I was checking my business server's IIS errors logs when I ran across the following error:
2007-05-19 08:21:10 00.000.000.00 2243 00.000.000.000 80 HTTP/1.1 GET
/w00tw00t.at.ISC.SANS.DFind 400 - Hostname -
Additional information about the those responsible for the hack attempts are as follows
(retrieved from domaintools.com):
CustName: ----------------(hidden by me) Address: Private Address City: Plano StateProv: TX PostalCode: 75075 Country: US RegDate: 2005-08-27 Updated: 2005-08-27
Apparently this person was trying to use the dfind hacker tool to find vulnerabilities on my server. The IP address belongs to AT&T Yahoo; and I've already contacted them by email. I believe that subsequent hack attempts have originated from this IP, however, the IP address has been masked by the use of proxies. I think that this may be someone I know because the IP is only about an hours drive from me. I'm starting to suspect a disgruntled former client who has friends living where that IP's from.
Has anyone here had any similar experiences?
What do you think AT&T Yahoo's response will be?
Is there anything else I can do or should not do?
I am also considering reimaging my server because of system issues but I am concerned that would erase any information needed for investigative purposes. I have saved my log files, though, on a CD but I'm thinking that AT&T Yahoo or whoever investigates this needs the server as it is.
I have a database server – mysql.xx.com which is the main MySQL server in H-Sphere.
I've created a database from mysqladmin interface.
I can use the database without a problem but when I’m trying to access the database from another server that I’ve just installed, the PHP application says that it can not connect to the database.
Another thing is that if I move the php app with the same configuration file under a shared account under another H-Sphere server, it's working perfectly.
I’ve read the H-Sphere documentation about an option to enable remote access to the mysql server which I can’t find anymore under our H-Sphere 2.5 Patch 8.
I’ve done a lot of searching to see how can I make that PHP application to connect to mysql.xx.com but it seems that although I’ve run the command grant all …. Command for that database, it still doesn’t work.
One final thing – from that new server if I run "mysql –h mysql.xx.com –u user –p" I can connect to the database and do a use database, show tables etc.
From iptables on mysql.xx.com I see that it accepts connections from outside.
This issue of not getting that PHP application to connect to mysql.xx.com can be related to the fact that H-Sphere is using the server or what should I try further?
We have a front end server for the website Zymic.com (a free web hosting community), a mysql server and a main server for hosted websites. The problem lies between establishing a connection from the Zymic.com server to the database server - to sum it up, the connection just "hangs". We have never had this problem before, never edited anything which would cause a problem, its completely spontaneous.
My administrator has spent endless hours trying to debug the problem, here are some notes he gave me:
1. Ping to the mysql machine works fine.
2. Telnet to port 3306 of the mysql machine works great too – meaning NOT a network issue.
3. Strace on the connection shows it hangs when it calls the server and waits endlessly for response.
4. The mysql machine listens to the IP and port 3306 and connects great to the hosting server via SSH.
5. It's NOT a max connection issue but something to do with the mysql socket itself.
Here is a test from another site on the server to the mysql server: [url]
Code: <?php mysql_connect('126.96.36.199', 'wkscript', 'PASSWORD') or die(mysql_error()); mysql_select_db('domains_data') or die('SELECT ERROR : ' . mysql_error()); ?>
I bought a VPS to run a part of a application I have and it needs to connect to my database in cpanel. I have set everything up properly and allowed the remote server to connect to my server, I updated the DB connect file with the correct mysql server username and password. But when I try and run the script I get this error.
Client does not support authentication protocol requested by server; consider upgrading MySQL client in
I'm not 100% sure what to do. I don't understand why it wouldn't work because it works perfectly on the main server with my scripts. But I get that error message on the remote server.
We have got 200 customers, and we will to change to cpanel.
The MYSQL server is on a solaris zone. It is possible to make the remote connecting with it. I will import the 200 users MYSQL databases to cpanel, with privileges (user settings). The mail/web dir a will import manuali to cpanel server(copy-paste-setuser:group).
I just got a new server and discoverd very strange problem. It happends 2-3 times every hour. When I try to access some webpage which connects to MySQL, I get page header and then page hangs for some 1 minute. After some 1 minute everything is back to normal. I can open several windows with different websites hosted on my server and the same problem is in all windows. At the same time I can access al websites without MySQL connections.
I have 2 identical Fedora8 boxes with Apache 2.2.8, MySQL 5.0.45 and PhP 5.2.4. I use one as the Web+DB server (say box A), and the other (box B) just as the Web server connecting to the DB server on box A. I use this 2 machine configuration to test a LAMP based-Web application. I have a client program on other machines that can emulate a massive web workload to these 2 servers; it can emulate hundreds to thousands of users using the application simultaneously.
Before running the test, the connection to the DB server from both boxes seem fine. Using the mysql client program on either box A or B trying to connect to the DB, the connection goes through instantly. In the /etc/my.cnf file, I have max_connections=4096 and max_user_connections=4096. Note that the web app uses one single db user to connect to the db. To allow remote connection, I inserted one record into the user table of the mysql db whose the host field's value is '%' (allow connection from all remote hosts).
After running the test (which I found out that many requests sent to box B failed), mysql client program on box A is still able to connect to the db instantly; but the one on box B has a problem: it takes extremely long (5 - 10 minutes or even more) to establish the connection, it doesn't time out, just takes that long. I believe that's the cause for the failure of requests to box B.
The main function of my dedicated server is the vBulletin forum that we run.
Ever since I had bastille firewall installed and configured on my server we have been getting regular vBulletin errors.
Everything runs pretty smoothly most of the time, we can carry lots of connections without any issues, server has plenty of free RAM and CPU is never overloaded even during peak hours. I have been told bastille firewall (iptables) is configured correctly, all ports that need to be open are open.
But about twice per day we have a MySQL "disconnect" that lasts about 30-60 seconds per incident. For example we will start getting the following message via e-mail, and it will amount to 20-30 e-mails like this during the 30-60 second incident. After that, the e-mails and problems will go away, until next time.
vBulletin Database Error! mysql_connect(): Can't connect to MySQL server on 'sql.datacolony.com' (4) /hsphere/local/home/site/site.com/forum/includes/class_core.php on line 274 MySQL Error : Error Number : Date : Saturday, January 26th 2008 @ 07:53:05 PM Script : [url] Referrer : [url] IP Address : 188.8.131.52 Username : Classname : vb_database
The server is running CentOS 4.6, PHP 4.4.7, MySQL 5.0.45. The vBulletin software has been patched to the latest version. The vBulletin people are not sure why this could be happening.
Well we never believed that the firewall was causing the issue BUT it only started happening on the day the new firewall was installed. So we tried stopping the firewall for a full week and the MySQL database errors stopped happening, completely. So I'm convinced the problem is the firewall blocking MySQL connections but I can't figure out why?
There are no entries in the MySQL .err logs pertaining to this. Can't figure this out, any help or ideas is appreciated since the people who installed the firewall are not sure either.
I installed the MySQL binary packages in /usr/local/mysql/ after removing the MySQL RPM package. MySQL is functioning when I executed /usr/local/mysql/bin/safe_mysqld. I reinstalled MySQL before I installed PHP. When I used a PHP script to access a MySQL database, it outputs an error:
Code: Warning: mysqli::mysqli() [function.mysqli-mysqli]: (HY000/2002): can't connect to local mysql server through socket /var/lib/mysql/mysql.sock in index.php on line 2 However, I installed MySQL in /usr/local/mysql, not in /var/lib/mysql. How do I fix MySQL?
i do a tracert on my VPS and get the attached results. My location is South Africa. Lately it just seems a bit sluggish. Can somebody please do a tracert from USA and EU for me please to do a comparisons or advice me on this VPS
I have some huge files for download in this directory.
now, when our users trying to download files from this folder with flashget (or dap or ...) this programs create 5 connection to that files! so If a user trying to download 5 files , he have 25 connection to my server!
How can I limit connection per Ip on file in this folder ?
Today i get alert from server provider saying my server is under attack, i check netstat and found too many connections.
This ticket was automatically generated by the Softlayer Network Protection System. Due to the large amount of traffic targeted to your IP address 184.108.40.206, SoftLayer has automatically injected the IP address into our Cisco Guard Protection system. This system diverts traffic destined to the IP address 220.127.116.11 through hardware devices that will try to identify and block the specific packets and flows responsible for the attack while allowing legitimate transactions to pass. The injection of 18.104.22.168 will remain in place until this attack subsides and then be automatically removed once traffic levels reach a normal level.
Details of the event follow: Exceeded Bits In: 782.7 M (Threshold: 500 M)
The connections are from my server to port 80 of "22.214.171.124".
This is an error that dns report spat out to me. I have the firewall disabled as of now so I don't understand why packets would be blocked..if they are being blocked. From what I can tell, I can get to the server and resolve no problem...but could that stop other dns servers from connecting to it? I recently moved my cpanel box to another location in the LT datacenter in order to get on a different subnet - the previous one was a spam list nightmare. All IP's have been changed over and such...is this just cached from like the 14 hours I was down (ouch!) or is this still happening? I mean...its able to look up a records and it can get the mx servers...
error: Our local DNS server was unable to get your MX record. This usually means that a firewall in front of your DNS server is interfering. For example, it may be blocking DNS packets from low source port numbers (ours is often in the 1024-1030 range). Firewalls should never block DNS queries based on the source IP address; otherwise, it is guaranteed that legitimate queries will be blocked. This specific lookup must be cached, so a recent change may not be reflected.
I recently had a harddrive failure and luckliy I can still access certain directories on this failed drive. I can still access the /var/lib/mysql/ directory which holds all the users databases and have backed all these up separately using tar.
Now what I need to know is how do you restore these database files to another server? I tried simply untar'ing one of these to the new servers /var/lib/mysql/ direcotry and it stuffed Mysql up - it went offline. I had to get a cpanel tech to bring Mysql back online.
how can I get these database files to fully work on a new server?