Netstat Results Show 3 Ips In Same Location With Several Connections

Mar 13, 2008

I'm new to server administration/security/troubleshooting, so I have included a lot of info here hoping it will help.

This started because a Linux VPS with CentOS and Exim crashed after only 3000 emails were sent (of 30000) total

I ran a netstat and several times I get three separate ips with the only difference being the last two digits and the port number:
86.104.230.29:59009
86.104.117.45:18065
89.37.137.157:41593

As far as I can tell they are from Romania, and there are several connections.

I have posted a lot of information below, if someone can take a look and give some ideas, it would be very much appreciated.

netstat:

Code:
tcp 0 0 mydomain.com:http 86.104.117.98:34060 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.82:59022 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.219:52276 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.163:25383 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.154:20794 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.235:39094 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.127:61711 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.127:5748 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.37:63424 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.228:54121 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.226:39605 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.91:6446 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.10:54841 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.100:22842 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.118:32674 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.80:16559 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.64:47817 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.136:21718 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.246:37288 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.28:62119 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.190:4468 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.8:25247 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.100:35503 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.199:20896 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.237:saft SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.199:47952 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.118:60561 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.181:10844 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.125:50584 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.253:17855 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.10:25740 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.109:29528 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.62:47349 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.55:4614 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.226:22001 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.163:11790 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.44:8911 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.46:telnets SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.190:27377 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.181:34031 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.19:41722 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.100:57151 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.145:61402 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.53:52461 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.26:42463 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.217:35530 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.35:63414 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.154:56638 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.26:43972 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.172:6922 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.17:3683 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.210:2397 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.46:18754 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.244:4032 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.235:8602 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.82:39495 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.19:28848 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.163:47624 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.8:2683 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.55:43300 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.37:1664 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.118:36892 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.17:7317 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.109:56229 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.217:45257 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.73:15278 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.64:14076 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.116:14567 SYN_RECV

View 3 Replies


ADVERTISEMENT

Should Location Of Host = Location Of Targeted Visitors?

Sep 19, 2008

Just a question about hosting your site in the same country where your main targeted visitors is located. It is my belief that I should host my sites in the same country where I the targeted visitors are. Am I correct in saying this??

So..
US Focus Site should be hosted in the US
Canadian Focus Site should be hosted in Canada
And UK Focus Site would be hosted in the UK??????

View 14 Replies View Related

Netstat -an Or -tln

Aug 9, 2008

netstat -tln shows my port 80 is listening.

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN

but netstat -an shows nothing about port 80

actually my web can not be accessed. it shows "Cannot find server or DNS Error " under Internet Explorer.

View 4 Replies View Related

Netstat, Csf

Jun 11, 2007

I am not shure if this is a configuration problem or it's bacause netstat has it's own way to display things.

Recently csf blocked an IP address for flooding.

My server ip address is something like 192.168.1.201.

The ip that csf blocked was 192.168.1.20.

That IP belongs to an other server that is not ours.

netstat was showing a lot of connections from 192.168.1.20 (the ip that is not ours) but the guys that manage the server with that ip (192.168.1.20) did not saw any connection from them to us. So I thought it's just a spoofed flood. But, the thing is I've blocked that ip and still connections were made.

My conclusion was that netstat was showing 192.168.1.20 "flooding" instead of 192.168.1.201. (the server was connectiong to itself).

iptraf also was showing the server was connecting to itself on the lo interface.

My questions are:
csf is based on netstat for tracking connections?
has anyone had ths type of problem before?
If netstat is showing something else isn't this a bad thing for all (a lot) the scripts that use netstat?

View 0 Replies View Related

Netstat & APF Cron Job

Oct 28, 2008

Netstat & APF cron job ...

View 7 Replies View Related

Netstat :: How To List IP Addresses?

May 19, 2009

My site is under attack, when i run this command
[php]netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -[/php
it show

1 116.xxx

1 118.xxx

1 203.xx

1 222.xxx

1 Address

1 servers)

3 115.xxx

3 123.xxx

4 58.xxx

10 127.0.0.1

694

What 694 connections mean ? Why netstat don't list their IP ? How can i know which IP is attacking my site ?

View 5 Replies View Related

SSH Command :: Netstat -alpn?

Dec 25, 2008

what does the below command actually means I mean when we use it? and in which case it help us? and up to what value there is nothing to worry about? Waiting for detailed reply

netstat -alpn | grep :80 | awk '{print $4}' | cut -d: -f1 |sort |uniq -c

View 10 Replies View Related

Does IP Address Location = Server Location

Nov 6, 2009

I have a VPS and when I signed up I was told by the provider that the server was based in a UK datacentre. However, I've just done a search on the IP address for my VPS and it comes up as 'The IP address is assigned to France'.

Does this mean the server's actually located in France?

View 5 Replies View Related

-bash: Netstat: Command Not Found

Apr 2, 2008

i got a new sever and was looking at few thing.

just ran netstat and saw this -bash: netstat: command not found

how can i correct it?

View 7 Replies View Related

Listing/banning Ipv6 Addresses From Netstat Output

Jan 19, 2008

I've been happily banning ip's using the output from

netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

for over a year now, with iptables. However recently, after upgrading to apache 2.2, the connections in netstat get listed as ipv6. A row can look like this for example:

tcp6 0 0 ::ffff:12.123.123.123:80 ::ffff:12.123.12.:12382 ESTABLISHED-

(actual ip addresses changed)

As you can see, the remote ip address isn't complete, it's cut off, so the script used to sum up connections and insert into iptables isnt doing anything.

