Emails From Root
May 20, 2007I set it to forward those emails to my email, it's not sending any. Does anyone have a clue why? I'm able to receive other emails from the server without any problems.
View 0 RepliesI set it to forward those emails to my email, it's not sending any. Does anyone have a clue why? I'm able to receive other emails from the server without any problems.
View 0 RepliesFor some reason a customer is receiving emails from root@theirdomain.com and its coming into our main email. How can this be disabled or modified?
View 2 Replies View RelatedI have read that although chained root ssl certificates can be more difficult to install they are actually more secure since the root certificate cannot be compromised, only the intermediary.
Is this true? It looks like both google and amazon both use chained SGC certs.
Since Jan 07, one of our servers has been sending thousands of emails to ne.jp hosts.
Eg from logs:
Code:
Sep 4 19:11:11 debian sm-mta[25383]: l84FY9ME016602: to=, ctladdr= (2001/2001), delay=01:37:02, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYB7d016734: to=, ctladdr= (2001/2001), delay=01:37:00, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FY9A4016629: to=, ctladdr= (2001/2001), delay=01:37:02, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FY9la016616: to=, ctladdr= (2001/2001), delay=01:37:02, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYCkO016807: to=, ctladdr= (2001/2001), delay=01:36:58, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYB7B016730: to=, ctladdr= (2001/2001), delay=01:37:00, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYCO0016757: to=, ctladdr= (2001/2001), delay=01:36:59, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYDjq016819: to=, ctladdr= (2001/2001), delay=01:36:58, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYBhL016751: to=, ctladdr= (2001/2001), delay=01:37:00, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYDPw016811: to=, ctladdr= (2001/2001), delay=01:36:58, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
We're absolutely unable to track or find out who is sending it or how to stop this.
So I'm wondering if it is possible to prevent sendmail from sending to:
lsean.ezweb.ne.jp, OR
docomo.ne.jp, OR
softbank.ne.jp
/var/mail/vhostswww logs are not showing helpful info at all. Eg:
Code:
--l84GRnX5029819.1188924137/debian--
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=ISO-2022-JP
Mime-Version: 1.0
From: hanako.@docomo.ne.jp
Subject:
To: a_j.n-y_bluespider-tattoo@softbank.ne.jp
Message-Id: <200709041410.l84EA0Fh007971@debian>
Date: Tue, 4 Sep 2007 16:10:00 +0200
Tue, 4 Sep 2007 16:10:00 +0200
by debian (8.13.4/8.13.4/Submit) id l84EA0Fh007971;
Received: (from vhostswww@localhost)
for ; Tue, 4 Sep 2007 16:10:00 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l84EA0jk007973
Received: from debian (localhost [127.0.0.1])
Return-Path:
Content-Type: text/rfc822-headers
--l84GRnX5029819.1188924137/debian
Last-Attempt-Date: Tue, 4 Sep 2007 18:42:16 +0200
Diagnostic-Code: SMTP; 550 Invalid recipient:
Remote-MTA: DNS; mx.softbank.ne.jp
Status: 5.1.1
Action: failed
Final-Recipient: RFC822; a_j.n-y_bluespider-tattoo@softbank.ne.jp
Arrival-Date: Tue, 4 Sep 2007 16:10:00 +0200
Reporting-MTA: dns; debian
Content-Type: message/delivery-status
--l84GRnX5029819.1188924137/debian
<<< 503 No recipients specified
550 5.1.1 ... User unknown
<<< 550 Invalid recipient:
>>> DATA
... while talking to mx.softbank.ne.jp.:
----- Transcript of session follows -----
(reason: 550 Invalid recipient: )
----- The following addresses had permanent fatal errors -----
from localhost [127.0.0.1]
The original message was received at Tue, 4 Sep 2007 16:10:00 +0200
--l84GRnX5029819.1188924137/debian
This is a MIME-encapsulated message
Auto-Submitted: auto-generated (failure)
Subject: Returned mail: see transcript for details
boundary="l84GRnX5029819.1188924137/debian"
