Netstat Results Show 3 Ips In Same Location With Several Connections
Mar 13, 2008
I'm new to server administration/security/troubleshooting, so I have included a lot of info here hoping it will help.
This started because a Linux VPS with CentOS and Exim crashed after only 3000 emails were sent (of 30000) total
I ran a netstat and several times I get three separate ips with the only difference being the last two digits and the port number:
86.104.230.29:59009
86.104.117.45:18065
89.37.137.157:41593
As far as I can tell they are from Romania, and there are several connections.
I have posted a lot of information below, if someone can take a look and give some ideas, it would be very much appreciated.
Just a question about hosting your site in the same country where your main targeted visitors is located. It is my belief that I should host my sites in the same country where I the targeted visitors are. Am I correct in saying this??
So.. US Focus Site should be hosted in the US Canadian Focus Site should be hosted in Canada And UK Focus Site would be hosted in the UK??????
I am not shure if this is a configuration problem or it's bacause netstat has it's own way to display things.
Recently csf blocked an IP address for flooding.
My server ip address is something like 192.168.1.201.
The ip that csf blocked was 192.168.1.20.
That IP belongs to an other server that is not ours.
netstat was showing a lot of connections from 192.168.1.20 (the ip that is not ours) but the guys that manage the server with that ip (192.168.1.20) did not saw any connection from them to us. So I thought it's just a spoofed flood. But, the thing is I've blocked that ip and still connections were made.
My conclusion was that netstat was showing 192.168.1.20 "flooding" instead of 192.168.1.201. (the server was connectiong to itself).
iptraf also was showing the server was connecting to itself on the lo interface.
My questions are: csf is based on netstat for tracking connections? has anyone had ths type of problem before? If netstat is showing something else isn't this a bad thing for all (a lot) the scripts that use netstat?
what does the below command actually means I mean when we use it? and in which case it help us? and up to what value there is nothing to worry about? Waiting for detailed reply
I have a VPS and when I signed up I was told by the provider that the server was based in a UK datacentre. However, I've just done a search on the IP address for my VPS and it comes up as 'The IP address is assigned to France'.
Does this mean the server's actually located in France?
for over a year now, with iptables. However recently, after upgrading to apache 2.2, the connections in netstat get listed as ipv6. A row can look like this for example:
As you can see, the remote ip address isn't complete, it's cut off, so the script used to sum up connections and insert into iptables isnt doing anything.
Is there a way to page results from ls through FTP similar to the way you can in your shell by using ls | less (or ls -l | more)? When I try ls | less through FTP, even on a linux server, it wants to output to a local file?
Requests with error response codes 400 Bad Request /vb/Juice/images/editor/bold.gif: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind: 1 Time(s) 404 Not Found /admin/phpmyadmin/main.php: 1 Time(s) [url] ---------------------- httpd End -------------------------
--------------------- Kernel Begin ------------------------