View 0 Replies View Related

Paging Results Of Ls Through FTP

Jan 28, 2009

Is there a way to page results from ls through FTP similar to the way you can in your shell by using ls | less (or ls -l | more)? When I try ls | less through FTP, even on a linux server, it wants to output to a local file?

View 3 Replies View Related

Logwatch Results

Jul 26, 2007

##################################################################

--------------------- Selinux Audit Begin ------------------------

Number of audit daemon stops: 4

**Unmatched Entries**
Error sending failure mode request (Connection refused)
Unable to set audit pid, exiting
Cannot daemonize (Success)
Error sending failure mode request (Connection refused)
Error sending failure mode request (Connection refused)
Unable to set audit pid, exiting
Cannot daemonize (Success)
Error sending failure mode request (Connection refused)

---------------------- Selinux Audit End -------------------------

--------------------- Cron Begin ------------------------

Commands Run:
User *system*:
personal crontab reloaded: 2 Time(s)
User agadirnet:
personal crontab listed: 1 Time(s)
User dafatir:
personal crontab listed: 1 Time(s)
User drweb:
/opt/drweb/update.pl: 37 Time(s)
User kari:
personal crontab listed: 1 Time(s)
User karicom:
personal crontab listed: 1 Time(s)
User kastala:
personal crontab listed: 1 Time(s)
User mailman:
/usr/lib/mailman/cron/checkdbs: 1 Time(s)
/usr/lib/mailman/cron/disabled: 1 Time(s)
/usr/lib/mailman/cron/gate_news: 223 Time(s)
/usr/lib/mailman/cron/nightly_gzip: 1 Time(s)
User root:
/opt/php51/bin/php5
/usr/local/sitebuilder/utils/clear_trial_sites.php > /dev/null 2>&1: 19
Time(s)
/opt/php51/bin/php5 /usr/local/sitebuilder/utils/sip1.php >
/dev/null 2>&1: 1 Time(s)
/opt/php51/bin/php5 /usr/local/sitebuilder/utils/sip2.php >
/dev/null 2>&1: 1 Time(s)
/opt/php51/bin/php5 /usr/local/sitebuilder/utils/update_key.php >
/dev/null 2>&1: 1 Time(s)
/usr/local/psa/admin/sbin/backupmng >/dev/null 2>&1: 74 Time(s)
/usr/local/psa/libexec/modules/watchdog/cp/clean-events: 1
Time(s)
/usr/local/psa/libexec/modules/watchdog/cp/clean-sysstats: 1
Time(s)
/usr/local/psa/libexec/modules/watchdog/cp/pack-sysstats day: 1
Time(s)
/usr/local/rtm/bin/rtm 40 >/dev/null 2>/dev/null: 1116 Time(s)
/usr/local/sbin/bfd -q: 112 Time(s)
/usr/sbin/ntpdate -b -s 213.186.33.99: 1 Time(s)
run-parts /etc/cron.daily: 1 Time(s)
run-parts /etc/cron.hourly: 18 Time(s)

CRON Restarted 2 Time(s)

---------------------- Cron End -------------------------

--------------------- httpd Begin ------------------------

0.07 MB transferred in 211 responses (1xx 0, 2xx 26, 3xx 173, 4xx 12,
5xx 0)
148 Images (0.00 MB),
62 Content pages (0.07 MB),
1 Other (0.00 MB)

Requests with error response codes
400 Bad Request
/vb/Juice/images/editor/bold.gif: 1 Time(s)
/w00tw00t.at.ISC.SANS.DFind: 1 Time(s)
404 Not Found
/admin/phpmyadmin/main.php: 1 Time(s)
[url]
---------------------- httpd End -------------------------

