Iptables: Which One Of My Rules Is Killing Nslookup

Oct 4, 2007

One of these rules is causing name server lookups to fail, but I can't seem to figure out which one, can anyone spot the problem?

Code:

[root@example ~]# iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
INVDROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:465
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:953
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:993
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:995
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10023
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:20
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:21
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:953
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW icmp type 8
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53 dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53 dpts:1024:65535
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpts:1024:65535
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:53
LOGDROPIN all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
INVDROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:113
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:953
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10023
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9999
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:20
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:21
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:113
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:953
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW icmp type 8
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53 dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53 dpts:1024:65535
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpts:1024:65535
LOGDROPOUT all -- 0.0.0.0/0 0.0.0.0/0
Chain INVDROP (18 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain LOGDROPIN (1 references)
target prot opt source destination
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:68
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:113
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:135:139
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:135:139
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:445
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:513
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:513
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:520
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:520
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '
LOG udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* '
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* '
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain LOGDROPOUT (1 references)
target prot opt source destination
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_OUT Blocked* '
LOG udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_OUT Blocked* '
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_OUT Blocked* '
DROP all -- 0.0.0.0/0 0.0.0.0/0

View 3 Replies


ADVERTISEMENT

Iptables Rules

Jul 2, 2009

One of my low knowledge area's is Iptables Rule's I just normally use APF/CSF.

However on a VPS Host node, I basically want to block all access to a certain port let's say 1234 apart from a certain IP address.

However I don't want to block this port on any of the VPS's on the Node, so what Iptable Rule(s) would I need to put into a bash script on startup.

View 7 Replies View Related

My Own IP Keeps Getting Added To Iptables Rules

May 15, 2007

I had csf firewall installed, and due to my own stupidity, attempted to login with the wrong password one too many times, which added my IP to iptables, locking me out. I had to SSH into a linux box at school, and then ssh into my server to stop the iptables service so I could get into my server.

I removed every trace of my IP that I could find in csf, but sometime in the middle of the night, iptables reloads some rules from somewhere that blocks me again. I also tried doing iptables -F to clear all rules, but again, sometime in the middle of the night, rules are reloaded and I get blocked. I even uninstalled csf to no avail. I just want to remove my IP once and for all.

View 11 Replies View Related

Ftpd And Iptables Rules

May 18, 2008

my server have problem with login to ftp

i ask of cpanel,cpanel answer :

Howdy,

Are you using any kind of external firewalling? I have enabled the passive
ports in pure-ftpd and attempted to connect in passive mode, but it still
fails.

and

Howdy,

You should allow connections on 30000 through 50000 for passive ftp

---

this is vps

how may i solved it?
i use of csf

View 6 Replies View Related

What's The Maximum Number Of Rules For Iptables?

Jul 19, 2008

I use APF and APF is working with iptables , when I define a large number of IPs in deny_hosts.rules or allow_hosts.rules and restart the APF , iptables begins to display errors after applying some number of rules , I have set SET_TRIM="0" in APF , so the number of APF rules is unlimited and the error is from iptables.

Is there any setting in iptables config files for maximum number of rules?

Is it unlimited and depends only on system available memory? O/S , ...?

View 2 Replies View Related

Flushing Iptables/remove Rules

Jul 1, 2009

I have a VPS (Virtuozzo) with cPanel installed. I notice that iptables running in the VPS had many DROP rules when I listed using iptables -nL command. So I flushed iptabled using "iptables -F" command and also "> /etc/sysconfig/iptables" command and restarted iptabled. When I try to list the rules it would show empty. However when I try to list after a few minutes it is showing the same old rules with many DROP rules yet again! Is there anyway to remove the rules completely?

View 2 Replies View Related

Do I Need To Use Iptables And Create Some Security Rules?

May 6, 2009

If I buy a web server (Linux), Do I need to use iptables and create some security rules?
What types of rules?

Is it suggest use modsecurity for Apache?

If I host 2 sites (2 wordpress blog), what are better rules?

View 14 Replies View Related

Nslookup Returns Old Ip Address

Jul 20, 2008

After changing the dns of my dns registry in my GOdaddy account

changing from my provider to my own DNS server the domains running on my dns names stopped working.

it runs serverfails and such, which they haven't done before.

if i do a NSLOOKUP it returns my provider dns ip's but it should return MINE dns ip's i presume

View 4 Replies View Related

VPS RAM Is Killing

Jan 17, 2008

I have a VPS with 768Mb of RAM which was always suitable for the websites I'm hosting
as most of them are not popular and none of them got high traffic recently at all

But for over 2 days the vps is eating the ram and killing all the services (cpanel/httpd/ftp/MySQL..)
I want to know what is causing this and stop it by any way

I contacted my vps support and they told me to write "top" in the SSH but I didn't understand any thing from what I see and I didn't know what to do after writing that command .

