what does the below command actually means I mean when we use it? and in which case it help us? and up to what value there is nothing to worry about? Waiting for detailed reply
I am not shure if this is a configuration problem or it's bacause netstat has it's own way to display things.
Recently csf blocked an IP address for flooding.
My server ip address is something like 192.168.1.201.
The ip that csf blocked was 192.168.1.20.
That IP belongs to an other server that is not ours.
netstat was showing a lot of connections from 192.168.1.20 (the ip that is not ours) but the guys that manage the server with that ip (192.168.1.20) did not saw any connection from them to us. So I thought it's just a spoofed flood. But, the thing is I've blocked that ip and still connections were made.
My conclusion was that netstat was showing 192.168.1.20 "flooding" instead of 192.168.1.201. (the server was connectiong to itself).
iptraf also was showing the server was connecting to itself on the lo interface.
My questions are: csf is based on netstat for tracking connections? has anyone had ths type of problem before? If netstat is showing something else isn't this a bad thing for all (a lot) the scripts that use netstat?
I'm new to server administration/security/troubleshooting, so I have included a lot of info here hoping it will help.
This started because a Linux VPS with CentOS and Exim crashed after only 3000 emails were sent (of 30000) total
I ran a netstat and several times I get three separate ips with the only difference being the last two digits and the port number: 86.104.230.29:59009 86.104.117.45:18065 89.37.137.157:41593
As far as I can tell they are from Romania, and there are several connections.
I have posted a lot of information below, if someone can take a look and give some ideas, it would be very much appreciated.
for over a year now, with iptables. However recently, after upgrading to apache 2.2, the connections in netstat get listed as ipv6. A row can look like this for example:
As you can see, the remote ip address isn't complete, it's cut off, so the script used to sum up connections and insert into iptables isnt doing anything.
Is there a command i can type into the ssh console to stop a current transfer that i started wit the wget command?
the file im wgeting always stuffs up at 51% but then the server just retries and starts again, its done it 3 times so far and i just want to completely cancle the process if possible....
Maybe someone would be kind enough to enlighten me of the meaning of a netstat output. I know netstat is supposed to tell you the current active connections but would like some more details(what does each column mean?):
Code: [root@]# netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address Stat I notice that often times I see my ISP's mail server connecting to domains I didin't even set up yet. Sometimes I see google(I guess indexing my sites). But in addition some times I see some scary foreign addresses like from nigeria or one really common one, one which I see pretty often when I run netstat is:
for example my current path in server is root@server [/home/user1/public_html/upload]# and i wanna copy every thing inside directory upload to /home/user1/public_html/ but when i used this command root@server [/home/user1/public_html/upload]#cp -r -f *.* /home/user1/public_html/
then it just copy files . is there is any way to copy folder as well?
Im using the 'top' command on my server to view the memory and cpu usage, to save me sitting in front of my pc for hours looking at it, is there any way I can save it to a text file for viewing later on
After configuring all the ports, i start the firewall with this command /usr/local/sbin/apf -s
and I got:
: command not foundline 438: kN:q : command not foundline 438: kN:q : command not foundline 438: kN:q Development mode enabled!; firewall will flush every 5 minutes. : command not foundline 438: kN:q
Can you please provide a clamscan ssh command for scan all sites public_html folder? I know "clamscan -i -r --remove /home/" can scan all /home directrory and sub-directory, but its can have a heavy cpu process and serer load!
Code: zip ../d/db/backup.zip ../d/db/09-02-15.sqlite backup.zip never appears. Instead, I get some random filename in the directory. Like ziOHokOw
If I try to zip a smaller file(last weeks backup) everything runs fine?
Code: zip ../d/db/backup.zip ../d/db/09-02-08.sqlite So the 134mb file zips fine, but the 200mb one seems like its failing and im left with some type of temporary file. I tried downloading the weird filename and unzipping it. It has partial info like directory structure, the filename but the actual file inside is corrupt.
I have recently brought a VPS hosting package. At the moment I am going through the tutoritals on the net that I have researched before getting a VPS package to give me some understanding on what I need to do to securior the server and also how to install the software that I require.
For most of today, I have been trying to sort out a problem that I am currently having.
Of which is I am trying to sort out a part of the tutorial from a website that requires the use of apt commands.
But for every command I am getting the message back apt..... Command not found. I am currently using the ubuntu operating system. And through some research, I have got the feeling that I might have the bare installation done on my server to just make it work.
Would I be right, and with the bare installation apt commands wouldn't be installed?
If I am, how would I go about installing the Apt commands and anything else that I might require?
can i activate the deletion command for 10 or 30 mins and then stop it? i think by this way we cant delete some files from the dir and not all the files so i can edit my files
i want to do this because my server doesnt respond to any file system command because my hardisk is full! so i need to remove some files by any way