--------------------- Kernel Begin ------------------------

2 Time(s): PrefPort:A RlmtMode:Check Link State
2 Time(s): Virtual Wire compatibility mode.
2 Time(s): autonegotiation: yes
2 Time(s): duplex mode: full
2 Time(s): flowctrl: none
2 Time(s): ide0: BM-DMA at 0xfc00-0xfc07, BIOS settings: hda:pio,
hdb:pio
2 Time(s): ide1: BM-DMA at 0xfc08-0xfc0f, BIOS settings: hdc:pio,
hdd:pio
2 Time(s): irq moderation: disabled
2 Time(s): rx-checksum: disabled
2 Time(s): scatter-gather: disabled
2 Time(s): speed: 100
2 Time(s): tx-checksum: disabled
1 Time(s): pIII_sse : 4821.000 MB/sec
1 Time(s): pIII_sse : 4822.000 MB/sec
2 Time(s): IO window: e000-efff
2 Time(s): MEM window: fbf00000-fbffffff
2 Time(s): PREFETCH window: 20000000-200fffff
2 Time(s): Type: Direct-Access ANSI SCSI
revision: 05
2 Time(s): Vendor: ATA Model: Hitachi HDS72168 Rev: P21O
2 Time(s): BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
2 Time(s): BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved)
2 Time(s): BIOS-e820: 00000000000e6000 - 0000000000100000 (reserved)
2 Time(s): BIOS-e820: 0000000000100000 - 000000001f7b0000 (usable)
2 Time(s): BIOS-e820: 000000001f7b0000 - 000000001f7c0000 (ACPI data)
2 Time(s): BIOS-e820: 000000001f7c0000 - 000000001f7f0000 (ACPI NVS)
2 Time(s): BIOS-e820: 000000001f7f0000 - 000000001f800000 (reserved)
2 Time(s): BIOS-e820: 00000000ffb80000 - 0000000100000000 (reserved)
2 Time(s): sda: sda1 sda2 sda3
2 Time(s): ..TIMER: vector=0x31 apic1=0 pin1=2 apic2=0 pin2=0
2 Time(s): 0MB HIGHMEM available.
2 Time(s): 3ware 9000 Storage Controller device driver for Linux
v2.26.02.007.
2 Time(s): 3ware Storage Controller device driver for Linux
v1.26.02.001.
2 Time(s): 503MB LOWMEM available.
2 Time(s): ATA: abnormal status 0x7F on port 0xD407
2 Time(s): Adding 522104k swap on /dev/sda3. Priority:-1 extents:1
across:522104k
2 Time(s): Allocating PCI resources starting at 20000000 (gap:
1f800000:e0380000)
2 Time(s): BIOS-provided physical RAM map:
2 Time(s): Brought up 1 CPUs
2 Time(s): Built 1 zonelists. Total pages: 128944
2 Time(s): CPU0: Intel P4/Xeon Extended MCE MSRs (24) available
2 Time(s): CPU0: Intel(R) Pentium(R) 4 CPU 3.00GHz stepping 09
2 Time(s): CPU: L2 cache: 1024K
2 Time(s): CPU: Physical Processor ID: 0
2 Time(s): CPU: Trace cache: 12K uops, L1 D cache: 16K
1 Time(s): Calibrating delay using timer specific routine.. 5989.49
BogoMIPS (lpj=11978986)
1 Time(s): Calibrating delay using timer specific routine.. 5989.50
BogoMIPS (lpj=11979013)
2 Time(s): Checking 'hlt' instruction... OK.
2 Time(s): Checking if this processor honours the WP bit even in
supervisor mode... Ok.
2 Time(s): Compat vDSO mapped to ffffe000.
2 Time(s): Console: colour VGA+ 80x25
2 Time(s): Copyright (c) 1999-2005 LSI Logic Corporation
2 Time(s): Copyright (c) 1999-2006 Intel Corporation.
2 Time(s): DMI 2.3 present.
2 Time(s): Dentry cache hash table entries: 65536 (order: 6, 262144
bytes)
1 Time(s): Detected 2992.767 MHz processor.
1 Time(s): Detected 2992.772 MHz processor.
2 Time(s): Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
2 Time(s): ENABLING IO-APIC IRQs
2 Time(s): EXT3 FS on sda1, internal journal
2 Time(s): EXT3 FS on sda2, internal journal
2 Time(s): EXT3-fs: INFO: recovery required on readonly filesystem.
4 Time(s): EXT3-fs: mounted filesystem with ordered data mode.
2 Time(s): EXT3-fs: recovery complete.
1 Time(s): EXT3-fs: sda1: 4 orphan inodes deleted
1 Time(s): EXT3-fs: sda1: orphan cleanup on readonly fs
2 Time(s): EXT3-fs: write access will be enabled during recovery.
2 Time(s): Enabling APIC mode: Flat. Using 1 I/O APICs
2 Time(s): Enabling fast FPU save and restore... done.
2 Time(s): Enabling unmasked SIMD FPU exception support... done.
2 Time(s): ExtINT not setup in hardware but reported by MP table
2 Time(s): Freeing SMP alternatives: 20k freed
2 Time(s): Freeing unused kernel memory: 220k freed
2 Time(s): Fusion MPT SAS Host driver 3.04.01
2 Time(s): Fusion MPT SPI Host driver 3.04.01
2 Time(s): Fusion MPT base driver 3.04.01
2 Time(s): Fusion MPT misc device (ioctl) driver 3.04.01
2 Time(s): I/O APIC #2 Version 32 at 0xFEC00000.
2 Time(s): ICH5: IDE controller at PCI slot 0000:00:1f.1
2 Time(s): ICH5: chipset revision 2
2 Time(s): ICH5: not 100% native mode: will probe irqs later
2 Time(s): IP route cache hash table entries: 4096 (order: 2, 16384
bytes)
2 Time(s): IPv4 over IPv4 tunneling driver
2 Time(s): Initializing CPU#0
2 Time(s): Initializing Cryptographic API
2 Time(s): Inode-cache hash table entries: 32768 (order: 5, 131072
bytes)
2 Time(s): Intel MultiProcessor Specification v1.4
2 Time(s): Intel machine check architecture supported.
2 Time(s): Intel machine check reporting enabled on CPU#0.
2 Time(s): Intel(R) PRO/1000 Network Driver - version 7.1.9-k4-NAPI
2 Time(s): Kernel command line: auto BOOT_IMAGE=linux ro root=801 nousb
2 Time(s): Linux agpgart interface v0.101 (c) Dave Jones
2 Time(s): Linux version 2.6.18.1-xxxx-grs-ipv4-32
(root@kernel-32.ovh.net) (version gcc 3.3.5 (Debian 1:3.3.5-13)) #2 SMP
Fri Nov 3 23:04:19 CET 2006
2 Time(s): Memory: 506412k/515776k available (2860k kernel code, 8896k
reserved, 1080k data, 220k init, 0k highmem)
2 Time(s): Mount-cache hash table entries: 512
2 Time(s): NET: Registered protocol family 1
2 Time(s): NET: Registered protocol family 16
2 Time(s): NET: Registered protocol family 17
2 Time(s): NET: Registered protocol family 2
2 Time(s): Netfilter messages via NETLINK v0.30.
2 Time(s): OEM ID: ASUSTeK Product ID: APIC at: 0xFEE00000
2 Time(s): PCI quirk: region 0480-04bf claimed by ICH4 GPIO
2 Time(s): PCI quirk: region 0800-087f claimed by ICH4 ACPI/GPIO/TCO
2 Time(s): PCI->APIC IRQ transform: 0000:00:02.0[A] -> IRQ 16