View 3 Replies View Related

After Flush+zero Iptables, Will A New Iptables Ban Work

Jan 5, 2008

I execute the following commands, in the following order:

iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP

will that last command successfully ban that IP until reboot?

If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.

View 2 Replies View Related

Layeredtech Killing Itself

Jun 29, 2008

I remember long time ago when I used to host on Layered Tech fast network good stuff, affordable price my first server costed me 90 dollars on Layered Tech with about 20 dollar setup one time fee.

I visited today after about 2 years and I'm pretty much surprised to see their prices they are by no means affordable as they were previously and the setup fee is now 50 dollars on every server.

With such large number of servers in their data centers shouldn't they be able to make them affordable? yet I have seen same server on WHT ads section for fraction of the price LT expects and not to mention the excessive setup fee.

I'm not complaining, its their business, but is it really helping them? I cant be the only person feeling this anti-love for Layered Tech being a former LT customer, I had no problems with them or their services I just left after I sold my site and moved into VPS. But seeing the new prices its a bit shocking.

View 14 Replies View Related

Mysql Is Killing My Vps

Jul 14, 2008

the server load averges on my VPS have been very high - escalating to 6.5 in cases.

The process causing this is:

PidOwnerPriorityCpu %Mem %Command 7370 mysql -10
76.7
3.0 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --pid-file=/var/lib/mysql/opal.ngwebservers.net.pid --skip-external-locking

My VPS is hosted by Virpus Networks, and has spec:
512RAM (1024 burstable), 10GB hard drive space.

8 of these processors on node:

Processor #1 Vendor: GenuineIntel
Processor #1 Name: Intel(R) Xeon(TM) CPU 2.80GHz
Processor #1 speed: 174.594 MHz
Processor #1 cache size: 2048 KB

No hardware or software changes were implemented on the VPS as far as I am aware.

The MySQL process causing this is:

28993movies_mybblocalhostmovies_mybbQuery36Copying to tmp tableSELECT t.tid, t.dateline, p.edittime, t.subject, f.allowhtml, f.allowmycode, f.allowsmilies, f.allow

This has been going on since I first saw the loads go high...

View 8 Replies View Related

VRTServers.net Is KILLING Me

Mar 10, 2008

I have many servers on vrtservers.net and is happy of they support. And I planing be a reseller of them.

But the nightmare come from last day..

My main server have got some SPAM report from spamcap.net
[url]

the spamcap.net report my server runing a open proxy.and somebody using it as SPAM.
before the SPAM report..

I know this ISSUE and have fix it..
so the proxy just run many hours.[ check the mrtg graph.[url]


sinse the SPAM report.
vrtserver.net put this server offline..
I can Understand it.

And I have contact the support@vrtservers.net Instantly.
And I proceed the case of spamcap.net too.

But the nightmare is ....

When I ask "how to reconnect my servers/What time will the case close?" to VRTSERVERs.NET.

the vrtservers.net reply to me said the server has been terminated and there is no way to get my data back.

My god ..
all of my server's data has been lost!

vrtservers.net is killing me now!

View 7 Replies View Related

Spamd Is Killing My VPS

Nov 25, 2007

I have a VPS with 320MB of RAM. The problem is that spammassassin is killing my VPS.

Spamd service was using 50% of memory (+- 150MB of RAM).

Do you think that this is normal RAM for Spamd?

View 10 Replies View Related

Mod_security Killing Php

Jan 31, 2007

trying to get mod_security installed on my HSphere server, the install goes ok until i try and load rules?

If i just load the exclude.conf rule then php sites work, if i also load rules.conf or any other rules then my php sites get 'connection refused error' ?

I cannot find any thing in logs and there is no log written for mod_security?

here is my modsecurity.conf

Quote:

#If you want to scan the output, uncomment these
#SecFilterScanOutput On
#SecFilterOutputMimeTypes "(null) text/html text/plain"

# Accept almost all byte values
SecFilterForceByteRange 1 255

# Server masking is optional
#fake server banner - NOYB used - no one needs to know what we are using
SecServerSignature "NOYB"

#SecUploadDir /tmp
#SecUploadKeepFiles Off

# Only record the interesting stuff
SecAuditEngine RelevantOnly
SecAuditLog /var/log/audit_log

# You normally won't need debug logging
SecFilterDebugLevel 0
SecFilterDebugLog logs/modsec_debug_log

#And now, the rules
#Remove any of these Include lines you do not use or have rules for.