Content-Type: multipart/report; report-type=delivery-status;
MIME-Version: 1.0
To:
Message-Id: <200709041642.l84GRnX5029819@debian>
From: Mail Delivery Subsystem
Date: Tue, 4 Sep 2007 18:42:17 +0200
Tue, 4 Sep 2007 18:42:17 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) id l84GRnX5029819;
Received: from localhost (localhost)
Return-Path:
From MAILER-DAEMON Tue Sep 4 18:42:17 2007
--l84GRnX4029819.1188924135/debian--
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=ISO-2022-JP
Mime-Version: 1.0
From: hanako.@docomo.ne.jp
Subject:
To: a_j.n-y_bluespider-tattoo@softbank.ne.jp
Message-Id: <200709041411.l84EB8CS011861@debian>
Date: Tue, 4 Sep 2007 16:11:08 +0200
Tue, 4 Sep 2007 16:11:08 +0200
by debian (8.13.4/8.13.4/Submit) id l84EB8CS011861;
Received: (from vhostswww@localhost)
for ; Tue, 4 Sep 2007 16:11:09 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l84EB8f6011862
Received: from debian (localhost [127.0.0.1])
Return-Path:
Content-Type: text/rfc822-headers
--l84GRnX4029819.1188924135/debian
Last-Attempt-Date: Tue, 4 Sep 2007 18:42:15 +0200
Diagnostic-Code: SMTP; 550 Invalid recipient:
Remote-MTA: DNS; mx.softbank.ne.jp
Status: 5.1.1
Action: failed
Final-Recipient: RFC822; a_j.n-y_bluespider-tattoo@softbank.ne.jp
Arrival-Date: Tue, 4 Sep 2007 16:11:09 +0200
Reporting-MTA: dns; debian
Content-Type: message/delivery-status
--l84GRnX4029819.1188924135/debian
<<< 503 No recipients specified
550 5.1.1 ... User unknown
<<< 550 Invalid recipient:
>>> DATA
... while talking to mx.softbank.ne.jp.:
----- Transcript of session follows -----
(reason: 550 Invalid recipient: )
----- The following addresses had permanent fatal errors -----
from localhost [127.0.0.1]
The original message was received at Tue, 4 Sep 2007 16:11:09 +0200
--l84GRnX4029819.1188924135/debian
This is a MIME-encapsulated message
Auto-Submitted: auto-generated (failure)
Subject: Returned mail: see transcript for details
boundary="l84GRnX4029819.1188924135/debian"
Content-Type: multipart/report; report-type=delivery-status;
MIME-Version: 1.0
To:
Message-Id: <200709041642.l84GRnX4029819@debian>
From: Mail Delivery Subsystem
Date: Tue, 4 Sep 2007 18:42:15 +0200
Tue, 4 Sep 2007 18:42:15 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) id l84GRnX4029819;
Received: from localhost (localhost)
Return-Path:
From MAILER-DAEMON Tue Sep 4 18:42:15 2007
--l84GRnX3029819.1188924134/debian--
How would I solve this problem as it's making our server load skyhigh 24/7.
Additional info about system:
> Debian Linux, latest kernel
> Sendmail (we've tried postfix, exim, with same results)
> Non cPanel system.
what is difference working as root and su root in SSH.?
Many recommend disabling logging as root, but lot many commands ( service, adduser, ifconfig and ...) are not working on the commandline under when logged as su. i feel like my hands are tied working as su root and many commands are not available.
why is it like that? is there any way i can feel comfortable logging as su similar like root login.
I just recently had someone from this forum install CentOS for me with ISPconfig and required modules to successfully run PHPmotion. However, the only FTP I can access are the ones I create FTP for in ISPconfig, such as web1_admin, web1_testuser, etc.
When installing a CentOS server with ISPconfig, isn't there a root to log into the FTP?
With the FTP accounts that I have, I cannot access public and home directory such as /var/www directories.
Is there suppose to be an account for FTP so I can succcessfully overlook the whole server?
I want to take a look at all the websites I have such as /var/www/www.test1.com, /var/www/www.test2.com, etc. all through FTP. However, I cannot do this. It's almost like I have no Admin power over my server.
He did not provide me with a root FTP account or any super admin FTP account. I am not sure if something suspicious is going on or not. Please help. I do not want to get hacked in and stolen files.
I have a problem that after i su to root, i can't use some commands:
Quote:
Last login: Fri Jul 13 10:38:55 2007 from 10.10.0.1
[admin@server ~]$ su
Password:
[root@server admin]# runlevel
bash: runlevel: command not found
[root@server admin]# service httpd restart
bash: service: command not found
[root@server admin]# service apf restart
bash: service: command not found
But when i come to that machine and log in, i can use those commands just fine. That machine is about 20 fts away from my desk.
I got into my root and i created a CS server BUT after closing my root from my home the cs server goes down. can u tell me how to fix this ? i cant keep my root open for a life time, how much bandwitch does a ful 20 man Pub use in a month average?
View 10 Replies View Relatedis there a way to open root from ftp? i find ftp more easy to use!
View 3 Replies View RelatedI have a server that I have a few domains on, and I have a question about the root domain. I initially picked any old domain, so now all of my name servers are pointing to this one random domain. I have since purchased a few more premium domains, and am wondering if I should change the nameservers to be the more premium domains? Does this matter? Should I have my "main site" be the root domain? Just trying to understand what the implications could be for me.
View 3 Replies View RelatedHow do I configure PuTTY to produce the equivalent of this command:
ssh -f root@xxx.xxx.xxx.xx -L 3333:yyy.yyy.yyy.yy:80 -N
So far the configuration I've come up with is:
Source Port: 3333
Destination: yyy.yyy.yyy.yy:80
"Local"
"Auto"
This doesn't seem to do anything at all. I don't use windows much, so go easy on me
can not login root from SSH, LT suggest me to do KVM over IP
View 4 Replies View RelatedMy computer's HDD crashed last night and I only have an old backup.
The problem is my new server's root password was stored there and it's 20 digits totally random password.
Is there any way to reset the server password by the dedicated server provider?
I haven't asked my provider yet.
i have a problem with shell access, and i can not access it throw ssh putty
the problem with the SSH Key i made one to enable it in my server.
now i can not access the root throw ssh putty
i removed the SSH Key from the WHM and still son nor access the root throw SSH Putty
Daily i am getting this kind of emails from my VPS. I don;t understand this emails, can some one explain what is this.
------------------------------------------
Time: Wed Apr 18 03:37:58 2007
IP: xx.xx.xxx.xx (livebot-65-55-212-73.search.live.com)
Connections: 198
Blocked: temporarily
Connections:
tcp 0 0 xx.xx.xxx.xxx:80 xx.xx.xxx.xx:39478 TIME_WAIT
tcp 0 0 xx.xx.xxx.xxx:80 xx.xx.xxx.xx:38710 TIME_WAIT
tcp 0 0 xx.xx.xxx.xxx:80 xx.xx.xxx.xx:40501 TIME_WAIT
tcp 0 0 xx.xx.xxx.xxx:80 xx.xx.xxx.xx:40499 TIME_WAIT
..........
--------------------------------------------
I have a VPS and have a problem regarding the SSL certificate cPanel uses for secure connections (webmail, WHM etc..) my original hostname was set to server.simschr.co.uk but then I changed it to another name. However on the SSL certificate it states the old hostname, which I have been told is a bit of a pain. I wondered if there was anyway to change the common name, maybe by editing the certificate on the server?
View 5 Replies View RelatedI have no idea where to upload my cpanel backup file to now that I bought myself a vps.
It says that I have to upload it to /root but where is that lol? How can I upload it to /root, /usr, or /home (any is fine according to WHM).
Both old and new server are powered by Cpanel.
this what I get every day
Executed ban command:
/etc/apf/apf -d 62.112.194.135 {bfd.sshd}
The following are event logs from 62.112.194.135 on service sshd (all time stamps are GMT +0300):
Jul 28 22:52:06 3walim sshd[1645]: Failed password for root from ::ffff:62.112.194.135 port 46990 ssh2
Jul 28 14:52:29 3walim sshd[1646]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:52:09 3walim sshd[1647]: Failed password for root from ::ffff:62.112.194.135 port 47244 ssh2
Jul 28 14:52:33 3walim sshd[1648]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:52:16 3walim sshd[1649]: Failed password for root from ::ffff:62.112.194.135 port 47419 ssh2
Jul 28 14:52:39 3walim sshd[1650]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:52:20 3walim sshd[1651]: Failed password for root from ::ffff:62.112.194.135 port 47745 ssh2
Jul 28 14:52:43 3walim sshd[1652]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:52:23 3walim sshd[1653]: Failed password for root from ::ffff:62.112.194.135 port 47913 ssh2
Jul 28 14:52:47 3walim sshd[1654]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:52:27 3walim sshd[1655]: Failed password for root from ::ffff:62.112.194.135 port 48103 ssh2
Jul 28 14:52:50 3walim sshd[1656]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:52:31 3walim sshd[1657]: Failed password for root from ::ffff:62.112.194.135 port 48279 ssh2
Jul 28 14:52:54 3walim sshd[1658]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:52:35 3walim sshd[1659]: Failed password for root from ::ffff:62.112.194.135 port 48467 ssh2
Jul 28 14:52:58 3walim sshd[1660]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:52:43 3walim sshd[1683]: Failed password for root from ::ffff:62.112.194.135 port 48624 ssh2
Jul 28 14:53:06 3walim sshd[1684]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:52:47 3walim sshd[1685]: Failed password for root from ::ffff:62.112.194.135 port 49000 ssh2
Jul 28 14:53:10 3walim sshd[1686]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:52:54 3walim sshd[1687]: Failed password for root from ::ffff:62.112.194.135 port 49170 ssh2
Jul 28 14:53:17 3walim sshd[1688]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:52:58 3walim sshd[1689]: Failed password for root from ::ffff:62.112.194.135 port 49502 ssh2
Jul 28 14:53:21 3walim sshd[1690]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:53:02 3walim sshd[1691]: Failed password for root from ::ffff:62.112.194.135 port 49671 ssh2
Jul 28 14:53:25 3walim sshd[1692]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:53:06 3walim sshd[1693]: Failed password for root from ::ffff:62.112.194.135 port 49863 ssh2
Jul 28 14:53:29 3walim sshd[1694]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:53:10 3walim sshd[1695]: Failed password for root from ::ffff:62.112.194.135 port 50040 ssh2
Jul 28 14:53:33 3walim sshd[1696]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:53:13 3walim sshd[1697]: Failed password for root from ::ffff:62.112.194.135 port 50202 ssh2
Jul 28 14:53:37 3walim sshd[1698]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:53:17 3walim sshd[1699]: Failed password for root from ::ffff:62.112.194.135 port 50378 ssh2
Jul 28 14:53:40 3walim sshd[1700]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:53:21 3walim sshd[1701]: Failed password for root from ::ffff:62.112.194.135 port 50535 ssh2
Jul 28 14:53:44 3walim sshd[1702]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:53:25 3walim sshd[1703]: Failed password for root from ::ffff:62.112.194.135 port 50701 ssh2
Jul 28 14:53:48 3walim sshd[1704]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:53:29 3walim sshd[1705]: Failed password for root from ::ffff:62.112.194.135 port 50909 ssh2
Jul 28 14:53:53 3walim sshd[1706]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:53:37 3walim sshd[1707]: Failed password for root from ::ffff:62.112.194.135 port 51093 ssh2
Jul 28 14:54:00 3walim sshd[1708]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:53:40 3walim sshd[1709]: Failed password for root from ::ffff:62.112.194.135 port 51418 ssh2
Jul 28 14:54:03 3walim sshd[1710]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:53:44 3walim sshd[1711]: Failed password for root from ::ffff:62.112.194.135 port 51584 ssh2
Jul 28 14:54:08 3walim sshd[1712]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:53:48 3walim sshd[1713]: Failed password for root from ::ffff:62.112.194.135 port 51762 ssh2
Jul 28 14:54:11 3walim sshd[1714]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:53:53 3walim sshd[1715]: Failed password for root from ::ffff:62.112.194.135 port 51926 ssh2
Jul 28 14:54:16 3walim sshd[1716]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:53:58 3walim sshd[1717]: Failed password for root from ::ffff:62.112.194.135 port 52128 ssh2
Jul 28 14:54:21 3walim sshd[1718]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:54:01 3walim sshd[1719]: Failed password for root from ::ffff:62.112.194.135 port 52343 ssh2
Jul 28 14:54:24 3walim sshd[1720]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:54:08 3walim sshd[1721]: Failed password for root from ::ffff:62.112.194.135 port 52514 ssh2
Jul 28 14:54:31 3walim sshd[1722]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:54:12 3walim sshd[1723]: Failed password for root from ::ffff:62.112.194.135 port 52804 ssh2
Jul 28 14:54:35 3walim sshd[1724]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:54:20 3walim sshd[1725]: Failed password for root from ::ffff:62.112.194.135 port 52983 ssh2
Jul 28 14:54:43 3walim sshd[1726]: Received disconnect from ::ffff:62.112.194.135: 11: Bye Bye
Jul 28 22:54:24 3walim sshd[1727]: Failed password for root from ::ffff:62.112.194.135 port 53332 ssh2
Jul 28 14:54:47 3walim sshd[1728]: Connection closed by ::ffff:62.112.194.135
first what is ffff mean?
second what should I do?
May I know how to change the password of the root and directadmin through SSH?
View 14 Replies View RelatedAm am running through a checklist of to-do's on a new VPS I just received. I haven't used it in a production environment yet.
While doing a root kit check I got these lines back that perturb me.
Checking `bindshell'... INFECTED (PORTS: 465)
Checking `lkm'... You have 103 process hidden for readdir command
chkproc: Warning: Possible LKM Trojan installed
how serious the implications are of those lines? And should I expect this on a machine that has no traffic and is a fresh install?
I have purchased a new domain name (.info) and am using a GoDaddy account to host it.
Currently I have a vBulletin forum on this account and the URL (.com) takes people directly to the forum index page as it should.
However, I have installed a new site for .info and it appears to be in root for the new domain (I guess this as the ftp client shows nothing in it when I connect to ftp.newdomain.info) but to access the new site I have to use:-
mysite.info/mysite/index.php
I don't want this, I want it to just be mysite.info to lead to the new site.
Can anyone help me with this please, my access to the ftp/host has been granted by my new partner, so prehaps he has set up my access incorrectly, but I just need to install the site into the root of the new .info domain.
I am just wondering whether my idea will work for the google search engine.
Basically, I have my official VPS root (home/admin/public_html/) and this is where my main website will be hosted. However, since my VPS will be used for additional website, I will direct additional domains to it.
My second site hosted on this VPS may have a document root of (home/admin/public_html/advertising/). And my domain will then be setup to have that as its document root.
However, when google searches for my second site (e.g. advertising.com) will it go 'below' the domain root? For example, will it also creep the files under /public_html/ for this domain, even though the domains root is /public_html/advertising/?
edit: Or do people host multiple sites differently? Is this an appropriate method?
Please see this picture attached .
How can i change the Destination email?
what i need to do? I've lost whm root password..
when I try to login, this message apear
This account is currently locked out because a brute force attempt was detected. Please wait 10 minutes and try again. Attempting to login again will only increase this delay. If you frequently experience this problem, we recommend having your username changed to something less generic.
direct root logon to a server is disabled; using another login, obviously. However, I need to be able to SFTP files from my computer to a directory on the server using said login - yet it does not have correct permissions, evidently, and therefore can't even see the directory I need to be able to SFTP files to.
Tried CHOWNing the directory with that usename, giving it 777 permissions, etc.
I'll try to make this long story short, but this morning I logged into one of my servers and it showed a read-only filesystem, which I thought my server guys could fix easily. So I put in a ticket. 6 hours later, they tell me that they think the OS is corrupted and I need a new install. They give me KVM over IP so I can go in and 'do' things. I tried to log in as root and it wouldn't let me, so they finally booted in single mode and I can get in and such. When I try to su - root, it tells me that user root can't be found. I also tried to ftp into and out of the server with no luck. I really need this box back up. If not, I need to get all the accounts saved off so that I can build a new box. Everything is there, so I don't want to give up yet.
View 10 Replies View RelatedI believe my server has been hacked as I did the top and observe as follows
top - 15:53:39 up 12 days, 3:16, 2 users, load average: 7.87, 10.30, 11.10
Tasks: 789 total, 3 running, 771 sleeping, 0 stopped, 15 zombie
Cpu(s): 20.4% us, 9.3% sy, 4.8% ni, 35.0% id, 30.1% wa, 0.4% hi, 0.0% si
Mem: 2074364k total, 2048296k used, 26068k free, 72136k buffers
Swap: 2040244k total, 2076k used, 2038168k free, 1286884k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
22488 root 27 12 3376 1352 508 R 16.8 0.1 12:08.63 rsync
15370 named 20 0 84020 30m 1936 S 4.2 1.5 20:15.72 named
16732 root 16 0 4684 1456 868 S 2.9 0.1 0:01.07 ftp
22489 root 27 12 5444 1860 1420 R 2.9 0.1 3:27.51 ssh
26448 mailnull 17 0 9016 4088 2832 D 2.9 0.2 0:00.11 exim
26436 mailnull 16 0 0 0 0 Z 2.4 0.0 0:00.09 exim <defunct>
477 root 15 0 0 0 0 D 2.1 0.0 217:34.28 kjournald
26408 mailnull 16 0 8964 4584 3244 D 2.1 0.2 0:00.08 exim
26442 mailnull 16 0 0 0 0 Z 2.1 0.0 0:00.08 exim <defunct>
16975 root 15 0 4684 1444 856 S 1.6 0.1 0:00.56 ftp
23071 root 16 0 3760 1420 764 R 1.6 0.1 0:05.08 top
26477 root 16 0 8616 3892 2656 D 1.6 0.2 0:00.06 exim
26486 root 15 0 9420 3888 2656 D 1.3 0.2 0:00.05 exim
16694 root 15 0 4684 1436 848 S 1.0 0.1 0:00.63 ftp
16840 root 15 0 4684 1448 860 S 1.0 0.1 0:00.43 ftp
16865 root 15 0 4684 1444 856 S 1.0 0.1 0:00.72 ftp
16932 root 15 0 4684 1444 856 S 1.0 0.1 0:00.42 ftp
17275 root 15 0 4684 1448 860 S 1.0 0.1 0:00.57 ftp
26434 mailnull 16 0 8972 3956 2704 D 1.0 0.2 0:00.04 exim
26437 mailnull 15 0 8964 3920 2688 D 1.0 0.2 0:00.04 exim
26451 mailnull 15 0 8968 3932 2696 S 1.0 0.2 0:00.04 exim
26489 root 18 0 10568 3912 2656 S 1.0 0.2 0:00.04 exim
5310 root 15 0 40104 35m 1888 S 0.8 1.8 10:55.77 tailwatchd
16771 root 15 0 4684 1448 860 S 0.8 0.1 0:00.44 ftp
16779 root 15 0 4684 1448 860 S 0.8 0.1 0:00.56 ftp
16806 root 16 0 4684 1444 856 S 0.8 0.1 0:00.71 ftp
16844 root 15 0 4684 1440 852 S 0.8 0.1 0:00.57 ftp
16854 root 15 0 4684 1444 856 S 0.8 0.1 0:00.72 ftp
16857 root 15 0 4684 1444 856 S 0.8 0.1 0:00.63 ftp
16868 root 15 0 4684 1448 860 S 0.8 0.1 0:00.79 ftp
16885 root 15 0 4684 1448 860 S 0.8 0.1 0:00.68 ftp
16982 root 15 0 4684 1440 852 S 0.8 0.1 0:00.40 ftp
17008 root 16 0 4684 1448 860 S 0.8 0.1 0:00.69 ftp
17038 root 15 0 4684 1448 860 S 0.8 0.1 0:01.01 ftp
17082 root 15 0 4684 1448 860 S 0.8 0.1 0:00.71 ftp
17106 root 15 0 4684 1444 856 S 0.8 0.1 0:00.84 ftp
17288 root 16 0 4684 1448 860 S 0.8 0.1 0:00.69 ftp
Now..I am logged in root in two terminals and it shows
root pts/2 Apr 28 15:19 (x.x.x.x)
root pts/3 Apr 28 14:06 (x.x.x.x)
I am just wondering how can the root perform ftp tasks where my root login is sitting idle and what about pts/0 and pts/1
I stopped the ftp service in cpanel and it is started automatically..
I have dedicate servers and I want to change the root password. I'm using whm/cpanel.
What happen when I forget my root password?
Is it possible to disable direct root login on Cpanel servers?
if yes, please how.
If not, what would be the best to do to secure 'root' account.