2 Time(s): PCI->APIC IRQ transform: 0000:00:1f.1[A] -> IRQ 18
2 Time(s): PCI->APIC IRQ transform: 0000:00:1f.2[A] -> IRQ 18
2 Time(s): PCI->APIC IRQ transform: 0000:01:0d.0[A] -> IRQ 23
2 Time(s): PCI: Bridge: 0000:00:1e.0
2 Time(s): PCI: Enabling device 0000:00:1f.1 (0005 -> 0007)
2 Time(s): PCI: Ignore bogus resource 6 [0:0] of 0000:00:02.0
2 Time(s): PCI: Ignoring BAR0-3 of IDE controller 0000:00:1f.1
2 Time(s): PCI: PCI BIOS revision 2.10 entry at 0xf0031, last bus=1
2 Time(s): PCI: Probing PCI hardware
2 Time(s): PCI: Transparent bridge - 0000:00:1e.0
2 Time(s): PCI: Using IRQ router PIIX/ICH [8086/24d0] at 0000:00:1f.0
2 Time(s): PCI: Using configuration type 1
2 Time(s): PID hash table entries: 2048 (order: 11, 8192 bytes)
2 Time(s): Processor #0 15:4 APIC version 20
2 Time(s): Processors: 1
2 Time(s): Real Time Clock Driver v1.12ac
4 Time(s): SCSI device sda: 160836480 512-byte hdwr sectors (82348 MB)
4 Time(s): SCSI device sda: drive cache: write back
2 Time(s): SCSI subsystem initialized
2 Time(s): SGI XFS with large block numbers, no debug enabled
2 Time(s): SMP alternatives: switching to UP code
2 Time(s): Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ
sharing disabled
2 Time(s): Setting up standard PCI resources
2 Time(s): Software Watchdog Timer: 0.07 initialized. soft_noboot=0
soft_margin=60 sec (nowayout= 0)
2 Time(s): TCP bic registered
2 Time(s): TCP bind hash table entries: 8192 (order: 4, 65536 bytes)
2 Time(s): TCP established hash table entries: 16384 (order: 5, 131072
bytes)
2 Time(s): TCP reno registered
2 Time(s): TCP: Hash tables configured (established 16384 bind 8192)
2 Time(s): Time: tsc clocksource has been installed.
1 Time(s): Total of 1 processors activated (5989.49 BogoMIPS).
1 Time(s): Total of 1 processors activated (5989.50 BogoMIPS).
2 Time(s): Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2
2 Time(s): Using IPI Shortcut mode
2 Time(s): VFS: Disk quotas dquot_6.5.1
2 Time(s): VFS: Mounted root (ext3 filesystem) readonly.
2 Time(s): ata1: SATA max UDMA/133 cmd 0xD400 ctl 0xD002 bmdma 0xC000
irq 18
2 Time(s): ata2.00: ATA-7, max UDMA/133, 160836480 sectors: LBA48 NCQ
(depth 0/32)
2 Time(s): ata2.00: ata2: dev 0 multi count 16
2 Time(s): ata2.00: configured for UDMA/133
2 Time(s): ata2: SATA max UDMA/133 cmd 0xC800 ctl 0xC402 bmdma 0xC008
irq 18
2 Time(s): ata_piix 0000:00:1f.2: MAP [ P0 -- P1 -- ]
2 Time(s): device-mapper: ioctl: 4.7.0-ioctl (2006-06-24) initialised:
dm-devel@redhat.com
2 Time(s): drivers/rtc/hctosys.c: unable to open rtc device (rtc0)
2 Time(s): e100: Copyright(c) 1999-2005 Intel Corporation
2 Time(s): e100: Intel(R) PRO/100 Network Driver, 3.5.10-k2-NAPI
2 Time(s): eth0: Yukon Gigabit Ethernet 10/100/1000Base-T Adapter
2 Time(s): eth0: network connection up using port A
2 Time(s): floppy0: no floppy controllers found
2 Time(s): found SMP MP-table at 000ff780
2 Time(s): ide: Assuming 33MHz system bus speed for PIO modes; override
with idebus=xx
2 Time(s): io scheduler anticipatory registered (default)
2 Time(s): io scheduler cfq registered
2 Time(s): io scheduler deadline registered
2 Time(s): io scheduler noop registered
2 Time(s): ip_conntrack version 2.4 (4029 buckets, 32232 max) - 224
bytes per conntrack
2 Time(s): ip_tables: (C) 2000-2006 Netfilter Core Team
4 Time(s): kjournald starting. Commit interval 5 seconds
2 Time(s): klogd 1.4.1, log source = /proc/kmsg started.
2 Time(s): loop: loaded (max 8 devices)
4 Time(s): md: ... autorun DONE.
4 Time(s): md: Autodetecting RAID arrays.
4 Time(s): md: autorun ...
2 Time(s): md: bitmap version 4.39
2 Time(s): md: linear personality registered for level -1
2 Time(s): md: md driver 0.90.3 MAX_MD_DEVS=256, MD_SB_DISKS=27
2 Time(s): md: multipath personality registered for level -4
2 Time(s): md: raid0 personality registered for level 0
2 Time(s): md: raid1 personality registered for level 1
2 Time(s): md: raid4 personality registered for level 4
2 Time(s): md: raid5 personality registered for level 5
2 Time(s): md: raid6 personality registered for level 6
2 Time(s): megasas: 00.00.03.01 Sun May 14 22:49:52 PDT 2006
2 Time(s): mice: PS/2 mouse device common for all mice
2 Time(s): migration_cost=0
2 Time(s): monitor/mwait feature present.
2 Time(s): mptctl: /dev/mptctl @ (major,minor=10,220)
2 Time(s): mptctl: Registered with Fusion MPT base driver
2 Time(s): raid5: automatically using best checksumming function:
pIII_sse
1 Time(s): raid5: using function: pIII_sse (4821.000 MB/sec)
1 Time(s): raid5: using function: pIII_sse (4822.000 MB/sec)
1 Time(s): raid6: int32x1 862 MB/s
1 Time(s): raid6: int32x1 863 MB/s
2 Time(s): raid6: int32x2 795 MB/s
2 Time(s): raid6: int32x4 708 MB/s
1 Time(s): raid6: int32x8 543 MB/s
1 Time(s): raid6: int32x8 544 MB/s
1 Time(s): raid6: mmxx1 1831 MB/s
1 Time(s): raid6: mmxx1 1840 MB/s
2 Time(s): raid6: mmxx2 2122 MB/s
2 Time(s): raid6: sse1x1 1057 MB/s
1 Time(s): raid6: sse1x2 1208 MB/s
1 Time(s): raid6: sse1x2 1210 MB/s
1 Time(s): raid6: sse2x1 2099 MB/s
1 Time(s): raid6: sse2x1 2101 MB/s
1 Time(s): raid6: sse2x2 2252 MB/s
1 Time(s): raid6: sse2x2 2254 MB/s
1 Time(s): raid6: using algorithm sse2x2 (2252 MB/s)
1 Time(s): raid6: using algorithm sse2x2 (2254 MB/s)
2 Time(s): scsi0 : ata_piix
2 Time(s): scsi1 : ata_piix
2 Time(s): sd 1:0:0:0: Attached scsi disk sda
4 Time(s): sda: Write Protect is off
2 Time(s): serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
2 Time(s): serio: i8042 AUX port at 0x60,0x64 irq 12
2 Time(s): serio: i8042 KBD port at 0x60,0x64 irq 1
2 Time(s): tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
2 Time(s): tun: Universal TUN/TAP device driver, 1.6
2 Time(s): using mwait in idle threads.