#First, add in your exclusion rules:
#These MUST come first!
Include /etc/modsecurity/exclude.conf

#Application protection rules
#Include /etc/modsecurity/rules.conf

bash-2.05b# cat /etc/modsecurity.conf
<IfModule mod_security.c>

# Only inspect dynamic requests
# (YOU MUST TEST TO MAKE SURE IT WORKS AS EXPECTED)
#SecFilterEngine DynamicOnly

SecFilterEngine On

# Reject requests with status 500
SecFilterDefaultAction "deny,log,status:500"

# Some sane defaults
SecFilterScanPOST On
SecFilterCheckURLEncoding On
SecFilterCheckCookieFormat On
SecFilterCheckUnicodeEncoding Off
SecFilterNormalizeCookies On
# enable version 1 (RFC 2965) cookies
SecFilterCookieFormat 1

SecServerResponseToken Off

#If you want to scan the output, uncomment these
#SecFilterScanOutput On
#SecFilterOutputMimeTypes "(null) text/html text/plain"

# Accept almost all byte values
SecFilterForceByteRange 1 255

# Server masking is optional
#fake server banner - NOYB used - no one needs to know what we are using
SecServerSignature "NOYB"

#SecUploadDir /tmp
#SecUploadKeepFiles Off

# Only record the interesting stuff
SecAuditEngine RelevantOnly
SecAuditLog /var/log/audit_log

# You normally won't need debug logging
SecFilterDebugLevel 0
SecFilterDebugLog logs/modsec_debug_log

#And now, the rules
#Remove any of these Include lines you do not use or have rules for.

#First, add in your exclusion rules:
#These MUST come first!
Include /etc/modsecurity/exclude.conf

#Application protection rules
#Include /etc/modsecurity/rules.conf

#Comment spam rules
#Include /etc/modsecurity/blacklist.conf

#Bad hosts, bad proxies and other bad players
##Include /etc/modsecurity/blacklist2.conf

#Bad clients, known bogus useragents and other signs of malware
##Include /etc/modsecurity/useragents.conf

#Known bad software, rootkits and other malware
##Include /etc/modsecurity/rootkits.conf

#Signatures to prevent proxying through your server
#only rule these rules if your server is NOT a proxy
##Include /etc/modsecurity/proxy.conf

#Just in Time Patching for Vulnerable Applications
##Include /etc/modsecurity/jitp.conf

#Google Hacks signatures
##Include /etc/modsecurity/recons.conf

#Include /etc/modsecurity/

</IfModule>

View 2 Replies View Related

Is CPanel Killing My VPS

Feb 5, 2007

I have a VPS with 256m guaranteed RAM .. and I have CPanel. A couple of days ago I got to fiddling with a database issue and had phpMyAdmin open for the better part of an hour. So I got to wondering what something like that does to my VPS?

A secondary question .. same thing but on a dedicated server with 1g RAM?

View 4 Replies View Related

C99Shell Hackers Killing Me!

Jun 25, 2007

guys im tired off fighting those hackers everyday! i have about 20 websites,and everyday i have one of them hacked! i restore a backup then another one hacked!

thats unbelivable!!!

those bastards upload there shell scripts to websites via bugs or whatever from php files!!

is there anyway to stop these commands?

can .htaccess helps? how?

i talked to my webhosting companies for my websites! ....

View 10 Replies View Related

Virtuozzo Is Killing /usr/bin/mysqld_safe

Nov 2, 2009

Virtuozzo 3.0 is killing VPS's /usr/bin/mysqld_safe process but leaving /usr/sbin/mysqld UP which is causing cPanel to be unable to automatically restart MySQL after that.

View 14 Replies View Related

Gzip Is Killing My Server

Jan 28, 2008

from top:

12478 root 35 19 2004 680 308 R 39 0.0 8:54.95 gzip


using anywhere from 30-50% of my cpu for nearly 10 min now. but, no memory usage.

any ideas? should i kill the pid?

site is running pretty slow as a result of this.

View 3 Replies View Related

Httpd Is Killing My Server

Dec 15, 2007

24 hours ago something wired happend..

For some reason httpd is causing high serverload.
ATM : 22:44:17 up 22:17, 2 users, load average: 6.23, 6.12, 8.88
U

Will keep gooing up and httpd need to be restartet when serverload comes up to 30.

The traffic on the server is normal, no changes is made on the server.

View 5 Replies View Related

Backups Killing My Server

Dec 7, 2007

Opt 248
3gb ram
250gb sata II

I have a fairly unique problem. My server runs great 95% of the time. Loads average under 1. However backups have become a server killer. I use cpanel scheduled backup at early morning hours. The reason backups kill my server is that I have 300,000+ (and counting) images in a directory. They are all small pngs generated by LaTeX. It takes my server several hours to backup the images. I usually even have to stop apache to free up some power. This problem is only going to get worse as I get more images. Maybe I could upgrade proc or upgrade to faster HD? That would be costly, hopefully not.

Should I hire a professional backup service? Costly, and would that help? Or is there a way of storing the images or doing the cpbackup I am doing wrong?

View 3 Replies View Related

Killing A Server With WHMCS Installed

Feb 5, 2008

if it was possible to kill a server running WHMCS by executing the cron.php via cronjob on a remote server once every minute.

I just wanted to see if this was potentially harmful, so I can submit it to Matt without sounding like an idiot...

View 3 Replies View Related

Nobody_check Killing Spamd Process

Jul 24, 2007

My nobody_check is killing a process that seems to be o.k. but I'm not sure. The process is running /usr/bin/perl-bin which I never heard of. I thought it was /usr/bin/perl

Should I be concerned? Again, I don't know what /perl-bin is.

Process ID: 28457 has been killed
Restuls for PID: 28457
total 0
dr-xr-xr-x 3 nobody nobody 0 Jul 23 17:00 .
dr-xr-xr-x 201 root root 0 Jun 29 11:59 ..
dr-xr-xr-x 2 root root 0 Jul 23 17:00 attr
-r-------- 1 root root 0 Jul 23 17:00 auxv
-r--r--r-- 1 root root 0 Jul 23 17:00 cmdline
lrwxrwxrwx 1 root root 0 Jul 23 17:00 cwd -> /
-r-------- 1 root root 0 Jul 23 17:00 environ
lrwxrwxrwx 1 root root 0 Jul 23 17:00 exe -> /usr/bin/perl-bin
dr-x------ 2 root root 0 Jul 23 17:00 fd
-rw-r--r-- 1 root root 0 Jul 23 17:00 loginuid
-r-------- 1 root root 0 Jul 23 17:00 maps
-rw------- 1 root root 0 Jul 23 17:00 mem
-r--r--r-- 1 root root 0 Jul 23 17:00 mounts
lrwxrwxrwx 1 root root 0 Jul 23 17:00 root -> /
-r--r--r-- 1 root root 0 Jul 23 17:00 stat
-r--r--r-- 1 root root 0 Jul 23 17:00 statm
-r--r--r-- 1 root root 0 Jul 23 17:00 status
dr-xr-xr-x 3 root root 0 Jul 23 17:00 task
-r--r--r-- 1 root root 0 Jul 23 17:00 wchan

Netstat:
tcp 0 0 127.0.0.1:783 127.0.0.1:40957
CLOSE_WAIT 28457/spamd child
udp 0 0 xx.xxx.xxx.xx:41008 216.52.190.1:53
ESTABLISHED 28457/spamd child
unix 3 [ ] STREAM CONNECTED 120878416 28457/spamd
child
unix 2 [ ] DGRAM 120872220 28457/spamd
child
unix 2 [ ] STREAM CONNECTED 120847759 28457/spamd
child
unix 2 [ ] STREAM CONNECTED 120832442 28457/spamd
child

Environ:

Process ID: 23944 has been killed
Restuls for PID: 23944
total 0
dr-xr-xr-x 3 nobody nobody 0 Jul 23 16:55 .
dr-xr-xr-x 206 root root 0 Jun 29 11:59 ..
dr-xr-xr-x 2 root root 0 Jul 23 17:00 attr
-r-------- 1 root root 0 Jul 23 17:00 auxv
-r--r--r-- 1 root root 0 Jul 23 16:55 cmdline
lrwxrwxrwx 1 root root 0 Jul 23 17:00 cwd -> /
-r-------- 1 root root 0 Jul 23 17:00 environ
lrwxrwxrwx 1 root root 0 Jul 23 16:55 exe -> /usr/bin/perl-bin
dr-x------ 2 root root 0 Jul 23 17:00 fd
-rw-r--r-- 1 root root 0 Jul 23 17:00 loginuid
-r-------- 1 root root 0 Jul 23 17:00 maps
-rw------- 1 root root 0 Jul 23 17:00 mem
-r--r--r-- 1 root root 0 Jul 23 17:00 mounts
lrwxrwxrwx 1 root root 0 Jul 23 17:00 root -> /
-r--r--r-- 1 root root 0 Jul 23 16:55 stat
-r--r--r-- 1 root root 0 Jul 23 16:55 statm
-r--r--r-- 1 root root 0 Jul 23 16:55 status
dr-xr-xr-x 3 root root 0 Jul 23 17:00 task
-r--r--r-- 1 root root 0 Jul 23 17:00 wchan

Netstat:
tcp 1 0 127.0.0.1:783 127.0.0.1:40955
CLOSE_WAIT 23944/spamd child
udp 0 0 xx.xx.xxx.xxx:55606 216.52.190.1:53
ESTABLISHED 23944/spamd child
unix 3 [ ] STREAM CONNECTED 120847760 23944/spamd
child
unix 2 [ ] STREAM CONNECTED 120832442 23944/spamd
child
unix 2 [ ] DGRAM 120677444 23944/spamd
child

Environ:

View 4 Replies View Related

GoDaddy Masking Is Killing My Site - Alternative?

Apr 12, 2007

So we've got a client setup with 2 domains; 1 main and 1 secondary.

The secondary domain is a 301 redirect with masking through GoDaddy. The reason for the masking is because we need the domain name to stay the same after the redirect. (So people who come in on DomainB will only see DomainB in the url bar.)

The problem: GoDaddy has uses a "zero frame" element to implement the masking and it's messing up the display of our site.

Note: The display only screws up in IE.

Primary domain: www.BristolCountyWomensJournal.com --> (This works fine.)
301 domain: www.WomensJournals.com --> (Check out the messy background!)

Anyone know of alternatives to Domain Masking?

View 0 Replies View Related

Determine What Cron Jobs Are Killing Server And When

Jan 8, 2009

We're running on Linux/Apache/MySQL/RoR and have a number of cron jobs that run throughout the day on our server. We've been noticing lately that at certain times of the day the site becomes really slow. When I'm online with my engineers I can mention this to them and they can check and see and say "Oh yeah, it's job XYZ that's spiking the server load."

That's great but much of the time when I notice the sluggishness my developers are offline (we're in different time zones). I'm wondering if there's a fairly easy way to track this when they're not online so we can say "Yup, last night at 10 PM your time when you noticed that it was job ABC." There has to be something that allows you to do this right?

View 3 Replies View Related

Why Lunarpages Rules

Aug 9, 2006

I signed up with Lunarpages a while back for a dedicated server for my business. Good price, managed hosting rocks, decent disk space... little problem once with a huge power outage, but **** happens, cool.

All is well until I wake up this morning to an email a minute about a failed cron job. It smells fishy, so I contact LUnar pages support to see whats up.

They inform me that some asswad had managed to brute force into my server using a temporary account I set up a while back for some tech support. (I prefaced this with 'im an idiot', so no you know why)
Either way, my server now has a rootkit, plus other **** im sure im not aware of... so they propose to move me to a brand new fresh box. im thinking they are gonna charge me a fee for this, a fee for that... no way. All is free of charge.

Im ****ting kittens now.

so im resetting everything up, and i manage to look myself out of my database...(i told you I was an idiot.. and this was a looooong day already)

they fix it. again. no problem...

If you are looking for a dedicated server, go to lunarpages. otherwise you are a freaking idiot as far as I am concerned...
Lunarpages, I love you, I want your babies...

PS: I am in no way affiliated with lunarpages... however, if they want to give me a free year on their servers, i wouldnt complain... *hint hint*

View 0 Replies View Related

Mod_security Rules

May 25, 2009

Is it possible to disable a particular mod_security rule for particular directory or the rules are global?

View 4 Replies View Related

Ip6tables Rules

May 26, 2009

I want to block the icmp6 and traceroute on my ipv6 server,how can i do it?

View 1 Replies View Related

Mod_security Rules In WHM

Aug 15, 2008

I just installed mod_security via WHM, and want to know what rule should I enter to prevent some URLs from being opened.

For example, if URL contains word "abc" (like domain.com/some_folder/abc/file.php), it should not be opened.

View 4 Replies View Related

How To Set The Rules Of MOD_Security

Jun 4, 2008

how to set the rules of MOD_Security.

Another question for professionals:

Q: What are the best rules to secure my server? I'd appreciate if you managed to attach these rules to your replies. // FYI, I host VBulletin portals.

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved