Yes, more ssh problems. I fixed it the last time. My IP was being block in "/etc/hosts.deny". So I removed my IP and BAM worked! I could login to SSH. Now today I get locked out AGAIN. I go in a look in "/etc/hosts.deny" my IP is not in there. So now I'm so confused and can't figure out whats going on....
What are the maximum number of entries that can go in hosts.deny? Will the server bog down the more entries that are in there? How many is a safe, reasonable number?
I edited the /etc/apf/deny.hosts_rules files, then removed all lines from the file and finally restarted apf so it can restart with no deny host listed. But that is not working... the file appears empty or again with the rules removed before.
iptables -L -n shows the same banned hosts as dropped.
I already tried.. remove the deny hosts IPs from the file, then ran "iptables -F", then "service iptables save", and finally restarted apf and the deny IPs still there
This is a random question and I wasn't sure exactly where to start. But, I have developed some invoice software that use a few PHP modules. My host has these enabled by default, but I wanted to see if most hosts have these enabled or not. Heck, they might even by standard php configuration, I'm just not sure. Here they are:
I just installed a new server and I would like to transfer all virtual-hosts on new Apache installation.
I updated all IP addresses in each .config file and simply uploaded the edited conf files into new /etc/apache2/sites-available folder. I rebooted Apache, but through Webmin I can not see them on Existing virtual hosts list. Why? Do I need to manually re-add all the 30 sites?
I was in the market for a new dedicated server after a couple of years with my previous provider. The previous provider did nothing wrong but they were no longer competitive when it came to CPU and memory.
I moved first to geekrack. And I left them after a week and a half as they never were able to get my rDNS records setup.
I found Universal Hosts on this forum and gave them a shot. I had asked for an operating system that they didn't offer normally (Debian 64 bit) and they said that they could do it. However, when my server was setup it was 32 bit Debian instead. They apologized and had Debian 64 bit setup less than 24 hours later.
When I asked them to get rDNS records setup it took a few hours but they were setup correctly and they worked.
Universal Hosts is also a BurstNet reseller but compared to my other attempt at using a BurstNet reseller they are fantastic. While the initial config was incorrect they worked quickly to fix it and were very professional about it.
So after two weeks - so far so good. Keep up the good work UniHosts!
I am running Apache2.2, PHP5.I have been running with virtual hosts on a Windows 7 environment fine for a couple of years successfully, but have just had to move to a Windows 8 environment.It looks like Apache and PHP have installed and are working fine, but my Virtual hosts are now not being recognised. From what I can tell, it is the Windows 8 hosts file that is having a problem, as it looks as though it is now just setup to Block websites.
If I make the host file just have the one line127.0.0.1 localhost entry, then the very first Virtual Host from my apache config file will come up, but the rest are not found.If I put the usual 127.0.0.1 mywebsite.name aliasname is appears as though my website works momentarily and then is blocked..
One of my client got DDOS on his website. He has visitor tracking module in his php script so he got almost 50,000 records during couple of hours. Normally he gets around 300 unique visitors per day but that DDOS added 50,000 records in tracking table. After extracting this data I got around 400 unique IPs.
Will this work if I added all these IPs in IP Deny Manager?
Will this stop DDOS from these IPs?
Will server not treat requests from these IPs as grabadge load?
Another question is from where these attackers got so many IPs? Definitely they pay to get IPs? how much they pay? Is this very easy to get so many IPS?
I have problems configuring some ports and rules on CSF on a cPanel server.
Port 37500 is used by a Java web app, so, i opened both tcp incoming and outgoing ports:
Code: TCP_IN = "20,21,22,25,26,53,80,110,143,443,465,587,993,995,2082,2083,2086,2087,2095,2096,37500" TCP_OUT = "20,21,22,25,26,37,43,53,80,110,113,443,587,2087,2089,2703,37500" Then.. to allow access from the server IP and localhost, added this at csf.allow:
Code: 127.0.0.1 my.server.ip.address And to deny all access to the server on that specific port (except for the ones I whitelisted before), added this to csf.deny:
Code: tcp:in:d=37500:s=0.0.0.0/0 Result = no one can connect to the server on that port, not even from the web app itself, it's not connecting to the port 37500.
How can I configure port 37500 to accept local connections (from the web server) and deny all external connections?
I run a small hosting company in Spain. I have some dedicated servers in USA with Ensim control panel.
I have found some sendmail connections from spammers that use the accounts of my customers.
I want to know if I can deny connections to sendmail from all countries except Spain. This way most of foreigns spammers could not use the accounts of my customers to send spam.
Hello, I recently got myself into an unmanaged VPS package and I noticed in my log files, countless attempts to ssh into the system. After a bit of searching, fail2ban looked like a good way to ban the brute force attacks automatically.
My question is what should I configure it with? There's the option for iptables or host.deny. I've read that iptables are not fully supported under Virtuozzo but the stuff I've read are a bit dated. Are there still some issues with iptables under Virtuozzo?
What I'm using now: *Virtuozzo 3 -not sure on exact version. Whatever SolarVPS is using. *Signed up with centos4 *uname -r = 2.6.9-022stab078.14-enterprise
I designed one of my web services so that 'nobody' has to put commands to cron. Unfortunately this thing stops to work from time to time because "someone" is putting 'nobody' back to cron.deny file.
Is there a way to prevent accessing the website using the domain.com/~username/
Currently on most (all?) cpanel hosting plans it's possible to access the site via [rl].
Maybe there is something to prevent that as it could cause very serious duplicate content issues.
Moreover, I think it's a global bug that affects millions of hosting accounts. Yahoo, for example, many times indexes wrong URLs because of that... In many situations, if I knew your cpanel username, I could link to it instead of your domain to remove your site from search engines..
How do you guys deny run of perl/bash scripts from /tmp, /var/tmp, /dev/shm? I've tried to build simple shell wrapper, but that's not a compromise if you run for example spamassassin on the same server (it needs direct io to/from perl binary). I'm looking intro some kind of binary wrapper or patch that will deny running perl scripts from public folders (also the same for shell scripts will be great). Any ideas or solutions?
If anyone interested in primitive shell wrapper code:
Code: #!/bin/sh ARGS=`echo $@ | grep -v "/tmp/"` if [ "$ARGS" != "" ]; then /usr/bin/perl.orig $ARGS; fi
Recently I stumbled along a host on here with a good rep and that uses direct admin.
Because they were very nice on the live support I signed up to see what direct admin was like.
Its very diferent from cpanel. Some parts seem to be harder to use like the phpmyadmin requires the username and password to the database you created not the control panel username and password like cpanel. Although I guess that could be a good security feature just in case some one gets into the control panel they can not get into the phpmyadmin, then again if they are smart and were able to get into the control panel they could get into ftp and look what the username and password is on the config file for the script you are using.
The bandwidth meter seems to be better in direct admin although I think its acting up for me as its putting yesterdays bandwidth on todays. I was told by the host that it updates every 2 hours and at first it did but now its gone to every day. Oh and unlike cpanel this bandwidth meter includes bandwith used by the control panel.
Niether one from what I can tell counts sftp though at least for the hosts I have right now.
I signed up for hosting with IX Web Hosting in April of 2007. There have been two occasions that they provided the perfect example of Terrible Customer Service. So much so, my last pony ride with IX Web Hosting was my last. I decided to call it quits and move my account to Host Gator.
I keep my most important sites on a dedicated server at Servint.net. If you are interested in a dedicated server or VPS, I highly recommend Servint. You will not beat the level of service and professionalism this company offers. But that’s another post in itself.
The point is, I had some SEO tests I wanted to perform and I was looking for a hosting company that would allow me to host 10 different domains in the same account on different ip addresses. IX Web Hosting had the plan I was looking for. So in April of 2007, I signed up for a hosting account.
Overall, I was pretty satisfied with the server performance at IX Hosting. I experienced very little if any downtime from server issues. They don’t offer a standard cpanel interface like most web hosts. It appears to be a proprietary / in house control panel.
It was pretty straight forward and with a little time I was up to speed.
Then on June 5, 2008, I got the following email from a System Administrator at IX Web Hosting. --------------------------- Hello, My name is Anthony, and I am a system administrator at IXWebhosting. I’m here to ensure a reliable and fast hosting / e-mail environment. This is the reason why I ask you to get in touch with us.
We have received numerous complaints from third-parties about spam originating from your website. As you may know, spam is an on-going problem for all internet users, hence all companies have very strict rules against spam. I am here to ensure that neither you nor any other customer is facing any downsides which could be the result of these spam regulations.
We ask you to immediately cease and desist any such activities. If you are unaware of this activity, please contact me or any of my colleagues via this ticket, phone or live-chat so that we can find the reason for the spam activity together and fix the issue instead of the symptom. Viruses and things of that nature may be installed on your computer and will cause the spamming. We recommend that you run an anti-virus program. If you currently do not possess an anti-virus program, you may download a free version. Please just follow the link below to find Google’s best links for free anti-virus software:
In order to ensure your hosting and mail environment is working flawlessly, we ask you to get in touch with us within the next 72 hours. I highly appreciate your time. Best Regards, Anthony Washington System Administrator IXWebhosting -----------------------------------
They identified the domain as bestadtracking.com. This is a domain I own but have never promoted. Not only had I not sent spam through IX Web Hosting, I averaged less than 200 sent email a month on all the domains on my account. So on June 6, 2008 I responded to IX Web Hosting with the following two messages. ----------------------------------- Hi Anthony, I can assure you I am not sending spam from this domain or any others. I’m a little surprised that this domain is in question? I set it up over a year ago and haven’t ever promoted it. I don’t send any type of email over this domain. I have no reason to. It gets no traffic or inquiries.
Are you sure there isn’t some type of mistake? Otherwise, there are a couple of php style contact forms on that site. Could a hacker use that sort of thing to send spam? How can we track this down? Thanks, Brent Crouch 615-389-XXXX ----------------------------------- Here is the second email I sent on the same day. ----------------------------------- Hi Anthony,
I am using AVG on my computer and the scan completed finding no viruses. Besides that, I am using Outlook to manage the mail on several of my domains. I don’t even have a send account setup for bestadtracking.com on my computer. As I stated in the previous reply, I have no reason to since this domain is not promoted. Can you give me the IP address of where the spam originates? I’d like to compare that to my IP address here at home and office. Thanks, Brent Crouch -----------------------------------
I had no information to track the issue any further. The lack of response from IX Web Hosting left me to believe the issue had been resolved or there had been a mistake. Then 4 days later on June 10, 2008 I got this message. ----------------------------------- Brent We tried to reach you today in order to resolve this issue, but unfortunately it has been well over 72 hours since this ticket was placed. We must sadly suspend your services, please do not hesitate to call us at 1-800-385-0450 any time, day or night. Best Regards Ian ----------------------------------- Amazing! They give me no information to solve this problem. On top of that, they don’t respond to my ticket in 4 days and because I didn’t answer the phone when they called they suspended not only the domain in question but every domain listed in my account.
I called in and spoke to a tech support guy who allowed me to remove the domain in question and in return, he restored my other domains. He also left a message to have the tech support manager call me the following day.
The manager I spoke to apologized for the way the ticket was handled and the lack of information that was given. He said he would follow up with the employees that were responsible for the ticket and make sure it never happened again. He was helpful in looking at the server logs and determining how someone had loaded a spam bot onto my site.
Apology accepted. Stuff happens. I considered it water under the bridge and not a big deal. Not so much…..
After my first run in with IX Web Hosting, I wrote the whole incident off as a fluke. The manager I spoke to seemed very sincere and assured me that wasn’t proper protocol and wouldn’t happen again. I was trucking right along until I got this email from them on October 26, 2008. ----------------------------------- Dear Brent Crouch, We have received notification of phishing material in your account. Phishing files are usually placed through some type of exploit of out dated code, weak file and folder permissions. Packaged shopping carts and photo galleries are usual sources as hackers find exploits and developers fix them almost daily, so unless you constantly update the software or completely secure it things like this can happen.
You must agree to remove this content and update any software that has resulted in security holes. To protect your account from further action you must agree to our request for compliance. Please respond to this message stating your intent to do so. You may either log into your control panel with us, and access this ticket via the 24/7 help desk, or provide this ticket number to our Live Chat or phone representatives. Failure to respond to this message within 72 hours will result in the suspension of the affected domain with us until such a time as this matter is resolved. Michael ----------------------------------- The email gave me no indication of which domain had been hacked. When I wrote to live help and gave them the ticket number, I spent 10 minutes waiting only to be told they didn’t know which of my domains had been effected. They recommended I reply to the online support ticket.
Here is the email I sent them in response on October 27, 2008. ----------------------------------- I replied to live help and they could not find any information. So far you haven’t told me which domain is a problem. Please give me the info I need to correct this problem and I’ll take care of it. Brent Crouch 615-389-XXXX ----------------------------------- Eight hours later, I was able to find the problem by viewing all the files on my domains and looking for the files that had been recently changed. It turned out my brentcrouch.com domain had been hacked and setup with all sorts of eBay and bank phising pages. The site operates on a Wordpress platform which is widely used and is a big target for hackers. [url] I wrote back to IX Web Hosting for a second time on October 27, 2008. ----------------------------------- I found the problem on my brentcrouch.com domain. I updated the wordpress software to the latest and cleaned up the problem. The only exception is the brentcrouch.com/forum directory. I am unable to delete this directory as the hacker has removed my access. Please delete the directory. Thanks, Brent Crouch ----------------------------------- The following day, here is the email I got back from IX Web Hosting. ----------------------------------- Brent: Thank you for your attention to this matter. Per your request we have removed: /brentcrouch.com/forum - deleted We will be closing this ticket at this time. If you have any questions please feel free to contact us. We will be happy to assist.
Please note that this is the second time this problem occurred. Unfortunately, I have to bring to your attention that as per our terms of service a third instance will result in immediate account termination without notice. No backups will be provided. If you have any questions about how to avoid this from happening again our support team will be glad to advise.
Respectfully Frankie Support Tech Representative ----------------------------------- When I seen that response, I was pissed! I run my own server at Servint.net. I’ve hosting accounts at several other hosting companies. I’ve never had a site hacked except from IX Web Hosting.
In 4 months, I’ve had two sites hacked. In both instances, IX Hosting was zero help in locating the source of the problem. In the first incident, they didn’t even reply to my ticket for 4 days. In the latest incident, they couldn’t even tell me what domain was hacked.
Then they send me an email telling me if it happens again not only will they suspend my account, they’ll deny me access to my files! Huh?
That’s not a risk I’m willing to take. With the high costs of obtaining customer’s in this business, I’m a little surprised they don’t do a better job of trying to retain them. In my opinion, this policy is unacceptable and makes IX Web Hosting one of the worst hosts I’ve ever dealt with.
I just signed up for a hosting account with Host Gator and have already moved all my domains over. So far, so good. What’s your experience with IX Web Hosting?
As owner of a hosting provider company, I face the problem of abusive users almost every day. More than 90% of all abuse on my server comes from free trial accounts. I offer free trial access to my servers for people who want to try things out before they purchase a hosting package, but off course this attracts spammers. To prevent trial users from using my server for spamming purposes, I modified my exim.pl file to prevent trial users from accessing the Exim mail server.
Please note that this tutorial has been written for cPanel servers. If you want to use it on a server with a different control panel, you'll need to modify the cpgetpack.c source. If you do so, please share your work with the community by posting it in a reply here.
STEP ONE
First you’ll need to download, compile and install my cpgetpack.c application. Here’s how:
Now open the /etc/exim.pl file in your favorite text editor (make a backup first) and look for the following inside the checkuserpass subroutine:
Code: $trueowner =~ s////g; $trueowner =~ s/..//g; if (isdemo(${trueowner})) { return('no'); } Below, paste the following code:
Code: my $name = getpwuid($uid); open(UP, "cpgetpack $name|"); my $userplan = <UP>; close(UP);chop($userplan); if ($userplan eq "radix_FreeTrial") { return "no"; } You will have to replace the radix_FreeTrial string with the package you assign to your trial users. This will prevent trial users from authenticating which prevents them from sending mail remotely.
STEP THREE
Users are now still able to send mail locally (for example using the PHP mail() function), so here’s what to do next.
Find the checkdemo subroutine in the exim.pl file and replace the complete subroutine with:
Code: sub democheck { my $uid = Exim::expand_string('$originator_uid'); if (isdemo($uid)) { return 'yes'; }
my $name = getpwuid($uid); open(UP, "cpgetpack $name|"); my $userplan = <UP>; close(UP);
chop($userplan);
if ($userplan eq "radix_FreeTrial") { return 'yes'; }
return 'no'; } STEP FOUR
Now just restart Exim:
Code: service exim restart It might be a good idea to create a trial account and see if it’s working. Enjoy!
I have vhost setup for test of a new website. I want to allow access on the localhost, and, from one IP from the Internet (redacted). Apache serves the site just fine on the server but I can't access the site from my the "xxx...." IP.
I'm using a physical path to test from the public IP as follows:
I have vhost setup for test of a new website. I want to allow access on the localhost, and, from one IP from the Internet (redacted). Apache serves the site just fine on the server but I can't access the site from my the "xxx...." IP.
I'm using a physical path to test from the public IP as follows:
Code: <VirtualHost *:80> ServerName test ServerAlias test DocumentRoot /home/user/public_html/test <IfModule mod_fcgid.c>
[Code] .....
I don't have a FQDN as yet, so I just made a entry in /etc/hosts as follows:
Code: 127.0.0.1 test
Here is an excerpt from the Apache error log:
Quote: [Mon Jun 17 12:02:16 2013] [error] [client xxx.xxx.xxx.xxx] client denied by server configuration: /home/user/public_html/test/index.html
I've checked the firewall and the /etc/hosts.allow- that's not it. I've read the Apache docs and in the vhost block Allow should be evaluated last, and apparently is matching localhost but is not matching my IP.
I have recently had number of websites that link directly to images from my website. This is not hotlinking, it is direct server request. As an example: on the linking website there is image gallery script with thumbnails and when the visitor clicks on the thumb it calls the image from my website.
I block their IP-s in .htaccess, but it is not the best way to stop them since IP change. Is there any way, similar to anti-hotlinking, to deny such direct access to my images by domain name i.e. to allow only from my website and deny from all others. Or something else that could work in my case with .htaccess.