2 Time(s): PrefPort:A RlmtMode:Check Link State 2 Time(s): Virtual Wire compatibility mode. 2 Time(s): autonegotiation: yes 2 Time(s): duplex mode: full 2 Time(s): flowctrl: none 2 Time(s): ide0: BM-DMA at 0xfc00-0xfc07, BIOS settings: hda:pio, hdb:pio 2 Time(s): ide1: BM-DMA at 0xfc08-0xfc0f, BIOS settings: hdc:pio, hdd:pio 2 Time(s): irq moderation: disabled 2 Time(s): rx-checksum: disabled 2 Time(s): scatter-gather: disabled 2 Time(s): speed: 100 2 Time(s): tx-checksum: disabled 1 Time(s): pIII_sse : 4821.000 MB/sec 1 Time(s): pIII_sse : 4822.000 MB/sec 2 Time(s): IO window: e000-efff 2 Time(s): MEM window: fbf00000-fbffffff 2 Time(s): PREFETCH window: 20000000-200fffff 2 Time(s): Type: Direct-Access ANSI SCSI revision: 05 2 Time(s): Vendor: ATA Model: Hitachi HDS72168 Rev: P21O 2 Time(s): BIOS-e820: 0000000000000000 - 000000000009fc00 (usable) 2 Time(s): BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved) 2 Time(s): BIOS-e820: 00000000000e6000 - 0000000000100000 (reserved) 2 Time(s): BIOS-e820: 0000000000100000 - 000000001f7b0000 (usable) 2 Time(s): BIOS-e820: 000000001f7b0000 - 000000001f7c0000 (ACPI data) 2 Time(s): BIOS-e820: 000000001f7c0000 - 000000001f7f0000 (ACPI NVS) 2 Time(s): BIOS-e820: 000000001f7f0000 - 000000001f800000 (reserved) 2 Time(s): BIOS-e820: 00000000ffb80000 - 0000000100000000 (reserved) 2 Time(s): sda: sda1 sda2 sda3 2 Time(s): ..TIMER: vector=0x31 apic1=0 pin1=2 apic2=0 pin2=0 2 Time(s): 0MB HIGHMEM available. 2 Time(s): 3ware 9000 Storage Controller device driver for Linux v2.26.02.007. 2 Time(s): 3ware Storage Controller device driver for Linux v1.26.02.001. 2 Time(s): 503MB LOWMEM available. 2 Time(s): ATA: abnormal status 0x7F on port 0xD407 2 Time(s): Adding 522104k swap on /dev/sda3. Priority:-1 extents:1 across:522104k 2 Time(s): Allocating PCI resources starting at 20000000 (gap: 1f800000:e0380000) 2 Time(s): BIOS-provided physical RAM map: 2 Time(s): Brought up 1 CPUs 2 Time(s): Built 1 zonelists. Total pages: 128944 2 Time(s): CPU0: Intel P4/Xeon Extended MCE MSRs (24) available 2 Time(s): CPU0: Intel(R) Pentium(R) 4 CPU 3.00GHz stepping 09 2 Time(s): CPU: L2 cache: 1024K 2 Time(s): CPU: Physical Processor ID: 0 2 Time(s): CPU: Trace cache: 12K uops, L1 D cache: 16K 1 Time(s): Calibrating delay using timer specific routine.. 5989.49 BogoMIPS (lpj=11978986) 1 Time(s): Calibrating delay using timer specific routine.. 5989.50 BogoMIPS (lpj=11979013) 2 Time(s): Checking 'hlt' instruction... OK. 2 Time(s): Checking if this processor honours the WP bit even in supervisor mode... Ok. 2 Time(s): Compat vDSO mapped to ffffe000. 2 Time(s): Console: colour VGA+ 80x25 2 Time(s): Copyright (c) 1999-2005 LSI Logic Corporation 2 Time(s): Copyright (c) 1999-2006 Intel Corporation. 2 Time(s): DMI 2.3 present. 2 Time(s): Dentry cache hash table entries: 65536 (order: 6, 262144 bytes) 1 Time(s): Detected 2992.767 MHz processor. 1 Time(s): Detected 2992.772 MHz processor. 2 Time(s): Dquot-cache hash table entries: 1024 (order 0, 4096 bytes) 2 Time(s): ENABLING IO-APIC IRQs 2 Time(s): EXT3 FS on sda1, internal journal 2 Time(s): EXT3 FS on sda2, internal journal 2 Time(s): EXT3-fs: INFO: recovery required on readonly filesystem. 4 Time(s): EXT3-fs: mounted filesystem with ordered data mode. 2 Time(s): EXT3-fs: recovery complete. 1 Time(s): EXT3-fs: sda1: 4 orphan inodes deleted 1 Time(s): EXT3-fs: sda1: orphan cleanup on readonly fs 2 Time(s): EXT3-fs: write access will be enabled during recovery. 2 Time(s): Enabling APIC mode: Flat. Using 1 I/O APICs 2 Time(s): Enabling fast FPU save and restore... done. 2 Time(s): Enabling unmasked SIMD FPU exception support... done. 2 Time(s): ExtINT not setup in hardware but reported by MP table 2 Time(s): Freeing SMP alternatives: 20k freed 2 Time(s): Freeing unused kernel memory: 220k freed 2 Time(s): Fusion MPT SAS Host driver 3.04.01 2 Time(s): Fusion MPT SPI Host driver 3.04.01 2 Time(s): Fusion MPT base driver 3.04.01 2 Time(s): Fusion MPT misc device (ioctl) driver 3.04.01 2 Time(s): I/O APIC #2 Version 32 at 0xFEC00000. 2 Time(s): ICH5: IDE controller at PCI slot 0000:00:1f.1 2 Time(s): ICH5: chipset revision 2 2 Time(s): ICH5: not 100% native mode: will probe irqs later 2 Time(s): IP route cache hash table entries: 4096 (order: 2, 16384 bytes) 2 Time(s): IPv4 over IPv4 tunneling driver 2 Time(s): Initializing CPU#0 2 Time(s): Initializing Cryptographic API 2 Time(s): Inode-cache hash table entries: 32768 (order: 5, 131072 bytes) 2 Time(s): Intel MultiProcessor Specification v1.4 2 Time(s): Intel machine check architecture supported. 2 Time(s): Intel machine check reporting enabled on CPU#0. 2 Time(s): Intel(R) PRO/1000 Network Driver - version 7.1.9-k4-NAPI 2 Time(s): Kernel command line: auto BOOT_IMAGE=linux ro root=801 nousb 2 Time(s): Linux agpgart interface v0.101 (c) Dave Jones 2 Time(s): Linux version 2.6.18.1-xxxx-grs-ipv4-32 (root@kernel-32.ovh.net) (version gcc 3.3.5 (Debian 1:3.3.5-13)) #2 SMP Fri Nov 3 23:04:19 CET 2006 2 Time(s): Memory: 506412k/515776k available (2860k kernel code, 8896k reserved, 1080k data, 220k init, 0k highmem) 2 Time(s): Mount-cache hash table entries: 512 2 Time(s): NET: Registered protocol family 1 2 Time(s): NET: Registered protocol family 16 2 Time(s): NET: Registered protocol family 17 2 Time(s): NET: Registered protocol family 2 2 Time(s): Netfilter messages via NETLINK v0.30. 2 Time(s): OEM ID: ASUSTeK Product ID: APIC at: 0xFEE00000 2 Time(s): PCI quirk: region 0480-04bf claimed by ICH4 GPIO 2 Time(s): PCI quirk: region 0800-087f claimed by ICH4 ACPI/GPIO/TCO 2 Time(s): PCI->APIC IRQ transform: 0000:00:02.0[A] -> IRQ 16 2 Time(s): PCI->APIC IRQ transform: 0000:00:1f.1[A] -> IRQ 18 2 Time(s): PCI->APIC IRQ transform: 0000:00:1f.2[A] -> IRQ 18 2 Time(s): PCI->APIC IRQ transform: 0000:01:0d.0[A] -> IRQ 23 2 Time(s): PCI: Bridge: 0000:00:1e.0 2 Time(s): PCI: Enabling device 0000:00:1f.1 (0005 -> 0007) 2 Time(s): PCI: Ignore bogus resource 6 [0:0] of 0000:00:02.0 2 Time(s): PCI: Ignoring BAR0-3 of IDE controller 0000:00:1f.1 2 Time(s): PCI: PCI BIOS revision 2.10 entry at 0xf0031, last bus=1 2 Time(s): PCI: Probing PCI hardware 2 Time(s): PCI: Transparent bridge - 0000:00:1e.0 2 Time(s): PCI: Using IRQ router PIIX/ICH [8086/24d0] at 0000:00:1f.0 2 Time(s): PCI: Using configuration type 1 2 Time(s): PID hash table entries: 2048 (order: 11, 8192 bytes) 2 Time(s): Processor #0 15:4 APIC version 20 2 Time(s): Processors: 1 2 Time(s): Real Time Clock Driver v1.12ac 4 Time(s): SCSI device sda: 160836480 512-byte hdwr sectors (82348 MB) 4 Time(s): SCSI device sda: drive cache: write back 2 Time(s): SCSI subsystem initialized 2 Time(s): SGI XFS with large block numbers, no debug enabled 2 Time(s): SMP alternatives: switching to UP code 2 Time(s): Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing disabled 2 Time(s): Setting up standard PCI resources 2 Time(s): Software Watchdog Timer: 0.07 initialized. soft_noboot=0 soft_margin=60 sec (nowayout= 0) 2 Time(s): TCP bic registered 2 Time(s): TCP bind hash table entries: 8192 (order: 4, 65536 bytes) 2 Time(s): TCP established hash table entries: 16384 (order: 5, 131072 bytes) 2 Time(s): TCP reno registered 2 Time(s): TCP: Hash tables configured (established 16384 bind 8192) 2 Time(s): Time: tsc clocksource has been installed. 1 Time(s): Total of 1 processors activated (5989.49 BogoMIPS). 1 Time(s): Total of 1 processors activated (5989.50 BogoMIPS). 2 Time(s): Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2 2 Time(s): Using IPI Shortcut mode 2 Time(s): VFS: Disk quotas dquot_6.5.1 2 Time(s): VFS: Mounted root (ext3 filesystem) readonly. 2 Time(s): ata1: SATA max UDMA/133 cmd 0xD400 ctl 0xD002 bmdma 0xC000 irq 18 2 Time(s): ata2.00: ATA-7, max UDMA/133, 160836480 sectors: LBA48 NCQ (depth 0/32) 2 Time(s): ata2.00: ata2: dev 0 multi count 16 2 Time(s): ata2.00: configured for UDMA/133 2 Time(s): ata2: SATA max UDMA/133 cmd 0xC800 ctl 0xC402 bmdma 0xC008 irq 18 2 Time(s): ata_piix 0000:00:1f.2: MAP [ P0 -- P1 -- ] 2 Time(s): device-mapper: ioctl: 4.7.0-ioctl (2006-06-24) initialised: dm-devel@redhat.com 2 Time(s): drivers/rtc/hctosys.c: unable to open rtc device (rtc0) 2 Time(s): e100: Copyright(c) 1999-2005 Intel Corporation 2 Time(s): e100: Intel(R) PRO/100 Network Driver, 3.5.10-k2-NAPI 2 Time(s): eth0: Yukon Gigabit Ethernet 10/100/1000Base-T Adapter 2 Time(s): eth0: network connection up using port A 2 Time(s): floppy0: no floppy controllers found 2 Time(s): found SMP MP-table at 000ff780 2 Time(s): ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx 2 Time(s): io scheduler anticipatory registered (default) 2 Time(s): io scheduler cfq registered 2 Time(s): io scheduler deadline registered 2 Time(s): io scheduler noop registered 2 Time(s): ip_conntrack version 2.4 (4029 buckets, 32232 max) - 224 bytes per conntrack 2 Time(s): ip_tables: (C) 2000-2006 Netfilter Core Team 4 Time(s): kjournald starting. Commit interval 5 seconds 2 Time(s): klogd 1.4.1, log source = /proc/kmsg started. 2 Time(s): loop: loaded (max 8 devices) 4 Time(s): md: ... autorun DONE. 4 Time(s): md: Autodetecting RAID arrays. 4 Time(s): md: autorun ... 2 Time(s): md: bitmap version 4.39 2 Time(s): md: linear personality registered for level -1 2 Time(s): md: md driver 0.90.3 MAX_MD_DEVS=256, MD_SB_DISKS=27 2 Time(s): md: multipath personality registered for level -4 2 Time(s): md: raid0 personality registered for level 0 2 Time(s): md: raid1 personality registered for level 1 2 Time(s): md: raid4 personality registered for level 4 2 Time(s): md: raid5 personality registered for level 5 2 Time(s): md: raid6 personality registered for level 6 2 Time(s): megasas: 00.00.03.01 Sun May 14 22:49:52 PDT 2006 2 Time(s): mice: PS/2 mouse device common for all mice 2 Time(s): migration_cost=0 2 Time(s): monitor/mwait feature present. 2 Time(s): mptctl: /dev/mptctl @ (major,minor=10,220) 2 Time(s): mptctl: Registered with Fusion MPT base driver 2 Time(s): raid5: automatically using best checksumming function: pIII_sse 1 Time(s): raid5: using function: pIII_sse (4821.000 MB/sec) 1 Time(s): raid5: using function: pIII_sse (4822.000 MB/sec) 1 Time(s): raid6: int32x1 862 MB/s 1 Time(s): raid6: int32x1 863 MB/s 2 Time(s): raid6: int32x2 795 MB/s 2 Time(s): raid6: int32x4 708 MB/s 1 Time(s): raid6: int32x8 543 MB/s 1 Time(s): raid6: int32x8 544 MB/s 1 Time(s): raid6: mmxx1 1831 MB/s 1 Time(s): raid6: mmxx1 1840 MB/s 2 Time(s): raid6: mmxx2 2122 MB/s 2 Time(s): raid6: sse1x1 1057 MB/s 1 Time(s): raid6: sse1x2 1208 MB/s 1 Time(s): raid6: sse1x2 1210 MB/s 1 Time(s): raid6: sse2x1 2099 MB/s 1 Time(s): raid6: sse2x1 2101 MB/s 1 Time(s): raid6: sse2x2 2252 MB/s 1 Time(s): raid6: sse2x2 2254 MB/s 1 Time(s): raid6: using algorithm sse2x2 (2252 MB/s) 1 Time(s): raid6: using algorithm sse2x2 (2254 MB/s) 2 Time(s): scsi0 : ata_piix 2 Time(s): scsi1 : ata_piix 2 Time(s): sd 1:0:0:0: Attached scsi disk sda 4 Time(s): sda: Write Protect is off 2 Time(s): serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A 2 Time(s): serio: i8042 AUX port at 0x60,0x64 irq 12 2 Time(s): serio: i8042 KBD port at 0x60,0x64 irq 1 2 Time(s): tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com> 2 Time(s): tun: Universal TUN/TAP device driver, 1.6 2 Time(s): using mwait in idle threads.
---------------------- Kernel End -------------------------
We're looking to bring in a T3 for our small startup hosting company and when we do traces from multiple location it always runs through a cox.net IP and it concerns me because I dont want our customers to believe they're being hosted on some kids cablemodem. What do you folks suggest, the IP is 64.19.96.5 to their outer router. Should it be a concern that we route through everyone through a cox.net IP?
This is a follow-up to my original thread [url] regarding my client's experiences with HostWay.
I simply can't believe all of this, and I went through it.
The low points of the whole thing work out like this: In order to set up an SSL for my client's site, we needed a dedicated IP. If you do a traceroute on my client's URL, it resolves to someone else all together. Int he mean time, I tried to purchase an SSL through HostWay, and when they didn't respond in a week and a half, I e-mailed cancelling the order, and purchased a (thankfully) inexpensive SSL from GoDaddy. I got an e-mail back within hours from HW saying, literally, "We never processed your SSL order, so there's nothing to cancel. Let us know if there's anythig else we can do."
As I mentioned before, e-mail support seems to be handled off-shore, and it takes over a week for most answers. Phone support gets you, I found out, a service in Florida.
While the people I dealt with on the phone were always professional and polite, they literally could do almost nothing. I was told several times, "I have to e-mail someone in Chicago - no, I don't know who it is, all I have is an e-mail address."
Back to the SSL - seems HostWay already installed one on my client's site at some point - and it had nothing to do with my client. You could visit a secure version of the site, and it would tell you not to enter, as the cert didn't match the site.
My client and I both were on the phone with the Florida 800 number for hours at a time.
Average wait time to speak to someone was 30 minutes or so. I'm not carping about that part - but they were feeding us false information which was supposedly fed them from "Chicago." Specifically, I told them on the phone and via e-mail that the IP didn't resolve correctly, and that the old cert needed to be removed before a new one could go on (and only their SSL team can install certs, supposedly).
They told my client that the GoDaddy cert was causing them problems, and that it needed to be cancelled before they could install one of their GeoTrust certs. I nuked it - even though I knew better - and of course nothing was done. They lied to my client for several days, saying the new cert was installed (even though I knew it wasn't, and I told my client so, and showed them HW's tech was passing on false information).
This situation went on for almost two weeks. Finally, Monday night, my client got a supervisor based in British Columbia, Canada, who promised that he would walk "the tech admin" through fixing the problems that night. But that was only after my client threatened to pull his account.
Well, the IP is still screwed up, but they replaced the cert that night with one for which they charged my client an arm and a leg. The CC processing company is happy, so we let it ride, and they're now processing payments over the web.
If this is confusing, it's because I condensed many long days and nights into a few short paragraphs. Let's just say that HW didn't have their thinking caps on tight, because they committed to their preposterous stories to e-mails which we all received.
Later this year, at a conference to be held in Canada, a committee of nuclear power station operators will be discussing whether or not they should keep HW as the host of their site. Gee, I wonder what the consensus will be.
Uptime = 0 days 0 hrs 4 min 15 sec Avg. qps = 17 Total Questions = 4479 Threads Connected = 1
Warning: Server has not been running for at least 48hrs. It may not be safe to use these recommendations
To find out more information on how each of these runtime variables effects performance visit: [url]
SLOW QUERIES Current long_query_time = 10 sec. You have 1 out of 4491 that take longer than 10 sec. to complete The slow query log is NOT enabled. Your long_query_time may be too high, I typically set this under 5 sec.
