, office and DC always connected and then setup remote ability too to dial in via VPN.

What would be the best way to accomplish.

I have already tried having a few Linksys RV082 and WRV54G but the remote and local networks must be different networks, so this will not work here.

View 2 Replies View Related

IPs Within The Network

Apr 5, 2009

Does anybody know how can I determine which of the IPs within the network are used or not. I know that this can be archived by pinging each of the ips but there are 256 (192.168.1.0 - 192.168.1.255). I am using CentOS 5.

View 3 Replies View Related

CDN Network

Oct 29, 2009

what do i need to build CDN Network for my video streaming site with Flash Media server using rtmpe Protocol To protect my video from Downloading?

Do you know any Company Can Build this for you for example if i order servers from them?

View 14 Replies View Related

Network

Mar 4, 2007

I bought another dedicated server yesterday and it was bought online same day. It was working fine yesterday during a few site transfers but now it would appear that I am losing network packets.

I have done a traceroute and ping tests and attached are the results. Please can anyone help. I think the problem is to do with NTT's network rather than server problems but please could someone else ping from their location to confirm this.

View 2 Replies View Related

Network

Oct 30, 2007

I have some VPS with Knownhost and i use it for hosting purposes.

First, I'm not from USA.

Here in my country we have several ISP but one of them ( i guess the biggest one ) is having problems with their link that connects to another countries ( including USA ).

Many of my customers that uses this ISP complains about their site being down and also slow download speeds ( 10kb/s when they usually download at 200kb/s ). When they run a traceroute i see that the problem is related to the ISP.

I have already contacted the ISP but they doesn't seen to "care" about their clients and i guess they won't solve this in a near future.

My question is if there is a way to solve this problem on my own?

I was thinking about getting a link with another ISP ( the one that really works ) with static IP and route this to Knownhost VPS. I know that this isn't a cheap solution but is it possible?

View 4 Replies View Related

Network

Mar 15, 2007

To make it simple, I am having some bays with dedicated servers. We offer 2 possibilities for bandwidth traffic: per Giga, or per MBit/s but I am having some problems. We currently use the router of our ISP better than buying a cheap low quality router.

- How can I know how much bandwidth does use on customer and how to limit if I have no access to the router ?

- How can I limit my customer from using free IP on the same block than he is ? We do configure server with IP and the same subnet, gateway and broadcast, so one customer could use free IP just so, and I would not even be able to know who is doing.

How do you limit and count this for your servers?

View 0 Replies View Related

Dedicated Server Along With Dedicated Support

Apr 1, 2008

to move from shared windows hosting to Dedicated windows hosting. This will be our first dedicated server and experience with dealing it too.

Someone suggested me Rackspace. But they were charging premium rates 440 USD for entry level windows server.

View 14 Replies View Related

HiVeloCity Network

Apr 20, 2009

This is 4th day i am having network issue on HiVeloCity.

Does anyone else here experiencing the same problem, or its only rack where my server is located?

I am unable to use my server for almost 4 days as i already said, and they still have no solution for me.

Every time i open up a live chat with support, they tell me that they are checking, working on it, having someone see it, etc. but problem is still there.

What should i do?

I am going to post pings from SoftLayer and my home to their main ip (their websites' IP where i see pocket loss as well)

... because of this my websites are opening so slow, and many ppl are complaining about this.

Since there is many experts on this forum i would like advise from you guys.
I would like to stay with HVC if they can fix this, if not looks like i will have to look for another provider.

Softlayer:
PING hivelocity.net (69.46.24.178) 56(84) bytes of data.
64 bytes from hivelocity.net (69.46.24.178): icmp_seq=0 ttl=119 time=30.4 ms
64 bytes from hivelocity.net (69.46.24.178): icmp_seq=1 ttl=119 time=30.0 ms
64 bytes from hivelocity.net (69.46.24.178): icmp_seq=2 ttl=119 time=29.9 ms ...

View 14 Replies View Related

Comp Network

Apr 25, 2009

Let say I have a computer network and the router is 192.168.1.1 and 192.168.1.2 to 192.168.1.10 is using workgroup called HOME and 192.168.1.11 to 192.168.1.50 is using workgroup called OFFICE.

All comp is WIN XP based client.

Now the qustion is, I'm sure that noone from home workgroup can access the office workgroup. But how about virus?

In case a computer which is reside into home workgroup is infected with network type virus, can that virus reach the comp which is reside into office workgroup?

View 2 Replies View Related

Network Install

Apr 13, 2009

is any software out there on helping me do a network install of centos or any other Linux base OS. I want to avoid downloading and burning CD for centos. And when I want install it on multiple machines I would need to put in the several CD to do a complete install of the OS.

View 8 Replies View Related

Network Adapters

Oct 8, 2009

i am managing my network with a linux box (iptables, vlans) + layer2 managed switch instead of layer3 switch.

On my linux server, a regular onboard network card is working just fine but i am planning to upgrade it to better one.

What would you recommend me?

* Intel Pro/1000 PT Gigabit EXPI9404PTL Quad Ethernet
* RB/4g 4 port 10/100/1000 Mbit PCI Ethernet (Mikrotik)

or any other?

I would like to build my own firewall/gateway server instead of paying thousands of dollars to cisco asa, juniper or etc.

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved