This question is about a shared hosting server running Cpanel on CentOS. A script on the server is sending out SYN flood targeted to an external third-party website. While running netstat, I can see that the main IP of the server is making a lots of SYN connections to the external site.
How can I find out which script on server in initiating those SYN connections?
I want to have a cronjob that would search /home every 2 hours for a certain folder name then it will save the path on a text file and notify me if found. Anyone can help me what to put on the .php file and include that on cronjob?
I'm currently a customer of The Planet and have been now for about 3-4 years, I've been very pleased with their service and their hardware. However I'm getting to the point where I'd like to upgrade my server and their upgrade prices as like most any other datacenter are 100-200% more then retail. While I'm not against people making money, this to me seems a bit to much.
So I'm considering paying a bunch of money up front to buy a new Dell 1950 PowerEdge server, and in doing so I need to find a company that can colo the new server. However I know a little about dedicated servers but nothing about colo or where to even start. I've found a few companies here in Lexington, KY as well as Louisville, KY and a few other companies in surrounding areas but I don't know the slightest thing I should be asking about. When searching for a dedicated machine it was easy - bandwidth and system specs.
What are a good list of questions I should be asking these companies when I call them for prices and availability?
I've seen perl scripts able to achieve this, so I am wondering if a tool similar to this has been released to work with APF / Iptables?
The script in question is a "bot trap" and you put a deny rule in robots.txt to a hidden file. In that file, the script records the offending IP and blocks it in htaccess (once the file in question is hit by a bot/person).
Getting a bit tired of seeing these morons always searching for: /phpmyadmin /pma etc, etc.
When I look around almost all offers are webhosting as Dedicated or Managed servers with PHP, MxySQL and so on.
What I need is (big) pure backup space which must be at least accessible by (reliable and pretty fast but not absolute ultar-high-speed) ftp server (which supports resuming of ftp-sessions).
Needed space: 200 GB
Traffic per month: 200-500 GB (can be at night)
(only) Nice to have (but not absolutely required):
- TLS/SSL Encryption for ftp - 2-5 more ftp accounts (sharing the same space) - crontab and perl scripts - WebDav
This is applies to both Horde and roundcube webmail client software;
Using Plesk 11.5.30 with Horde 5.1.5 or roundcube 0.9.5 on CentOS Linux release 6.5 (Final).
We have seen this behavior occur on multiple servers.
Clients experienced slow to no response after executing a search, which eventually results in a failed to communicate with the server-error in the webmail client.
The Apache server log shows script time-out errors when searching larger mailboxes (i.e. larger than 950 MB), this does not happen on smaller mailboxes.
We have seen errors like the following in the Apache server error log with Horde (personal data like IP-address and domain name are x'ed out):
[Thu Jun 19 14:55:06 2014] [warn] [client xx.xxx.xxx.xxx] mod_fcgid: read data timeout in 45 seconds, referer: http://webmail.xxxxxxx.com/imp/dynamic.php?page=mailbox [Thu Jun 19 14:55:06 2014] [error] [client xx.xxx.xxx.xxx] Premature end of script headers: ajax.php, referer: http://webmail.xxxxxxx.com/imp/dynamic.php?page=mailbox
And with Roundcube:
[Tue Jun 17 13:02:04 2014] [warn] [client xx.xxx.xxx.xxx] mod_fcgid: read data timeout in 45 seconds, referer: https://webmail.xxxxxxxxxxx.com/?_t...d=19445&_mbox=INBOX&_caps=pdf=0,flash=1,tif=0 [Tue Jun 17 13:02:04 2014] [error] [client xx.xxx.xxx.xxx] Premature end of script headers: index.php, referer: https://webmail.xxxxxxxxxxx.com/?_t...d=19445&_mbox=INBOX&_caps=pdf=0,flash=1,tif=0
Steps to reproduce:
- use a large mailbox (950 MB or higher) - login to the webmail (Horde or roundcube) - do a search in the search field on the top right - the time-out error should appear in the server Apache error log (after at least 45 seconds)
This seems like an inefficiency or bug in the search query that searches the user's mailbox. Is there any other way we can prevent this issue and the error messages?
we the mail send through email client, the receiver checks local ISP's ip address or mail server IP address before it blocks the emails? Or does it check both IPs?
An ad-network requires my website to have certain amount of traffic for x days to qualify, but they won't provide stats and have asked me to log the stats myself.
For incoming traffic stats, I already use AWstats etc, but is there anything available for logging outgoing traffic as well?
I installed and configured the POP3 and SMTP servers in windows IIS and set them up to auth using standard auth and windows usernames for the account groomi and admin.
I can receive incoming mail just fine, but when I try to send outgoing mail with the same credentials I get a 535-invalid logon error..
Is there a way to track outgoing mail that's sent from a Linux server? I'm running on Fedora 8 now, and would like to confirm and check mail that's being sent out by a PHP application.
I have exim, smartermail and qmail servers running in my fleet. Which is the easiest to capture outgoing emails for a specific account and how can I do it?
Problem: I am using to my Centos/Exim/Cpanel server to relay emails. The person who receives my email sees a helo that captures my ISP IP address and lastly the mail server for my domain along with its IP.
My ISP (Verizon) IP is constantly being flagged as a spam source by a variety of RBL's.
My domains have never sent spam and I only send a low volume of emails.
How can I remove my ISP helo IP address from being added to my outgoing email so that the only IP is the IP of domain sending the email?
Example Header:
Quote:
Received: from c-99-172-221-252.hlvd.va.verizon.net ([99.172.221.252]:3389 helo=[127.0.0.1]) <-- remove this part by server.myserver.com with esmtpa (Exim 4.69) (envelope-from <email@mydomain.com>) id 1MLoYc-0004Ol-20 for friend@hotmail.com; Tue, 30 Jun 2009 21:24:18 -0400
I'd like to seek help on how to read eximlog file. I saw the below inside eximlog. I'm wondering now because realemail@domain.com does not exist on this user emailaddress when I browse his cpanel. Now who is sending it? the only correct info is the pixelxl which is the user.
More out of curiosity than anything, I've been wondering if there are options for filtering outgoing SMTP. Not necessarily every single message, but a firewall-level tool to watch for a sudden burst in SMTP from one host, run some of the messages through SpamAssassin or the like, and trigger an alert if they rank highly for spam.
It seems like it's technologically possible, but I've never heard of anyone doing it, nor seen an actual implementation of it. Has anyone heard of this type of thing?
We've recently had a lot of complaints from clients who say Yahoo! mail recipients are not receiving the emails they send. We first noticed this sometime November 2006 but it could have started earlier.
One solution would be to find another hosting provider. The problem is I suspect that it's happening to a lot of hosts and it's Yahoo! in particular that seems to have been a lot more stringent than they were in the past.
I remember some time back (2004 or 2005), AOL blocked an EHOSTPROS.COM server (SVR28) for over 6 months. We also had SVR75 with them and it wasn't blocked (I believe they were in the same DC). And AOL was notorious for blocking a lot of servers. I don't know how it is with them now because from the Philippines, there is very little email exchange with AOL.COM or AIM.COM accounts.
And there is a lot of emails going to YAHOO.COM accounts! And that's where the problem lies.
I first noticed it on my ResellerZoom reseller account (GRAY). Mails from GRAY accounts were completely blocked off by Yahoo! It didn't even go to the Bulk Folder. So Yahoo! was blocking the GRAY server's mail IP and not particular domains (I don't think blocking a domain makes any sense, you usually block IP's).
I opened a ticket with RZ and got great support. But of course, it was about 3 days before Yahoo! started accepting mails from GRAY. RZ did the best they can but could only have done so much.
And then the same thing happened with my HostGator reseller account (INFINITI). Similar issue as well.
From that time until today, it seems to come back on and off. Sometimes emails never reach Yahoo!, sometimes it lands in the Bulk Folder (that's a much lesser evil).
I have 3 reseller accounts at RZ (CAMERON B1, GRAY A1, R2 Failover-1) and 2 reseller accounts at HG (INFINITI and SONOMA). The same issue has come back again the past couple of days on INFINITI (HostGator) and GRAY (ResellerZoom). I'd open a ticket but it's on and off.
Dec 5 / Dec 6, several clients on INFINITI complained that emails to Yahoo! recipients were not being delivered. By the time we tested it, it was ok already. And then just a few hours ago, we got a call from a client on GRAY. We tested and emails were landing on the Bulk Folder. But after a couple of more tests, it went to the Inbox.
We advise clients to tell Yahoo! recipients to always check their Bulk Folders. We also ask the recipients to tag emails with MARK AS NOT SPAM hoping that would help.
You could say that I should be going to HG and RZ support for these. It's just that I don't think it's limited to them and I want to get feedback from others. I will also invite HG and RZ to give their comments on this post.
In the reseller hosting area, I'll actually be asking around also for reseller hosting that's more reliable with email. But I've been doing reseller hosting since May 2003 and have used all of the following:
There were more in between but that was a quick in and out. The above list in the sequence I signed up and only includes those that I stayed with long enough (at least 6 months) to evaluate and decide if they're worth it.
I won't expound but avoid MIDPHASE, SITE5, and BLIKSEM. There's enough here on WHT for you to search upon.
My point is that, by far, I've had the best experience with HG and RZ and it does get tiring moving from one host to the other. And it's not that we haven't contributed to the problem. A lot of our clients' contact us forms have recently been hijacked by spammers and have caused abuse on the servers. We're working on fixing each and everyone of these scripts (> 80) and should solve it within a few days. We do our part but there are hundreds of accounts and millions of ways spammers try to hijack server resources for their cause. Note, however, that those scripts have been there for quite awhile and only recently have they been used to spam.
Although there are a lot of other hosts with good reps here on WHT, the only other host I am considering (for the moment) is Aussie Bob's DOTABLE.COM.
But then, right now, with these email woes, we're still evaluating our business. The bulk of our clients are dependent on email. Too much incoming spam is already an issue but mails not reaching intended recipients kinds of ruins the business.
Damned these spammers!
Is there actually a viable solution for this issue? Or is it something that we just have to start living with?
We've got a dedicated server at our company that hosts several sites and email accounts. Today I noticed that in the mail queue (from Plesk) we have like 5 or 6 messages from the same customer with around 400 destination addresses for EACH one. This would be like 2000-3000 emails to be sent. It isn't spam as it's some kind of newsletter.
I don't really know how the QMail server handles this, but it's been 5 hours since some of those messages entered the queue, and they are still there, so it seems that is having some difficulty.
I don't pretend to limit the amount of emails an user can send per minute or per hour, but I would like to know if there is any way of managing the queue like, lets say, send 50 message per minute. As far as I know, the mail queue right now (by default) starts sending the messages as they come, which means it could send 1000 in a few seconds if it can handle it.
I don't even know if this would be better or worse, meaning that maybe messages could get queued when the server could handle them, so some customers would see that emails are not working instantly as they do now. It also would be good if this tool (if exists) could report the current status of the queue, saturation, etc...
We're a bit worried because a couple of days ago we had some kind of attack and our server started sending hundreds of emails with fake sender and the CPU went overloaded and the mail queue was too big.
I am facing very unique issue at two of my servers hosted at hivelocity from last 3 or 4 months.
In every couple of days all incoming and outgoing activity get stopped except on port 3386 (RDP) i.e. no one can get website hosted on the server or neither I can access any website from the server but all other services continue to work. A reboot to the server will solve the issue but that is only a temp solution.
I have checked event logs one by one but no issue or error found on it. I have even run the server without firewall but still it stops working.
Scanned the server from 3 different antiviruses one by one but they didn't found any virus.
Datacenter tech staff monitored the server and found no DoS or other such kind of attack on the server or IP.
I am totally clueless on this issue on how to solve it.... anybody here who can help me?
OS: Windows 2003 Firewall: Previous hardware based, then software based and now windows firewall (same issue with all) Third party softwares: No Scripts: ASP, ASP.NET, PHP Database: SQL and MySQL
I'm testing csf with cpanel and all is good at the beginning but i noticed that outgoing curl connections are blocked and i can't add any port to iptables due to curl uses a different one each time.
how can we limit the maximum number of e-mails that can be sent by a domain in PLesk. We are facing issues where out server IP is getting blocked by some e-mail providers for bulk mailing.
A client of mine has an Exchange server in the company, for sending mails he like to setup smarthost in the Exchange server to relay the outgoing mails from a third party mail relaying service provider.
I am trying to make sure my server configuration is optimally set to prevent my outgoing activation emails being set as spam.
so far I have set up an SPF record - Using Plesk for mydomain.com set up a DNS record of type TXT and value v=spf1 mx -all.
How do I check if this has been set up correctly?
I am using CentOS with Apache and Plesk 8.3 and I am sending mail using PHP's mail() function. The majority of the emails that aren't being received are going to hotmail accounts but I haven't yet sent a large enough amount of emails to view any concrete pattern. Curiously they don't appear to be going to the user's spam folder they are just being deleted outright.
Also, I'm not sure if it's related but one of my users mistyped their email address as @gogglemail.com and I now have a message in the qmail mail queue which is dated 1970. Is this something I am failing to do at a PHP level (i.e. not setting a date attribute)?