---------------------- Kernel End -------------------------

View 0 Replies View Related

VPS Vs. Dedicated - New Benchmark Results

Jul 30, 2008

VPS vs. Dedicated - New Benchmark Results ....

View 1 Replies View Related

Leary With Traceroute Results

Dec 13, 2007

We're looking to bring in a T3 for our small startup hosting company and when we do traces from multiple location it always runs through a cox.net IP and it concerns me because I dont want our customers to believe they're being hosted on some kids cablemodem. What do you folks suggest, the IP is 64.19.96.5 to their outer router. Should it be a concern that we route through everyone through a cox.net IP?

View 10 Replies View Related

Final Results - HostWay

Apr 10, 2008

This is a follow-up to my original thread [url] regarding my client's experiences with HostWay.

I simply can't believe all of this, and I went through it.

The low points of the whole thing work out like this: In order to set up an SSL for my client's site, we needed a dedicated IP. If you do a traceroute on my client's URL, it resolves to someone else all together. Int he mean time, I tried to purchase an SSL through HostWay, and when they didn't respond in a week and a half, I e-mailed cancelling the order, and purchased a (thankfully) inexpensive SSL from GoDaddy. I got an e-mail back within hours from HW saying, literally, "We never processed your SSL order, so there's nothing to cancel. Let us know if there's anythig else we can do."

As I mentioned before, e-mail support seems to be handled off-shore, and it takes over a week for most answers. Phone support gets you, I found out, a service in Florida.

While the people I dealt with on the phone were always professional and polite, they literally could do almost nothing. I was told several times, "I have to e-mail someone in Chicago - no, I don't know who it is, all I have is an e-mail address."

Back to the SSL - seems HostWay already installed one on my client's site at some point - and it had nothing to do with my client. You could visit a secure version of the site, and it would tell you not to enter, as the cert didn't match the site.

My client and I both were on the phone with the Florida 800 number for hours at a time.

Average wait time to speak to someone was 30 minutes or so. I'm not carping about that part - but they were feeding us false information which was supposedly fed them from "Chicago." Specifically, I told them on the phone and via e-mail that the IP didn't resolve correctly, and that the old cert needed to be removed before a new one could go on (and only their SSL team can install certs, supposedly).

They told my client that the GoDaddy cert was causing them problems, and that it needed to be cancelled before they could install one of their GeoTrust certs. I nuked it - even though I knew better - and of course nothing was done. They lied to my client for several days, saying the new cert was installed (even though I knew it wasn't, and I told my client so, and showed them HW's tech was passing on false information).

This situation went on for almost two weeks. Finally, Monday night, my client got a supervisor based in British Columbia, Canada, who promised that he would walk "the tech admin" through fixing the problems that night. But that was only after my client threatened to pull his account.

Well, the IP is still screwed up, but they replaced the cert that night with one for which they charged my client an arm and a leg. The CC processing company is happy, so we let it ride, and they're now processing payments over the web.

