Weird Example Of Blocking Port 25
			May 6, 2008
				I have a client who was sending email to another server with Cpanel, all of a sudden all emails are in the queue for a few days and we checked everything was ok on our side even the logs are able to find the domain name, just that it drops from there.
Took me a while I finally telnet their port 25 and found it block, but somehow a few minutes later it was unblocked.  Is there any mechanism in Cpanel that auto block port 25?  I know the client uses a catchall so all rubbish went there, I cleared the catchall for him.
	
	View 3 Replies
  
    
		
ADVERTISEMENT
    	
    	
        Feb 11, 2015
        i'm running 12.0.18#34 on PCS dedicated server. i recently discovered that some of the default jails on fail2ban that is shipped with Plesk 12 were not working correctly.  Let me explain what i mean. For instance, the plesk-panel jail. The logs were parsed correctly, the command was successfully appended in iptables list, the fail2ban log was updated. Still, the intruder was not blocked. I kept reading "already banned" on the fail2ban.log but actually there was no blocking.
After some checks, i found out that fail2ban default configuration states SSH as default blocking port.
that means, the block was working but only for ssh hits. thus the plesk-panel admin page hits were passing through.
since i added port=http,https on jail.local > plesk-panel  and did it a restart on fail2ban service, only then did it start to actually block incoming hits.
I think this should be verified by programmers group and maybe include a fix in some future minor update.
	View 1 Replies
    View Related
  
    
	
    	
    	
        Mar 1, 2015
        I have some issues with the plesk firewall:
1. Emails are not delivered: 
From some reasons, plesk is blocking incoming 25 port (in plesk shows opened, but it's not)My emails are delivered trough port 25, after doing some tests ( i've sent some emails to an email account hosted in the server) there was no email in the roundcube inbox! All emails were blocked...
a) Firewall was blocking the port 25 on server restart.
b) I have succesfully unblocked it from plesk manager -> tools -> edit/change -> even if i didn't change anything, i saved the "changes" and in my roundcube inbox i recived all the test emails.
c) In /var/log/maillog there is no error.
2. Passive FTP gets blocked in the same way, to successfully connect FireFTP on passive mode i need to repeat 1.b steps even if i've created a special rule to prevent the blocking,  opening 49152-65534 ports and set PassivePorts 49152 65534 in /etc/proftpd.conf
The issue appears randomly, because in the last 5 days i didn´t restart the server, the last time i checked it worked.  Today, without touching anything, firewall blocked my passive FTP and I had probmels reciving emails from gmail, yahoo etc...
	View 2 Replies
    View Related
  
    
	
    	
    	
        Aug 8, 2013
        I'm runnung a server with Apache2 (Apache/2.2.16 (Debian 6.0))
I would like Apache2 listen on port 8080 for IPv4 and on port 80 for IPv6.
This is what I have now:
/etc/apache2/ports.conf
	View 4 Replies
    View Related
  
    
	
    	
    	
        Feb 19, 2008
        Currently I am using Linux + cPAnel and using the port 25 for email sevrer. Currently we facing 1 problem is, some user's ISP is not support port. May I know how can I add additional port into server and allow users to send mail by different port?
	View 1 Replies
    View Related
  
    
	
    	
    	
        Jun 21, 2009
        I have an office internal website and I opened a port in the gateway of my office (7080) to this website (server )'s 80 port. That makes this website open to public as office has static IP. And then when I view the site from home . it's fine. But when I tried to login, the site is using a pop-up, I guess it's http authentciation, login, I was redirected to a url without my port number any more, that stops my access to the site as obviously I would. 
How can I keep my connection/port number ...? 
	View 2 Replies
    View Related
  
    
	
    	
    	
        Jun 18, 2008
        about the NIC and switch,
there are giga port vs mega port,
in your experience,do they really be different?
	View 14 Replies
    View Related
  
    
	
    	
    	
        Jun 10, 2007
        I recently changed my SSH port, but locked myself out when my APF firewall was installed.
Where would I got to add a custom port inside the APF's config file?
	View 3 Replies
    View Related
  
