basically we running commbulletin and add on for Vbulletin which sends out newsletters to all the members of the forum
We sent out a newsletter last month
It has the usual details to fill in
name:
From address
Subject:
header:
ok we did all that and for name we just put down
"My name"
for the from address field we put down
"Our Organisation" (Just the words not any email address or anything - just as how i've spelt it)
Now the problem is that once of our users who uses outlook to retrieve their emails when they got the email in the FROM header it appeared something like this
"Our Organisation"@thecompanydomains name
now of course they know think somehow we forged the email to make it look as if that it was being sent from their domain which it wasnt since all the headers originates from our server
however my point is how is that possible that when this email was sent the FROM field had that on
I've got a vB site which has a RSS Poster Bot (fetches RSS Feeds then posts them). However, for some strange reason, it stopped working. Theres no errors in the error_log and when I do a manual run, it just times out after a minute or so.
The only thing I can think of is that one of the RSS Feeds is down or one of the sites is blocking the server IP for some reason.
i have this really annoying issue i'm hoping you can help with.
it seems the spamd child process gets stuck and causes 100% cpu usage. but this doens't just happen randomly, its only for this single user account. e.g. take a look at top output:
the 93 is 93% cpu usage. 40:58 is how long the process has been running, 40 minutes and counting (i just killed it though). and all it tells me its running spamd child. it usually dies after a few hours but only after causing 200% cpu usage (100% on both cpus) and making my server load skyrocket. This happens at least twice daily at no set times.
this user isn't a spammer. no scripts, no mail queue generation, no email accounts even.
I have a weird problem since the movement of our ip range with one of our servers. Bind doesn`t seem to react on any changes we make.
For example, the server still resolves to the old ip adress while we changed all of those with ipswap.sh (directadmin) The weird thing is that all zone files are 100% Correct. Ip`s are all changed and no sign of the old ip whatsoever. Again, the nameserver still resolves to the old ip`s.
Also when i create a new domain, named.conf is changed and the zone file is created sucessfully. Still the nameserver doesn`t seem to add the domain name.
Restarting, reloading and even reinstalling named doesn`t help
It is my only (at present), and main production web server located in a datacentre in the Uk.
I am running Centos 4-4.2 since a hardware failure earlier this year neccesitated a stressful overnight ssh reinstall.
I have it setup pretty well now (I think!) but I cant work out how I am able to sftp into the server!
Reason being, I have installed VSFTPD (made sure there were no ftpd daemons installed or running), and when I stop this service via sshd, it does not affect the fact that I can then sftp in to the server using an ftp client such as wsftp pro...
Also, even when I change the vsftpd.conf to jail certain ftp users to a directory, it seems to have no effect and ftp works exactly as it did before without imposing the restrictions?
There is no other ftp daemon showing up in the process list.
I have tripwire installed, rootkit hunter, and cisco hardware firewall in conjunciton with ip tables.
I dont 'think' its hacked!
Also, the last time I upgraded centos was from an early v4 to 4.4.2 due to major hardware failure on the server and the fact I didnt have a mirrored OS/server backup (due to cost) *but I did of course have all my sites and databases etc) I am rather scared to upgrade Centos kernel to the latest version in part due to horror stories I have heard from others (NOT regarding Centos specifically) from kernel upgrades going wrong or compatibility issues etc that mean that I am very very reluctant to do it on our main production server..
I am imminently buying another server to act as a failover and backup for the existing one,but is keeping my current Centos install as it is and holding out to wait for a test server the best thing to do? (are there any serious security issues in 4.4.2? bugs etc?) Or should I have confidence and get Yum to do its business!
It seems that i am facing some weird Apache issue.
I cant access my forum.domain.com but can access forum.domain.com/admin
I didnt found anything in Apache error logs,but found this in access logs IP HERE - - [26/Dec/2007:03:13:44 +0400] "GET / HTTP/1.0" 200 22435 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET CLR 2.0.50727)"
Is there anything strange in that info and what does 22435 represent?
On one of my Web sites I have it set to e-mail me whenever someone tries a SQL Injection attempt through the GET.
(I find some of the results interesting and/or funny.)
I also have it e-mail me the visitor's IP address and browser client. I recently got one with a result for the IP address that certainly got my interest.