If this is confusing, it's because I condensed many long days and nights into a few short paragraphs. Let's just say that HW didn't have their thinking caps on tight, because they committed to their preposterous stories to e-mails which we all received.

Later this year, at a conference to be held in Canada, a committee of nuclear power station operators will be discussing whether or not they should keep HW as the host of their site. Gee, I wonder what the consensus will be.

View 5 Replies View Related

Tuning-primer.sh Results, How To Act On Them

Nov 22, 2007

Quote:

MySQL Version 4.1.22-standard i686

Uptime = 0 days 0 hrs 4 min 15 sec
Avg. qps = 17
Total Questions = 4479
Threads Connected = 1

Warning: Server has not been running for at least 48hrs.
It may not be safe to use these recommendations

To find out more information on how each of these
runtime variables effects performance visit:
[url]

SLOW QUERIES
Current long_query_time = 10 sec.
You have 1 out of 4491 that take longer than 10 sec. to complete
The slow query log is NOT enabled.
Your long_query_time may be too high, I typically set this under 5 sec.

WORKER THREADS
Current thread_cache_size = 128
Current threads_cached = 6
Current threads_per_sec = 0
Historic threads_per_sec = 0
Your thread_cache_size is fine

MAX CONNECTIONS
Current max_connections = 2000
Current threads_connected = 1
Historic max_used_connections = 7
The number of used connections is 0% of the configured maximum.
You are using less than 10% of your configured max_connections.
Lowering max_connections could help to avoid an over-allocation of memory
See "MEMORY USAGE" section to make sure you are not over-allocating

MEMORY USAGE
Max Memory Ever Allocated : 96 M
Configured Max Per-thread Buffers : 10 G
Configured Max Global Buffers : 58 M
Configured Max Memory Limit : 10 G
Total System Memory : 3.95 G

Max memory limit exceeds 85% of total system memory

KEY BUFFER
Current MyISAM index space = 78 M
Current key_buffer_size = 16 M
Key cache miss rate is 1 : 735
Key buffer fill ratio = 8.00 %
Your key_buffer_size seems to be too high.
Perhaps you can use these resources elsewhere

QUERY CACHE
Query cache is enabled
Current query_cache_size = 32 M
Current query_cache_used = 4 M
Current query_cach_limit = 1 M
Current Query cache fill ratio = 14.83 %
Your query_cache_size seems to be too high.
Perhaps you can use these resources elsewhere
MySQL won't cache query results that are larger than query_cache_limit in size

SORT OPERATIONS
Current sort_buffer_size = 2 M
Current record/read_rnd_buffer_size = 256 K
Sort buffer seems to be fine

JOINS
Current join_buffer_size = 1.00 M
You have had 0 queries where a join could not use an index properly
Your joins seem to be using indexes properly

OPEN FILES LIMIT
Current open_files_limit = 10000 files
The open_files_limit should typically be set to at least 2x-3x
that of table_cache if you have heavy MyISAM usage.
Your open_files_limit value seems to be fine

TABLE CACHE
Current table_cache value = 1024 tables
You have a total of 721 tables
You have 93 open tables.
The table_cache value seems to be fine

TEMP TABLES
Current max_heap_table_size = 16 M
Current tmp_table_size = 32 M
Of 212 temp tables, 0% were created on disk
Effective in-memory tmp_table_size is limited to max_heap_table_size.
Created disk tmp tables ratio seems fine

TABLE SCANS
Current read_buffer_size = 1 M
Current table scan ratio = 17754 : 1
You have a high ratio of sequential access requests to SELECTs
You may benefit from raising read_buffer_size and/or improving your use of indexes.

TABLE LOCKING
Current Lock Wait ratio = 1 : 76
You may benefit from selective use of InnoDB.
If you have long running SELECT's against MyISAM tables and perform
frequent updates consider setting 'low_priority_updates=1'

how to make the changes in red? My server works good for awhile, but then gets REALLY REALLY slow.

View 1 Replies View Related

Results Of Top Command - Good/bad

Feb 3, 2007

I run the top command when memory usage seems to be running high on my server. I look at it and blink and have no real idea whether things are "okay" or not.

I apologize for the extreme basicness of this question. At the same I would love to have some kind of personal benchmark of "okayness" for this server so I can look at top results when things are dreadfully wrong and recognize it.

Based on these results would you say the server is holding up under traffic?
-----------------------------------

17:35:58 up 4 days, 2:26, 1 user, load average: 0.66, 0.57, 0.56
85 processes: 80 sleeping, 2 running, 3 zombie, 0 stopped
CPU states: cpu user nice system irq softirq iowait idle
total 5.4% 0.0% 1.3% 0.0% 0.0% 0.0% 93.3%
cpu00 6.2% 0.0% 1.4% 0.0% 0.2% 0.0% 92.2%
cpu01 4.8% 0.0% 1.0% 0.0% 0.0% 0.0% 94.2%
Mem: 4147916k av, 3420324k used, 727592k free, 0k shrd, 265360k buff
3128396k active, 91908k inactive
Swap: 2096440k av, 0k used, 2096440k free 2845408k cached

PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
7359 mysql 15 0 94352 16M 3448 S 2.1 0.4 0:08 0 mysqld
9099 nobody 19 0 20256 14M 2096 R 1.3 0.3 0:00 0 httpd
1 root 15 0 1592 496 436 S 0.0 0.0 0:00 0 init
2 root RT 0 0 0 0 SW 0.0 0.0 0:00 0 migration/0
3 root 34 19 0 0 0 SWN 0.0 0.0 0:00 0 ksoftirqd/0
4 root RT 0 0 0 0 SW 0.0 0.0 0:00 1 migration/1
5 root 34 19 0 0 0 SWN 0.0 0.0 0:00 1 ksoftirqd/1
6 root 10 -5 0 0 0 SW< 0.0 0.0 0:00 0 events/0
7 root 10 -5 0 0 0 SW< 0.0 0.0 0:00 1 events/1
8 root 10 -5 0 0 0 SW< 0.0 0.0 0:00 1 khelper
9 root 13 -5 0 0 0 SW< 0.0 0.0 0:00 1 kthread
13 root 18 -5 0 0 0 SW< 0.0 0.0 0:00 0 kblockd/0
14 root 11 -5 0 0 0 SW< 0.0 0.0 0:00 1 kblockd/1
---------------

View 2 Replies View Related

Ping Results For My VPS - Acceptable

Oct 23, 2007

We run our company website on a VPS.

Now we do notice, that quite frequently, the connection times out or the server responds slowly. A friend of mine said the VPS could be the issue of this.

I ran a ping test today for several hours, sending one ping with 16 bytes with a timeout set to 3 seconds.

From 18000 pings sent (5 hours), 120 failed. Which comes to one failure in 150 pings, or one failure every 2.5 minutes.

Is this still an acceptable failure rate or do I have reason to contact our VPS provider? According to our own usage statictics, we are not using much of the server's capacities.

View 2 Replies View Related

How Can I Get Rootkit Hunter To Email Me The Results

Apr 4, 2008

How can I get rootkit hunter to email me the results?

I tried
MAILTO=me@mydomain
0 0 * * * /root/rkhunter-1.3.2/files/rkhunter --cronjob
and
MAILTO=me@mydomain 0 0 * * * /root/rkhunter-1.3.2/files/rkhunter --cronjob

But it is not sending the email, nothing even show up in my exim_mainlog.

View 2 Replies View Related

Nameserver Giving False Results

Mar 25, 2007

Is there any way to avoid getting false name lookups when trying to resolv inexistent domains ? apart from using another nameserver.

I'm sorry if it was posted earlier, tried searching but it didn't help as it gave me large results.

Code:
[root@removed ~]# ping hjkdji284kajgafhj87da778dfsd.com
PING hjkdji284kajgafhj87da778dfsd..com.insertdchere.com (xx.xxx.xxx.xx) 56(84) bytes of data.
64 bytes from www.insertdchere.com (xx.xxx.xxx.xx): icmp_seq=0 ttl=61 time=1.00 ms
64 bytes from www.insertdchere.com (xx.xxx.xxx.xx): icmp_seq=1 ttl=61 time=0.952 ms
64 bytes from www.insertdchere.com (xx.xxx.xxx.xx): icmp_seq=2 ttl=61 time=1.34 ms

View 2 Replies View Related

Peer 1 Web Hosting Year End Results

Oct 31, 2007

I just read Peer 1 financials -they got big this year!

Does anyone know how many actual customers they have? The financials say $74.36 Million... with 9,000 customers... humm... they must have more than that? Just curious.

View 0 Replies View Related

Evaluating Anycast Domain Name Server (DNS) - Strange Results

Oct 22, 2009

Hope there is a DNS expert about that can make sense of what I observe and give an unbiased opinion.

We are currenlty evaluating hosted DNS providers. Anycast DNS seems like a great feature to have and we want fail over too. Narrowed down a list of possible suppliers: DNS Made Easy, Netriplex and Dynect.

After reading up on some blogs 1 & 2 mainly, we setup a Pingdom test to evaluate our three candidates.

For DME I used their own site URL for testing, Netriplex and Dynect gave us dedicated test accounts.

The average response times roughly follow the prices, DME is slowest, Netriplex next and Dynect is the winner. I have detailed logs in anyone is interested (in CSV).

Now for the unexpected results. All 3 providers give very long response times a few times a day - sometimes as long as 5 or 10 seconds. Now and again we see a timeout - i.e. a response of over 15 seconds.

We cross checked by running a testing our current non-anycast Rackspace DNS - similar outliers are present too.

Pingdom tech support think these outliers could be due to peering issues on the internet.

I would expect anycast DNS to be much more robust and to give decent response times even if there are localised networking issues.

So our outliers are either down to the way Pingdom does the testing, or just a 'feature' of the way DNS works.

Anyone with any bright ideas on how to explain this?

View 10 Replies View Related

Plesk 12.x / Linux :: Forcing HTTPS Results Into Many Redirects

May 16, 2015

I've been fiddling with Plesk to get HTTPS to work for [URL] .... Unfortunately I haven't had any successes at forcing HTTPS, all result in a 'to many redirects' message.

The certificate is already activated and can be verified trough; [URL] ....

Code:
proxy_error_log:2015/05/16 16:35:00 [crit] 21266#0: *2336 SSL_do_handshake() failed (SSL: error:140A1175:SSL routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback) while SSL handshaking, client: 64.41.200.106, server: 151.80.117.38:443
proxy_error_log:2015/05/16 16:36:37 [crit] 21266#0: *2616 SSL_do_handshake() failed (SSL: error:14094085:SSL

[Code] .....

View 11 Replies View Related

Plesk 12.x / Linux :: Search Results Could Not Be Loaded At The Moment

Oct 25, 2014

I have the follow errors at (one) of my plesk panel:

at Applications:

Search results could not be loaded at the moment. Retry Click to expand...

