I have been in this industry for 4 years managing my servers alone. However, today I got a spam report that looks like something I have never seen before in my entire life.
Note: The spam is neither comming from an address on my server nor being sent to an address on my server... How is it using my IP then? I tried to check for open relays but found none... Do you have any idea what and how they are doing. None of the email addresses mentioned in the header are hosted on my server! Also the message ID does not appear in my log file:
MIME element (message/feedback-report)
Encapsulated message (message/rfc822)
Headers of embedded message (message/rfc822)
From fakesender@hotmail.com Wed Feb 13 02:37:08 2008
X-Apparently-To: recipient@yahoo.com via 209.191.91.172; Wed, 13 Feb 2008 02:44:39 -0800
X-Originating-IP: [MY.SERVERS.IP.ADDRESS]
Return-Path: < fakesender@hotmail.com>
Authentication-Results: mta139.mail.re4.yahoo.com from=hotmail.com; domainkeys=neutral (no sig)
Received: from MY.SERVERS.IP.ADDRESS (HELO my.servers.hostname) (MY.SERVERS.IP.ADDRESS)
by mta139.mail.re4.yahoo.com with SMTP; Wed, 13 Feb 2008 02:42:56 -0800
Received: from sdcbc (112.23.180.123)
by my.servers.hostname; Wed, 13 Feb 2008 04:37:08 -0600
Message-ID: < 006e01c4df02$fc9cb4e8$c7eb8875@sdcbc>
Reply-To: < someaddress@bellsouth.net>
From: < fakesender@hotmail.com>
To: < recipient@yahoo.com>
Subject: =?koi8-r?B?Qm9vc3QgeW91ciBzZXh1YWwg?=
=?koi8-r?B?cG93ZXIgbm93IQ==?=
Date: Wed, 13 Feb 2008 04:37:08 -0600
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=" ----=_NextPart_000_006F_01C48875.C7EBB4E8"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Content-Length: 777
Now the server is getting to many spam mails. We already have filters on the server, but we get spam mails with header which are not in English language. The header are normally in russian or arabic language.
how to stop these spam mails with header which are not in english.
Hello, if anyone is familiar with network technical jargon, I would greatly appreciate a translation. I cannot access my server/site or my datacenter's website.
I checked my regular site monitor and it said both sites were up. However when I checked another online monitor I received the following message:
"Got an error when connecting to ns2.ochiba.net/64.235.53.39 with a request for ochiba.net/ANY: Socket Timeout Exception: Socket timeout on name server ns2.ochiba.net. null"
Here is the ping information:[url]
My site is ochiba.net.
I have no clue what this means. Is this a network issue? DNS issue? Is it on my end (I don't think this is the case because my datacenter's site is down as well)? My datacenter's end? Any recommendations on what steps I should take to resolve this?
I've been unable to access my server now for 20 minutes, so any help would be greatly appreciated (even if it is to point me in the direction of an appropriate google search)
I am getting following error after to login to my Cpanel, Please advice me the solution. thanks is advance.
======================================================== Unable to understand response from admin bin: reseller sent: RESELLERSUSERS root received:[]: Illegal seek at /usr/local/cpanel/Cpanel/AdminBin.pm line 140. Cpanel::AdminBin::adminfetch('reseller', 'ARRAY(0x9f77224)', 'RESELLERSUSERS', 'storable', 'root') called at /usr/local/cpanel/Cpanel/Resellers.pm line 36 Cpanel::Resellers::Resellers_accountlistopt() called at /usr/local/cpanel/Cpanel/RvresellersC.pm line 63 Cpanel::RvresellersC::RvresellersC_accountlistopt() called at (eval 84) line 1 eval 'Cpanel::RvresellersC::RvresellersC_accountlistopt(@{$argref});' called at cpanel.pl line 1648 main::exectag('<cpanel RvresellersC="accountlistopt()">') called at cpanel.pl line 4797 main::dotag(undef) called at cpanel.pl line 4664 main::cpanel_parseblock('SCALAR(0x90e7c8c)') called at cpanel.pl line 4616 main::cpanel_parse('GLOB(0x93b4f40)') called at cpanel.pl line 2912 main::doinclude('rvbranding/newssessionLayout.html', 2) called at cpanel.pl line 1673 main::exectag('<cpanel relinclude="rvbranding/newssessionLayout.html">') called at cpanel.pl line 4797 main::dotag(undef) called at cpanel.pl line 4664 main::cpanel_parseblock('SCALAR(0x90fdeb0)') called at cpanel.pl line 4616 main::cpanel_parse('GLOB(0x9388638)') called at cpanel.pl line 1309
from about 3-4 days, the cpu of my server, from an average of 0-15% load, grew up to a constant 80-90-100% cpu load.
There were two processes called php-cgi.exe IWAM_PLESK(default) that, each one, constantly burned 30-40% of cpu load.
So, stopping websites one by one, I found the website that was the cause of the cpu overload.
On my "old" windows vps, there were processes called with the name of the website hosted (for example websitename_web.exe), so it was easy to immediately find exactly what website was involved in the hypotetical cpu or ram overload issue.
I want to pass on a warning before anyone goes with iWEB. I just ordered a $269 a month dedicated server so I could run vmware on it for my own virtual machines that I need.
With this server I got 7 IPs.
The primary IP they assigned me is say for example: 70.xx.15.171 with a GW of 70.xx.15.161. The secondary ips they issue me are 70.xx.18.249-254. So these are on a completly different subnets.
After talking on the phone to several differnt people including tech support who tells me this will work jsut fine useing thoes secondary ips on my VMs and to not put a gateway address. I talk to my account manager he says to open a ticket that he will forward to their system admins.
This is the ticket I opened.
I just got a new server set up CL-T113-140CL. It was assigned the primary ip of 70.xx.15.171 with a GW of 70.xx.15.161. My secondary ips are 70.xx.18.249-254. The server we got from you is a VMWare host. We need to use the secondary IPs for the Guest VMs. How ever the primary and secondary IPS are on different subnets and so the VMs useing the IPs 70.xx.18.249-254 can not talk to the gateway. I need to have a gateway server IP to use for my VMs.
Please either give me a valid GW address for the 70.38.19.x subnet or assign new secondary IPs on teh 70.xx.15.x subnet with a SM that can talk to the 70.xx.15.161 GW assigned.
this is the reply I get back from their system adminstrator
The gateway to be used for your secondary IP addresses is the same as the one for your primary. You should not have anything to change, gateway-wise. Just leave the current one as default gateway and everything should work just fine.
If there is anything please do not hesitate to contact us.
Regards,
-- ================================================= Jean-Francois Doucet [iWeb] System Administrator / Administrateur Système Support / Client Hub : [url] [url] =================================================
Are they brain dead at iWEB? DO they understand basic TCP-IP networking at all?
Here is my last reply. I tried to make it real simple for them to understand.
This does not address the issues. Do you even know what a virtual machine is? It is a virtual computer running on the host computer. The host computer has a valid ip address of 70.xx.15.171, sm: 255.255.255.224 gw: 70.xx.15.161. The virtual machines (or guest operating systems) if I assign it the IP address of 70.xx.18.249 SM: 255.255.255.248 with no gateway it is physically impossible for it to reach the gateway of the host pc 70.xx.15.161. You have to understand the Virtual Machine operates as a completely separate computer. It requires its own gateway. with no gateway specified it has no way to get out of its local subnet to get to the 70.xx.15.x subnet. What happens if you put two physical computers on one hub. The computer on port 1 of the hub has the IP info 70.xx.15.171 SM: 255.255.255.224 GW 70.xx.15.161. The second computer is on port 2. It has the ip info of: 70.xx.18.249 SM: 255.255.255.248 GW: NONE. How is the pc on port 2 going to communicate with the pc on port 1? This is the exact situation we are in. There has to be a gateway to route the IP traffic from pc2 to pc1 to get onto the internet.
PHP Warning: Cannot modify header information - headers already sent in /home/user/public_html/ads/adserv.php on line 68, referer: [url]
What does this mean? All was done was cpanel transfer between two cpanel boxes, that is all. Still using php 4.4.8 / mysql 4 with apache 2.2 (centos 5)
As stated on subject, how to do it? On Linux, I know I will need to compile php with a patch (for example using Choon's patch) to get it, but dont know how to do on Windows.
I am using 2.2.29 in Windows.Trying to remove one cookie in a request header before passing the request to the application, but having trouble. The cookie is in the middle of the request header.
I'm looking for a way to add a script in the header tag of a web page without using a CMS or anything like that.it should be the first script that is running when the page is rendered.I'm running Apache 2.2.25 and Tomcat 7.0.50 - both Win32 versions.
There are two reasons for an approach like that.
(1) - I expect it to work regardless the CMS I'm working with; the same expectation is for Tomcat and Java applications. (2) - I'm able to start this as early as possible => includes monitoring the performance of the CMS itself.
I have been tasked with setting up IIS6 to run 10 different sites. We will be using the Host Header Names approach as I do not have 10 IP addresses. I want to allow clients to upload/download to their site via FTP. My IIS6 books have examples of how to setup separate FTP sites for individual IP addresses, how do I accomplish this when using Host Headers? I just need to be pointed in the right direction.
My configuration is Apache 2.2.3 using Tomcat - AJP with mod_proxy_ajp, mod_ssl.We have configured Kerberos but some users are getting an error - Size of a request header field exceeds server limit.
Users with headers above 8K are getting this error, users less than 8K can get in fine. How can I increase this header limit in Apache/Tomcat? I have tried multiple suggestions found on google and other sites.
Here is what I tried:
Adding the following to the http.conf LimitRequestFieldSize 65536 ProxyIOBufferSize 65536
Adding the following to server.xml packetSize="65536"
editing a workers.propeties file, but we dont have any files on the server with that name.
But i see in the mail logs that from address is being overwritten using the default user for the domain. Is there anyway to configure plesk or postfix to respect those headers?
I'm trying to perform SSO to my application. for my login i get an error "Size of a request header field exceeds server limit". I believe the header size got increased then the limit set in apache server. I'm guessing so.
the flow of request: Apache -> tomcat -> SAP Business Objects.
For my colleagues login the SSO works fine with out issue.
So, how to increase the HTTP header size. I'm bridging apache and tomcat using AJP connector. below is the AJP connector parameters in server.xml
I recently realized that domainkeys headers are not added to mail messages that are generated on our server. We are using MailEnable Enterprise 8.60 (upgraded on the Stardart edition, that is installed with Plesk).
I thought the problem could be related with this upgrade and created a new VM and tried that out. Installed Windows Server 2012 R2 Std, enabled DNS and IIS with ASP.NET versions, applied all updates, installed Plesk 12 and Upgraded to MailEnabled Enterprise. On the new server mails are going with the correct domainkeys headers.
Now I think that the problem was generated because of the Migration. On the old server Plesk 11.5 was installed and we didn't have any domainkeys issues. When we created our new server, with the same steps I wrote below, and migrated our backup to the new server, domainkeys headers weren't there anymore.
I couldn't find any documentation about this issue. Is there any commands to reset the settings related to domainkeys or may be it's a curruption in the psd database?