    
	
    	
    	
        Jun 3, 2009
        I've got a vB site which has a RSS Poster Bot (fetches RSS Feeds then posts them). However, for some strange reason, it stopped working. Theres no errors in the error_log and when I do a manual run, it just times out after a minute or so.
The only thing I can think of is that one of the RSS Feeds is down or one of the sites is blocking the server IP for some reason.
	View 2 Replies
    View Related
  
    
	
    	
    	
        Apr 28, 2008
        i have this really annoying issue i'm hoping you can help with.
it seems the spamd child process gets stuck and causes 100% cpu usage. but this doens't just happen randomly, its only for this single user account. e.g. take a look at top output:
4581 <username>  93  40:58.87  1.3 82624  52m 2280 R spamd child
the 93 is 93% cpu usage. 40:58 is how long the process has been running, 40 minutes and counting (i just killed it though). and all it tells me its running spamd child. it usually dies after a few hours but only after causing 200% cpu usage (100% on both cpus) and making my server load skyrocket. This happens at least twice daily at no set times.
this user isn't a spammer. no scripts, no mail queue generation, no email accounts even.
running cpanel 11, centos 4.
	View 3 Replies
    View Related
  
    
	
    	
    	
        Oct 8, 2007
        I have a weird problem since the movement of our ip range with one of our servers. Bind doesn`t seem to react on any changes we make.
For example, the server still resolves to the old ip adress while we changed all of those with ipswap.sh (directadmin)
The weird thing is that all zone files are 100% Correct. Ip`s are all changed and no sign of the old ip whatsoever.
Again, the nameserver still resolves to the old ip`s.
Also when i create a new domain, named.conf is changed and the zone file is created sucessfully. Still the nameserver doesn`t seem to add the domain name.
Restarting, reloading and even reinstalling named doesn`t help
	View 2 Replies
    View Related
  
    
	
    	
    	
        Mar 29, 2008
        I'm seeing weird characters on my support home page:
That's found right below "Home > Support"
The source code shows the following...
Quote:
<tr>
<td style="padding:0px"><p>Welcome to our Support Area.</p>
I've checked the two template files (header.tpl and homepage.tpl) but did not find such characters. Its boggling me. Not even whitespace.
	View 4 Replies
    View Related
  
    
	
    	
    	
        Aug 4, 2007
        Got a couple of questions on my Centos server.
It is my only (at present), and main production web server located in a datacentre in the Uk.
I am running Centos 4-4.2 since a hardware failure earlier this year neccesitated a stressful overnight ssh reinstall.
I have it setup pretty well now (I think!) but I cant work out how I am able to sftp into the server!
Reason being, I have installed VSFTPD (made sure there were no ftpd daemons installed or running), and when I stop this service via sshd, it does not affect the fact that I can then sftp in to the server using an ftp client such as wsftp pro...
Also, even when I change the vsftpd.conf to jail certain ftp users to a directory, it seems to have no effect and ftp works exactly as it did before without imposing the restrictions?
There is no other ftp daemon showing up in the process list.
I have tripwire installed, rootkit hunter, and cisco hardware firewall in conjunciton with ip tables.
I dont 'think' its hacked!
Also, the last time I upgraded centos was from an early v4 to 4.4.2 due to major hardware failure on the server and the fact I didnt have a mirrored OS/server backup (due to cost) *but I did of course have all my sites and databases etc)
I am rather scared to upgrade Centos kernel to the latest version in part due to horror stories I have heard from others (NOT regarding Centos specifically) from kernel upgrades going wrong or compatibility issues etc that mean that I am very very reluctant to do it on our main production server..
 
I am imminently buying another server to act as a failover and backup for the existing one,but is keeping my current Centos install as it is and holding out to wait for a test server the best thing to do? (are there any serious security issues in 4.4.2? bugs etc?)
Or should I have confidence and get Yum to do its business!
	View 6 Replies
    View Related
  
    
	
    	
    	
        Aug 9, 2007
        This is a very weird network issue that we are currently facing.
There are 2 servers, 1.1.1.1 and 2.2.2.2;
I can ping both IPs from my computer at the office or from anywhere else.
BUT, I cannot ping each other. For example, I log into 1.1.1.1 and cannot ping 2.2.2.2 and vice-versa.
This is very weird and I am thinking this is not OS related and something beyond that.
I was wondering if anyone of you came across this type of issue and possible direct us in the right direction.
	View 5 Replies
    View Related
  
    
	
    	
    	
        Dec 25, 2007
        It seems that i am facing some weird Apache issue.
I cant access my forum.domain.com but can access forum.domain.com/admin
I didnt found anything in Apache error logs,but found this in access logs
IP HERE - - [26/Dec/2007:03:13:44 +0400] "GET / HTTP/1.0" 200 22435 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET CLR 2.0.50727)"
Is there anything strange in that info and what does 22435 represent?
	View 2 Replies
    View Related
  
    
	
    	
    	
        May 6, 2009
        On one of my Web sites I have it set to e-mail me whenever someone tries a SQL Injection attempt through the GET.
(I find some of the results interesting and/or funny.)
I also have it e-mail me the visitor's IP address and browser client.
I recently got one with a result for the IP address that certainly got my interest.
It read: 
Quote:
<?php phpinfo(); echo "LOOOOL, X-FORWERD BUG"; ?>
The PHP scripting I use to get the IP address is:
Code:
$visIP = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
I guess I'm wondering how they may have done it, and if this indicates an issues where people can hack my site (for control or at least info) through this method?
	View 2 Replies
    View Related
  
    
	
    	
    	
        May 5, 2009
        I keep getting weird characters such as .... in MySQL.
	View 3 Replies
    View Related
  
    
	
    	
    	
        Jun 17, 2009
        We have a license application client(IBM/LUM) that connects to a license server outside our network. 
The clients works this way... it binds a random port and tries to connect to the remote IP with UDP port 1515. 
Through wireshark I could see that it reaches the destionation, although the way back is unreachable.
If I add this random port to our router Port Forward rule, it works perfectly. Although this is not a solution cause the port is changing every time. 
Isnt this strange? Other applications open random ports as well and comunication is two-way reachable.
If I connect directly to the internet, it works perfectly as well.
What can I try to do with our ZyWall USG300 Router to fix this situation?
	View 3 Replies
    View Related
  
    
	
    	
    	
        Feb 19, 2008
        I've a few similar video sites and haven't noticed much difference over the years with their stats. They usually average anywhere from 50-100mb downloaded per day.
Suddenly this month, one site is practically going off the scale...600-700mb...up to 1gb downloaded per day...I'm like...wtf?! The other site is reporting normal BW.
I'm using awstats with hotlink protection enabled.
Is something or someone draining my bandwidth?
	View 3 Replies
    View Related
  
    
	
    	
    	
        Feb 19, 2008
        I have compiled a RT kernel using 2.6.24 and it has been working great. All of our machines are runnin Centos 5. No issues like the previous configurations on Dual Quad Xeons 5335's and 8GB of RAM. As well as one box with Dual Core Xeon 5140's with 4GB of RAM. They have identical motherboards. My issue is that when you do a soft reboot, it doesn't "technically" reboot. It does, but it doesn't. Let me explain. It kills my ssh connection and you can't ping it for maybe say a minute or 2. When it comes back up, you get a new SSH key to login. You hit ok, and you try logging in. It doesn't accept any passwords. The server basically becomes inoperable.
The only way to solve this is to do a hard reboot. Phsyically rebooting the server.
What could be causing this? This only started to happened when using the RT kernel. Is there an option that may be conflicting with it, however our 3rd and 4th box, with the same configuration has no issues like this. Soft reboots work great.
Here is the message log.
Feb 19 04:00:02 server530 shutdown[25342]: shutting down for system reboot
Feb 19 04:00:02 server530 init: Switching to runlevel: 6
Feb 19 04:00:03 server530 smartd[3037]: smartd received signal 15: Terminated
Feb 19 04:00:03 server530 smartd[3037]: smartd is exiting (exit status 0)
Feb 19 04:00:09 server530 ntpd[20917]: ntpd exiting on signal 15
Feb 19 04:00:09 server530 rpc.statd[2570]: Caught signal 15, un-registering and exiting.
Feb 19 04:00:09 server530 portmap[25711]: connect from 127.0.0.1 to unset(status): request from unprivileged port
Feb 19 04:00:10 server530 auditd[2469]: The audit daemon is exiting.
Feb 19 04:00:10 server530 kernel: audit(1203415210.158:8204): audit_pid=0 old=2469 by auid=4294967295
Feb 19 04:00:10 server530 pcscd: pcscdaemon.c:529ignal_trap() Preparing for suicide
Feb 19 04:00:10 server530 pcscd: hotplug_libusb.c:361:HPEstablishUSBNotifications() Hotplug stopped
Feb 19 04:00:11 server530 pcscd: readerfactory.c:1350:RFCleanupReaders() entering cleaning function
Feb 19 04:00:11 server530 pcscd: pcscdaemon.c:489:at_exit() cleaning /var/run
Feb 19 04:00:11 server530 kernel: Kernel logging (proc) stopped.
Feb 19 04:00:11 server530 kernel: Kernel log daemon terminating.
Feb 19 04:00:12 server530 exiting on signal 15
Oh and this is to reboot the server nightly at 4am, when this issue occurs.
0 4 * * * /usr/bin/reboot > /dev/null 2>&1
	View 2 Replies
    View Related
  
    
	
    	
    	
        Feb 9, 2008
        if you type in the browser
Code:
neomagician.com
it redirects to
Code:
[url]
ok no problem there. but when you type
Code:
neomagician.com/forum
OR
[url]
it redirects to the hostname
Code:
[url]
where you promptly receive a 404 error.
BUT, if you type
Code:
[url]
(note the forward slash on the end)
it works just fine.
If you type a nonexistent file or folder it only 404s on the domain name and no redirection occurs.
	View 8 Replies
    View Related
  
    
	
    	
    	
        Dec 6, 2008
        I added a USB nic to my main server which also acts as VM server so I can bridge some VMs on a separate network then that actual server, for security purposes.  This nic has no IP and is connected to another router. My private LAN router (router1) is connected to that router. (router2)
In vmware server I made a new bridged network to eth1 which is the USB nic.  
now for whatever reason, there does not seem to be communication on that new nic.  if I set a static IP on a VM sometimes I can ping the gateway, sometimes not.  It's on and off.  Also, DHCP won't work at all, but I know DHCP works on that network as if I plug a PC into that router I get an IP right away.
that this is a home setup, not an internet setup, so I have full physical access.
	View 0 Replies
    View Related
  
    
	
    	
    	
        Apr 26, 2008
        I recently switched my site tdnforums.com over to a new server about a week ago. Some folks are still complaining that they are viewing the forums on the OLD SERVER. Perhaps DNS is taking a long time to switch over but get this... for many people tdnforums.com is switching BACK and FORTH between the old server and the new server. So, on some visits it'll resolve to the new server... on other page refreshes you'll be viewing the forums on the old server.  What the heck? This has actually happened to me a few times myself so I know that they aren't crazy.
Why is DNS doing this? Sometimes the site resolves on the old server and then the new?  
What's going on here? Why isn't it flipping over 100%?  Are there any things I can check as troubleshooting, or is this normal?  I've had some long DNS switches before but never this "back and forth" stuff...
	View 1 Replies
    View Related
  
    
	
    	
    	
        May 2, 2007
        I'm using CP+ panel.
Here's the weird thing, when I look inside my domain name and to the A record to add a subdomain, it shows me another domain name (which is also mine).  When I add a subdomain to that anyway, I get a subdomain.realdomain.anotherdomain.com entry instead of subdomain.realdomain.com  Also in the list some domains are correct while most of them are pointing to each others.
I've checked the named conf and also apache conf and I don't see anything wrong at all.  They're all linked to their correct location.  Anyone here have any inklings on what it might be?  Never seen anything like it before.
	View 2 Replies
    View Related
  
    
	
    	
    	
        Jul 9, 2007
        For the last week, my vps (directadmin on centos on xen)  has become unresponsive every three days at approximately 5 AM, and I'm baffled about why.  It doesn't crash, but it stops accepting incoming connections until it's rebooted.
I'm not sure how to troubleshoot this. /var/log/messages gives no useful information.  There are no unusual cronjobs running at that time.
Anyone heard of anything like this before or have any advice about how to troubleshoot?
	View 6 Replies
    View Related
  
    
	
    	
    	
        Feb 24, 2007
        [url]
If you look at the image there are 14 connections from a blank ip what is that and how do i stop it?
	View 4 Replies
    View Related
  
    
	
    	
    	
        May 9, 2007
        I just installed the latest PHP 5.5.2 on Windows 2003 IIS 6. The Web extension for php in cgi mode is automatically allowed, but all php scripts shows file not found, only when I enabled allowed all cgi extensions, does the php pages showed up ok. 
	View 0 Replies
    View Related
  
    
	
    	
    	
        Jul 8, 2007
        Has anyone else noticed some weird Savvis routing in the NY/NJ area since their maintenance on Friday night?
I'm in NY and a trace to the NJ1 datacenter in Jersey City NJ shows:
Code:
  1    <1 ms    <1 ms    <1 ms  10.0.0.3
  2    24 ms    23 ms    23 ms  10.32.37.1
  3    26 ms    24 ms    23 ms  at-3-1-1-1732.CORE-RTR1.NY325.verizon-gni.net [1
30.81.11.173]
  4    24 ms    24 ms    24 ms  130.81.20.176
  5     *       30 ms    30 ms  0.so-3-1-0.XT1.NYC9.ALTER.NET [152.63.10.37]
  6    32 ms    75 ms    34 ms  0.so-4-2-0.XL3.NYC4.ALTER.NET [152.63.0.213]
  7    32 ms    32 ms    32 ms  0.so-6-2-0.BR1.NYC4.ALTER.NET [152.63.3.149]
  8    32 ms    32 ms    32 ms  bcs1-so-5-1-0.NewYork.savvis.net [204.70.1.5]
  9    34 ms    32 ms    32 ms  cr1-pos-0-0-5-2.Washington.savvis.net [204.70.195.1]
 10    32 ms    32 ms    32 ms  204.70.197.5
 11    33 ms    33 ms    33 ms  204.70.197.14
 12    33 ms    32 ms    32 ms  hr2-tenge-13-2.Weehawkennj2.savvis.net [216.35.78.6]
 13    32 ms    33 ms    32 ms  204.70.196.74
 14    33 ms    33 ms    33 ms  204.70.196.78
 15    32 ms    32 ms    32 ms  bhr2-ge-5-0.JerseyCitynj1.savvis.net [204.70.196.86]
 16    33 ms    32 ms    32 ms  csr22-ve241.Jerseycitynj1.savvis.net [216.32.223.51]
Why are the packets going from NewYork to Washington to Weehawken and then to Jersey City? Also, what are those 4 unnamed nodes at 10,11, 13 and 14?
I'm also getting 200ms+ ping times and 13% loss to/from our offsite VPSs
Code:
640 packets transmitted, 554 received, 13% packet loss, time 639988ms
rtt min/avg/max/mdev = 192.275/198.945/227.685/3.173 ms, pipe 2
[root@offsite ~]# traceroute 216.32.223.51
 1  eqash79.keepitsecure.net (69.65.111.117)  0.173 ms  0.125 ms  0.063 ms
 2  r02.iad.defenderhosting.com (69.65.112.2)  3.440 ms  0.345 ms  0.290 ms
 3  ge2-10.as.eqxashva.aleron.net (205.198.14.245)  0.473 ms  0.554 ms  0.482 ms
 4  ber1-ge-8-10.virginiaequinix.savvis.net (208.173.52.105)  0.591 ms  0.567 ms  0.438 ms
 5  cpr2-ge-5-0.virginiaequinix.savvis.net (204.70.193.101)  0.588 ms  0.606 ms *
 6  bcs2-so-2-0-0.washington.savvis.net (204.70.193.153)  119.863 ms  3.639 ms  3.378 ms
 7  cr1-tengig-0-7-0-0.Washington.savvis.net (204.70.196.105)  198.659 ms  201.783 ms *
 8  bcs2-so-2-0-0.NewYork.savvis.net (204.70.192.2)  202.751 ms  195.501 ms *
 9  * dcr3-ge-0-2-1.newyork.savvis.net (204.70.193.98)  201.978 ms  198.180 ms
10  204.70.197.5 (204.70.197.5)  7.627 ms  6.984 ms  6.196 ms
11  204.70.197.14 (204.70.197.14)  6.822 ms  6.534 ms  6.460 ms
     MPLS Label=1640 CoS=5 TTL=1 S=0
12  hr2-tenge-13-2.Weehawkennj2.savvis.net (216.35.78.6)  6.752 ms  6.634 ms  6.509 ms
     MPLS Label=66 CoS=5 TTL=1 S=0
13  204.70.196.74 (204.70.196.74)  7.550 ms  6.600 ms  6.479 ms
     MPLS Label=339 CoS=5 TTL=1 S=0
14  204.70.196.78 (204.70.196.78)  6.607 ms  6.633 ms  6.482 ms
     MPLS Label=339 CoS=5 TTL=1 S=0
15  bhr2-ge-5-0.JerseyCitynj1.savvis.net (204.70.196.86)  198.841 ms *  201.303 ms
16  csr22-ve241.Jerseycitynj1.savvis.net (216.32.223.51)  196.147 ms *  199.857 ms
The second trace shows that there is a path between New York and Weehawken without going through Washington, even though the first route went through Washington between NY and NJ.  The only reason that I can think of is that someone in Washington wants to see the traffic (wink wink)?
I've contacted Savvis, but got the stock response "Savvis’ backbone routers forward traffic through the optimal logical path within our network.  Although the physical path may seem odd occasionally, it is actually the optimal path."
	View 5 Replies
    View Related
  
    
	
    	
    	
        Jan 12, 2007
        I have a VPS and I host 3 sites on it.
2 sites load perfectly fast, and 1 site loads.. 7 seconds slower.. ( estimate time ). When I asked some other ppl to load the site, 95% said it loads fast and 5% said it loads slow.
And no it's not the isp, the one person who has the same isp as me said it loaded fast no problem.
This is really strange.. anyone have a possible resolution?
Server CPU is at 0.10, and running smoothly.
	View 4 Replies
    View Related
  
    
	
    	
    	
        Jan 29, 2007
        i've noticed that if a folder has a space in the name i can not remove it even as root as when i even try to change its owner via root it comes up moaning theres no directory for the first part of the named file
i.e
Code:
[root@server]# chown -R phonestuff:phonestuff SG stuff
chown: cannot access `SG': No such file or directory
	View 2 Replies
    View Related
  
    
	
    	
    	
        Oct 30, 2007
        basically we running commbulletin and add on for Vbulletin which sends out newsletters to all the members of the forum
We sent out a newsletter last month 
It has the usual details to fill in
name:
From address
Subject: 
header:
ok we did all that and for name we just put down
"My name"
for the from address field we put down
"Our Organisation" (Just the words not any email address or anything - just as how i've spelt it)
Now the problem is that once of our users who uses outlook to retrieve their emails when they got the email in the FROM header it appeared something like this
"Our Organisation"@thecompanydomains name
now of course they know think somehow we forged the email to make it look as if that it was being sent from their domain which it wasnt since all the headers originates from our server
however my point is how is that possible that when this email was sent the FROM field had that on
does that make sense
	View 6 Replies
    View Related