View 8 Replies View Related

BEWARE -Sudden Iframe Injection Attacks, Catastrophic Results

Sep 4, 2007

All my sites on both my hosting accounts are infected with an iframe.

At the end of the index.html files the malicious code just appeared...suddenly 3 weeks ago.

The host blamed Joomla so I took the appropriate steps:

Upgraded my Joomla to the latest version, changed the whole account username and password, changed the configuration and template to unwriteable.

It stopped the injection for a few days but then it came back.
I would also like to add that 2 other sites on my account, one simple index.html file and an old website I have that is totally HTML with nothing to do with Joomla also got infected.

The iframe also infected a Drupal install I did as a test.

So according to these fact is this a Hosting Company not taking responsibility or can a Joomla site infected spread to other normal HTML sites and different CMS's on the server?

This situation is ruinning me and I strongly suspect it's a Hosting problem and not Joomla.

Any expert opinions from true professionals would be appreciated because if I can prove that it's not a Joomla issue I might take legal action against the hosting company since this has cost me dozens of hours of work and several hundred dollars of lost revenue.

I am attaching the iframe exploit. It installs itself on every index file...in every folder - components, mambots, ect..additionally it attaches itself on any and every kind of addon that has an index.html file.

View 2 Replies View Related

Netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

Feb 1, 2007

What does this string do? I copy and paste it into my SSH Shell and i get ip addresses and numbers next to them.

Each number means one connection?

netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

View 1 Replies View Related

Plesk 12.x / Linux :: Failed Upgrade Results In Inconsistent DB And Unfunctional Panel

Oct 25, 2014

After last night's attempt to upgrade one of our old plesk servers (10.0.1), on RHEL 5.5, we are left with unfunctional control panel.

Following the KB [URL] ...., we see:

1) no /usr/local/psa/version file exists currently.

2) mysql -uadmin -p`cat /etc/psa/.psa.shadow` -D psa -e 'select * from upgrade_history order by upgrade_date desc limit 1'
+---------------------+--------------------------------+------------+
| upgrade_date | version_info | db_version |
+---------------------+--------------------------------+------------+
| 2010-12-01 10:52:30 | 10.0.1 RedHat el5 109101029.17 | 01090 |
+---------------------+--------------------------------+------------+

as you see the plesk was OLD. No line for the last night's upgrade, though in here.

3) but: rpm -q psa
psa-12.0.18-rhel5.build1200140606.15

So, the installation procedure finished partially, installing net packages, but not really updating all info.

Comparison of the MySQL scheme for DB psa with another server with the new installation shows that some minimal differences in some tables and a couple of missing tables. So, it looks like it _almost_ succeeded.

Comparison of the RPMs installed on the two servers, shows some differences in installed packages and versions. For example, there are 2 versions of psa-backup-manager and 2 versions of psa-migration-manager on the "malfunctioning" machine.

Further runs of the autoinstaller does not work, since it seems to think that everything is fully installed/updated. How to proceed from this point. Control panel does not work...

We've looked through the installation log files and Wonder if there is some log file that we are missing - where shold we look for messages in case of a failed installation?

View 8 Replies View Related

Plesk 12.x / Linux :: Removing FTP-user Through API Results In 500 Internal Server Error (PHP)

Apr 28, 2015

To automate some tasks for some projects I'm working on, I need to be able to automatically create or delete ftp-users.

Creating and listing ftp-accounts is working great, but when it comes to deleting them I run into an internal server error. Before my script gets the response it's waiting for, the script crashes.

- When live watching the Apache error-log with 'tail -f', the terminal-session is exited with 'Killed (core dumped)'
- Apache error-log shows:

Code:
(104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server, referer: http://example.com/ftp.php?action=delete
Premature end of script headers: ftp.php, referer: http://example.com/ftp.php?action=delete
- Webbrowser shows default '500 Internal Server Error'

I have checked and changed time-out settings, but it didn't work. Error occurs a few seconds after executing, while the timeouts are set to 60 to 90 seconds.

Packet send to Plesk:

Code:
<?xml version="1.0" encoding="UTF-8"?>
<packet version="1.6.6.0">
<ftp-user>

[Code].....

View 15 Replies View Related

Plesk 12.x / Linux :: 11 Backup Restore Results In Tons Of Failed With Return Code 1

Jul 30, 2014

a Backup from Plesk 11.0.9 last MU installed to Plesk 12.0.18 last MU installed brings a lot of:

Database:

<message code="FailedDatabaseUserDeployment" severity="warning" id="160ffa07-4a78-400b-88f9-8a4292b78c30">
<description>Failed deployment of database user phpbb of database usr_web2_3</description>
<message code="ExecCmd::ExFailed" severity="warning" id="f5e9a089-a046-4937-8fe0-bbaee9e61b7b">

[Code]....

View 7 Replies View Related

Meaning Of "netstat"

Dec 17, 2007

Maybe someone would be kind enough to enlighten me of the meaning of a netstat output. I know netstat is supposed to tell you the current active connections but would like some more details(what does each column mean?):

Code:
[root@]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address Stat
I notice that often times I see my ISP's mail server connecting to domains I didin't even set up yet. Sometimes I see google(I guess indexing my sites). But in addition some times I see some scary foreign addresses like from nigeria or one really common one, one which I see pretty often when I run netstat is:

Quote:

tcp 0 0 mydomain.com:http [somehostname].amenworld.com:40867 TIME_WAIT

I can't seem to make any sense of it, what are they doing and why are they always "connected' to my server?

I could just be over reacting on some of this stuff but just curious about what this all means.

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved