I'll try to make this long story short, but this morning I logged into one of my servers and it showed a read-only filesystem, which I thought my server guys could fix easily. So I put in a ticket. 6 hours later, they tell me that they think the OS is corrupted and I need a new install. They give me KVM over IP so I can go in and 'do' things. I tried to log in as root and it wouldn't let me, so they finally booted in single mode and I can get in and such. When I try to su - root, it tells me that user root can't be found. I also tried to ftp into and out of the server with no luck. I really need this box back up. If not, I need to get all the accounts saved off so that I can build a new box. Everything is there, so I don't want to give up yet.
I cant visit my website! <snipped> everytime I go it says server not found. So I told some friends to go and they are able to see and visit <snipped> How is that possible?? They could and I cant? Yesterday same thing but then couple hours later it worked I could visit hmlegends.com but i didnt do anything and now today same thing server not found! i cleaned my history everything and still server not found!
So what I did is used a proxy <snipped> and then it worked!
But then I dont use a proxy SERVER NOT FOUND! Its like my IP cant reach hmlegends.com
I dont know how to solve this?!?? It just says server not found!
But it looks like everyone else could access it!
Anyways im using Firefox 2 but then maybe i thought it was my browser so switched to 3 so currently on firefox 3 and no its not its something with my IP cuz when i use proxy i could go to my site
but point is i dont wanna use proxy i wanna use my IP to go to hmlegends.com
After going back and forth with the folks that are supposed to be managing my server they finally checked and found an irc bot. Here is their message:
I have found a irc bot running on your server. The binaries are located at /var/lib/texmf/.dat/. You can see the tar file which the hacker uploaded at /var/lib/texmf/. I have changed the permissions to 000 so that you can verify the files.
The user of the files are nobody. Hence it is clear that the files were uploaded via url injection using some vulnerable script under some domain. Unfortunately there are no helpful logs to find the exact domains and the vulnerable script. It is certain that the files were first uploaded to /tmp and then moved from there. You can see some similar hack files at /tmp/.dat, /tmp/var and /tmp/.dev12. Also the permission of /var/lib/texmf/ was 777.
You should update all your web softwares to latest version so that they will include latest security patches. Also I will recommend you to enable mod_security in your server to prevent further hacks.
I have read that although chained root ssl certificates can be more difficult to install they are actually more secure since the root certificate cannot be compromised, only the intermediary.
Is this true? It looks like both google and amazon both use chained SGC certs.
OK so I am running one powerful server. And have PlatinumServerManagement Manage it.
But Ever since I got this server The server never went down or anything like that due to high CPU usage or to many visitors.
But for some reason I am still getting emails from my members that once in a while they cant access the site because they get a "server not found error" I checked the server uptime and it never went down. The server has been up all the time. So I have no idea why these people can't access the website.
My first guess is that they are getting blocked by some security software on my server. But I talked with PlatinumServerManagement and it can't be that.
So does anyone know why they might not be able to see the websites all the times? but only some random times.
I am running CentOS and everything is almost perfect, except when I try and send email via the sendmail smtp service the email gets bounced back with the following information:
The original message was received at Tue, 20 Mar 2007 15:27:26 -0700 from localhost.localdomain [127.0.0.1]
----- The following addresses had permanent fatal errors ----- <jkeller@<myrealdomaingoeshere>> (reason: 550 Host unknown)
----- Transcript of session follows ----- 550 5.1.2 <jkeller@<myrealdomaingoeshere>>... Host unknown (Name server: 127.0.0.1: host not found)
I have Plesk 11.5 (service provider mode) on a Windows 2008 server IIS7.Most of my sites are developed in .asp and therefore i use a custom 500-100.asp error page that check s the IP of the visitor then displays either a friendly error, or if its my IP a full error of what has happened (it also emails me the error). This allows me to debug pages easily whilst developing and to keep an eye on anyone trying SQL Injection hacks on my sites (as the error and email also have session variables and IP address).I dont have root access to the server as it is a Webfusion dedicated server.I have following the Plesk documentation -
1) Switch on custom errors for the subscription 2) Look in virtual directories and navigate to error documents 3) Find the error in question (500:100) and change it to point at either a file or URL
FILE - I had the data centre add in the 500-100.asp error page in to the virtual template so that my page is available in the list of virtual files - this didn't work but that maybe because its not a static page??
URL - when i add the path it says its incorrect, if i add a fully qualified address, it accepts it but it doesn't work.give me a specific example of the URL that can be entered relative to the root as the format in the documentation isn't accepted. The last step is to restart IIS which is also an issue as i cant seem to do this from the Plesk panel..It is as if it isn't catching the 500:100 error, and only catching the general 500 error??
Not sure what the problem is but I can't preview a new website using Quick Site Preview. I have configured Tools and Settings > Website Preview Settings > Quick Preview on a domain name in Plesk by selecting the server domain name, yet despite this when I go to a new domain I setup today and click preview I get a browser windows that says "Server Not Found".
direct root logon to a server is disabled; using another login, obviously. However, I need to be able to SFTP files from my computer to a directory on the server using said login - yet it does not have correct permissions, evidently, and therefore can't even see the directory I need to be able to SFTP files to.
Tried CHOWNing the directory with that usename, giving it 777 permissions, etc.
We would like to offer root servers to customers, but we worry that they change the IP address to another IP address in our network and make troubles like this. I think, if a customer takes the same IP like our gateway router, our whole network is not reachable anymore. How can I avoid this?
I am actually very inexpirience in server management. I have a small - I believe - problem. I need to get config file onto my computer from my root server. I can access it through terminal, but it is not very confortable. The config file is on root server.
the file is located at //etc/xxx.conf
Do I need to use web browser to do it? If so how?
Or is there a way that I log to my root server through ssh and transfer onto my computer?
creating a basic redirect. What I need is to redirect the root of my server 173.x.x.x to a file called test.php in the root of my folder.example: when I go to http://173.x.x.x I get redirected to http://173.x.x.x/test.php..
My server hosted with 1and1.co.uk (and therefore in Germany) has been down since 6PM UK time (20 hours ago) - support is just excruciatingly bad - the structure they have set up to make sure the actual datacentre people aren't customer facing is atrocious... you can't speak to anyone who knows anything, it's so frustrating.
I'm writing this to ask if anyone else has a root server in Germany as the latest fob off is that a router CPU has gone down knocking all those root servers offline. I'm surprised to not have seen any other threads from disgruntled customers if that were the case. They even added the router is in Canada... which begs the question - why would that knock out my German server??
My server isn't even accessible by the serial console and the reboot/recovery system isn't restoring it - they swear it's network related, but surely I'd be able to get in via the serial console?
This is winding me up good and proper, I can't concentrate on any other work and I just find myself trying to find other ways of getting any kind of real information out of 1and1 given their complete lacklustre attitude to coming forward with any themselves. 1 hour of downtime I can put up with, 20 hours without a hint of belivable feedback is just unacceptable...
I've just signed up for my first VPS with CMBHosting and the person in charge, Chetan Bakhru, seems like a genuinely nice, friendly and helpful person. In other words this new service look promising at the moment.
However ...
When I signed up I selected his CentOS/LXAdmin plan because I figured that with a pre-installed control panel like LXAdmin I could avoid as much ssh as possible and simply get "up and running" more quickly. Plus I have some experience managing my own CentOS development machine, and I know that a special software package I plan to install runs on CentOS "out of the box" -- so I was expecting good things from this new VPS.
But when my account was created LXAdmin did NOT create an FTP admin account for me with root access to my VPS!
Instead it created an account that drops me into web server's document root folder, and this is far too limiting for me. I really need FTP root server access -- and I'm surprised that LXAdmin did not provide this access by default.
Not only that, but it appears that I cannot create a new FTP account that has any deeper access than the existing admin account!
Does anyone with LXAdmin experience know if this is the way LXAdmin normally works by default? Or is this perhaps a special configuration created by my new VPS host?
I'm trying to setup a new SSL host on my server. I changed the IP address in the WHM, and even though the httpd.conf file shows the proper path to the site's directory, when i type in the domain I get the cpanel default page at the apache root directory.
on one my root server runs a DDOS attack, apparently from a Botnet, however all have the same Referer. Who can give me Tipps, how I can prevent the attacks? Preferably evenly stop over the Referer?
i can not login to my decated server by using root. the password is not correct.. becasue i did something wrong with my server. i used chmod 777 -R /public_hmtl and chown to modify my server. and i can not login anymore, LT asked me to reload my server, do i need to reload it?