It read: Quote:
<?php phpinfo(); echo "LOOOOL, X-FORWERD BUG"; ?>
The PHP scripting I use to get the IP address is:
Code: $visIP = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; I guess I'm wondering how they may have done it, and if this indicates an issues where people can hack my site (for control or at least info) through this method?
I've a few similar video sites and haven't noticed much difference over the years with their stats. They usually average anywhere from 50-100mb downloaded per day.
Suddenly this month, one site is practically going off the scale...600-700mb...up to 1gb downloaded per day...I'm like...wtf?! The other site is reporting normal BW.
I'm using awstats with hotlink protection enabled.
I have compiled a RT kernel using 2.6.24 and it has been working great. All of our machines are runnin Centos 5. No issues like the previous configurations on Dual Quad Xeons 5335's and 8GB of RAM. As well as one box with Dual Core Xeon 5140's with 4GB of RAM. They have identical motherboards. My issue is that when you do a soft reboot, it doesn't "technically" reboot. It does, but it doesn't. Let me explain. It kills my ssh connection and you can't ping it for maybe say a minute or 2. When it comes back up, you get a new SSH key to login. You hit ok, and you try logging in. It doesn't accept any passwords. The server basically becomes inoperable.
The only way to solve this is to do a hard reboot. Phsyically rebooting the server. What could be causing this? This only started to happened when using the RT kernel. Is there an option that may be conflicting with it, however our 3rd and 4th box, with the same configuration has no issues like this. Soft reboots work great.
Here is the message log.
Feb 19 04:00:02 server530 shutdown[25342]: shutting down for system reboot Feb 19 04:00:02 server530 init: Switching to runlevel: 6 Feb 19 04:00:03 server530 smartd[3037]: smartd received signal 15: Terminated Feb 19 04:00:03 server530 smartd[3037]: smartd is exiting (exit status 0) Feb 19 04:00:09 server530 ntpd[20917]: ntpd exiting on signal 15 Feb 19 04:00:09 server530 rpc.statd[2570]: Caught signal 15, un-registering and exiting. Feb 19 04:00:09 server530 portmap[25711]: connect from 127.0.0.1 to unset(status): request from unprivileged port Feb 19 04:00:10 server530 auditd[2469]: The audit daemon is exiting. Feb 19 04:00:10 server530 kernel: audit(1203415210.158:8204): audit_pid=0 old=2469 by auid=4294967295 Feb 19 04:00:10 server530 pcscd: pcscdaemon.c:529ignal_trap() Preparing for suicide Feb 19 04:00:10 server530 pcscd: hotplug_libusb.c:361:HPEstablishUSBNotifications() Hotplug stopped Feb 19 04:00:11 server530 pcscd: readerfactory.c:1350:RFCleanupReaders() entering cleaning function Feb 19 04:00:11 server530 pcscd: pcscdaemon.c:489:at_exit() cleaning /var/run Feb 19 04:00:11 server530 kernel: Kernel logging (proc) stopped. Feb 19 04:00:11 server530 kernel: Kernel log daemon terminating. Feb 19 04:00:12 server530 exiting on signal 15
Oh and this is to reboot the server nightly at 4am, when this issue occurs.
I have a client who was sending email to another server with Cpanel, all of a sudden all emails are in the queue for a few days and we checked everything was ok on our side even the logs are able to find the domain name, just that it drops from there.
Took me a while I finally telnet their port 25 and found it block, but somehow a few minutes later it was unblocked. Is there any mechanism in Cpanel that auto block port 25? I know the client uses a catchall so all rubbish went there, I cleared the catchall for him.
I added a USB nic to my main server which also acts as VM server so I can bridge some VMs on a separate network then that actual server, for security purposes. This nic has no IP and is connected to another router. My private LAN router (router1) is connected to that router. (router2)
In vmware server I made a new bridged network to eth1 which is the USB nic. now for whatever reason, there does not seem to be communication on that new nic. if I set a static IP on a VM sometimes I can ping the gateway, sometimes not. It's on and off. Also, DHCP won't work at all, but I know DHCP works on that network as if I plug a PC into that router I get an IP right away.
that this is a home setup, not an internet setup, so I have full physical access.
I recently switched my site tdnforums.com over to a new server about a week ago. Some folks are still complaining that they are viewing the forums on the OLD SERVER. Perhaps DNS is taking a long time to switch over but get this... for many people tdnforums.com is switching BACK and FORTH between the old server and the new server. So, on some visits it'll resolve to the new server... on other page refreshes you'll be viewing the forums on the old server. What the heck? This has actually happened to me a few times myself so I know that they aren't crazy.
Why is DNS doing this? Sometimes the site resolves on the old server and then the new?
What's going on here? Why isn't it flipping over 100%? Are there any things I can check as troubleshooting, or is this normal? I've had some long DNS switches before but never this "back and forth" stuff...
Here's the weird thing, when I look inside my domain name and to the A record to add a subdomain, it shows me another domain name (which is also mine). When I add a subdomain to that anyway, I get a subdomain.realdomain.anotherdomain.com entry instead of subdomain.realdomain.com Also in the list some domains are correct while most of them are pointing to each others.
I've checked the named conf and also apache conf and I don't see anything wrong at all. They're all linked to their correct location. Anyone here have any inklings on what it might be? Never seen anything like it before.
For the last week, my vps (directadmin on centos on xen) has become unresponsive every three days at approximately 5 AM, and I'm baffled about why. It doesn't crash, but it stops accepting incoming connections until it's rebooted.
I'm not sure how to troubleshoot this. /var/log/messages gives no useful information. There are no unusual cronjobs running at that time.
Anyone heard of anything like this before or have any advice about how to troubleshoot?
I just installed the latest PHP 5.5.2 on Windows 2003 IIS 6. The Web extension for php in cgi mode is automatically allowed, but all php scripts shows file not found, only when I enabled allowed all cgi extensions, does the php pages showed up ok.
Has anyone else noticed some weird Savvis routing in the NY/NJ area since their maintenance on Friday night?
I'm in NY and a trace to the NJ1 datacenter in Jersey City NJ shows:
Code: 1 <1 ms <1 ms <1 ms 10.0.0.3 2 24 ms 23 ms 23 ms 10.32.37.1 3 26 ms 24 ms 23 ms at-3-1-1-1732.CORE-RTR1.NY325.verizon-gni.net [1 30.81.11.173] 4 24 ms 24 ms 24 ms 130.81.20.176 5 * 30 ms 30 ms 0.so-3-1-0.XT1.NYC9.ALTER.NET [152.63.10.37] 6 32 ms 75 ms 34 ms 0.so-4-2-0.XL3.NYC4.ALTER.NET [152.63.0.213] 7 32 ms 32 ms 32 ms 0.so-6-2-0.BR1.NYC4.ALTER.NET [152.63.3.149] 8 32 ms 32 ms 32 ms bcs1-so-5-1-0.NewYork.savvis.net [204.70.1.5] 9 34 ms 32 ms 32 ms cr1-pos-0-0-5-2.Washington.savvis.net [204.70.195.1] 10 32 ms 32 ms 32 ms 204.70.197.5 11 33 ms 33 ms 33 ms 204.70.197.14 12 33 ms 32 ms 32 ms hr2-tenge-13-2.Weehawkennj2.savvis.net [216.35.78.6] 13 32 ms 33 ms 32 ms 204.70.196.74 14 33 ms 33 ms 33 ms 204.70.196.78 15 32 ms 32 ms 32 ms bhr2-ge-5-0.JerseyCitynj1.savvis.net [204.70.196.86] 16 33 ms 32 ms 32 ms csr22-ve241.Jerseycitynj1.savvis.net [216.32.223.51] Why are the packets going from NewYork to Washington to Weehawken and then to Jersey City? Also, what are those 4 unnamed nodes at 10,11, 13 and 14?
I'm also getting 200ms+ ping times and 13% loss to/from our offsite VPSs
[root@offsite ~]# traceroute 216.32.223.51 1 eqash79.keepitsecure.net (69.65.111.117) 0.173 ms 0.125 ms 0.063 ms 2 r02.iad.defenderhosting.com (69.65.112.2) 3.440 ms 0.345 ms 0.290 ms 3 ge2-10.as.eqxashva.aleron.net (205.198.14.245) 0.473 ms 0.554 ms 0.482 ms 4 ber1-ge-8-10.virginiaequinix.savvis.net (208.173.52.105) 0.591 ms 0.567 ms 0.438 ms 5 cpr2-ge-5-0.virginiaequinix.savvis.net (204.70.193.101) 0.588 ms 0.606 ms * 6 bcs2-so-2-0-0.washington.savvis.net (204.70.193.153) 119.863 ms 3.639 ms 3.378 ms 7 cr1-tengig-0-7-0-0.Washington.savvis.net (204.70.196.105) 198.659 ms 201.783 ms * 8 bcs2-so-2-0-0.NewYork.savvis.net (204.70.192.2) 202.751 ms 195.501 ms * 9 * dcr3-ge-0-2-1.newyork.savvis.net (204.70.193.98) 201.978 ms 198.180 ms 10 204.70.197.5 (204.70.197.5) 7.627 ms 6.984 ms 6.196 ms 11 204.70.197.14 (204.70.197.14) 6.822 ms 6.534 ms 6.460 ms MPLS Label=1640 CoS=5 TTL=1 S=0 12 hr2-tenge-13-2.Weehawkennj2.savvis.net (216.35.78.6) 6.752 ms 6.634 ms 6.509 ms MPLS Label=66 CoS=5 TTL=1 S=0 13 204.70.196.74 (204.70.196.74) 7.550 ms 6.600 ms 6.479 ms MPLS Label=339 CoS=5 TTL=1 S=0 14 204.70.196.78 (204.70.196.78) 6.607 ms 6.633 ms 6.482 ms MPLS Label=339 CoS=5 TTL=1 S=0 15 bhr2-ge-5-0.JerseyCitynj1.savvis.net (204.70.196.86) 198.841 ms * 201.303 ms 16 csr22-ve241.Jerseycitynj1.savvis.net (216.32.223.51) 196.147 ms * 199.857 ms The second trace shows that there is a path between New York and Weehawken without going through Washington, even though the first route went through Washington between NY and NJ. The only reason that I can think of is that someone in Washington wants to see the traffic (wink wink)?
I've contacted Savvis, but got the stock response "Savvis’ backbone routers forward traffic through the optimal logical path within our network. Although the physical path may seem odd occasionally, it is actually the optimal path."
2 sites load perfectly fast, and 1 site loads.. 7 seconds slower.. ( estimate time ). When I asked some other ppl to load the site, 95% said it loads fast and 5% said it loads slow.
And no it's not the isp, the one person who has the same isp as me said it loaded fast no problem.
This is really strange.. anyone have a possible resolution?
i've noticed that if a folder has a space in the name i can not remove it even as root as when i even try to change its owner via root it comes up moaning theres no directory for the first part of the named file
i.e
Code: [root@server]# chown -R phonestuff:phonestuff SG stuff chown: cannot access `SG': No such file or directory
Our web server encounter a problem lately, that an IP address in India repetitively sent requests that uses up all connections available in Apache. All connections appear to be in W state. The connections are not terminated by Apache even though timeout has been set to lower 30 seconds. Similarly, MySQL connections also are not dropped until Apache is restarted.
I started out with a reseller account at Webkore.net. Great company, I outgrew their services and moved to Innohosting over a year ago.
Before I moved to InnoHosting, I sent in a cancellation request (they use WHMCS)...but nothing was every canceled in their system and I kept getting invoices from them. I simply ignored them. Fair enough, right?
Now, as I've said...I've been with Inno for over a year now. In that past year Webkore.net seems to have been acquired by eCommerce Discovery.
Here is the weird problem. My account on their server was never deleted! I, as a reseller had WHMCS installed was using cron jobs to automatically send emails.
A few weeks ago, I started recieving cron job reports from cpsev1.wirednoc.net, a domain owned by eCommerce Discovery. I really wouldn't care too much, but apparently the whole WHMCS system is still active and is sending my clients emails (Invoice reminders, domain renewal reminders, etc etc...).
This is obviously something that needs to be dealt with as it's getting a little out of hand. I only had 35 clients in WHMCS when I was with them...all of which are still with me.
I've called the number at this page: [url] multiple times only to be forwarded to a voice message. I just now actually left my voice message. Emails to Webkore.net have gone unanswered for 6 months, so I'm not even going to bother with that.
What I don't understand is how my account, over a year old and unpaid, is still not only ON the server...but ACTIVE, unsuspended, and running cron jobs. I'm going to shoot eCommerce Discovery an email shortly and will update this thread if they reply, although...chances don't look good.
There have been no changes made to any sites on my server for which I can pinpoint to be the cause of this problem...
Basically, I received notice that my TMP folder was full at 100%... so a look into what the heck was taking up all the space reveals several weird .MYI and .MYD files for which I have no idea about.
I cannot open them or view any of their contents. I cannot even edit them.
Does anyone have any information about what these are or why they are in my TMP folder?