WORKER THREADS Current thread_cache_size = 128 Current threads_cached = 6 Current threads_per_sec = 0 Historic threads_per_sec = 0 Your thread_cache_size is fine
MAX CONNECTIONS Current max_connections = 2000 Current threads_connected = 1 Historic max_used_connections = 7 The number of used connections is 0% of the configured maximum. You are using less than 10% of your configured max_connections. Lowering max_connections could help to avoid an over-allocation of memory See "MEMORY USAGE" section to make sure you are not over-allocating
MEMORY USAGE Max Memory Ever Allocated : 96 M Configured Max Per-thread Buffers : 10 G Configured Max Global Buffers : 58 M Configured Max Memory Limit : 10 G Total System Memory : 3.95 G
Max memory limit exceeds 85% of total system memory
KEY BUFFER Current MyISAM index space = 78 M Current key_buffer_size = 16 M Key cache miss rate is 1 : 735 Key buffer fill ratio = 8.00 % Your key_buffer_size seems to be too high. Perhaps you can use these resources elsewhere
QUERY CACHE Query cache is enabled Current query_cache_size = 32 M Current query_cache_used = 4 M Current query_cach_limit = 1 M Current Query cache fill ratio = 14.83 % Your query_cache_size seems to be too high. Perhaps you can use these resources elsewhere MySQL won't cache query results that are larger than query_cache_limit in size
SORT OPERATIONS Current sort_buffer_size = 2 M Current record/read_rnd_buffer_size = 256 K Sort buffer seems to be fine
JOINS Current join_buffer_size = 1.00 M You have had 0 queries where a join could not use an index properly Your joins seem to be using indexes properly
OPEN FILES LIMIT Current open_files_limit = 10000 files The open_files_limit should typically be set to at least 2x-3x that of table_cache if you have heavy MyISAM usage. Your open_files_limit value seems to be fine
TABLE CACHE Current table_cache value = 1024 tables You have a total of 721 tables You have 93 open tables. The table_cache value seems to be fine
TEMP TABLES Current max_heap_table_size = 16 M Current tmp_table_size = 32 M Of 212 temp tables, 0% were created on disk Effective in-memory tmp_table_size is limited to max_heap_table_size. Created disk tmp tables ratio seems fine
TABLE SCANS Current read_buffer_size = 1 M Current table scan ratio = 17754 : 1 You have a high ratio of sequential access requests to SELECTs You may benefit from raising read_buffer_size and/or improving your use of indexes.
TABLE LOCKING Current Lock Wait ratio = 1 : 76 You may benefit from selective use of InnoDB. If you have long running SELECT's against MyISAM tables and perform frequent updates consider setting 'low_priority_updates=1'
how to make the changes in red? My server works good for awhile, but then gets REALLY REALLY slow.
I run the top command when memory usage seems to be running high on my server. I look at it and blink and have no real idea whether things are "okay" or not.
I apologize for the extreme basicness of this question. At the same I would love to have some kind of personal benchmark of "okayness" for this server so I can look at top results when things are dreadfully wrong and recognize it.
Based on these results would you say the server is holding up under traffic? -----------------------------------
Now we do notice, that quite frequently, the connection times out or the server responds slowly. A friend of mine said the VPS could be the issue of this.
I ran a ping test today for several hours, sending one ping with 16 bytes with a timeout set to 3 seconds.
From 18000 pings sent (5 hours), 120 failed. Which comes to one failure in 150 pings, or one failure every 2.5 minutes.
Is this still an acceptable failure rate or do I have reason to contact our VPS provider? According to our own usage statictics, we are not using much of the server's capacities.
I just read Peer 1 financials -they got big this year!
Does anyone know how many actual customers they have? The financials say $74.36 Million... with 9,000 customers... humm... they must have more than that? Just curious.
Hope there is a DNS expert about that can make sense of what I observe and give an unbiased opinion.
We are currenlty evaluating hosted DNS providers. Anycast DNS seems like a great feature to have and we want fail over too. Narrowed down a list of possible suppliers: DNS Made Easy, Netriplex and Dynect.
After reading up on some blogs 1 & 2 mainly, we setup a Pingdom test to evaluate our three candidates.
For DME I used their own site URL for testing, Netriplex and Dynect gave us dedicated test accounts.
The average response times roughly follow the prices, DME is slowest, Netriplex next and Dynect is the winner. I have detailed logs in anyone is interested (in CSV).
Now for the unexpected results. All 3 providers give very long response times a few times a day - sometimes as long as 5 or 10 seconds. Now and again we see a timeout - i.e. a response of over 15 seconds.
We cross checked by running a testing our current non-anycast Rackspace DNS - similar outliers are present too.
Pingdom tech support think these outliers could be due to peering issues on the internet.
I would expect anycast DNS to be much more robust and to give decent response times even if there are localised networking issues.
So our outliers are either down to the way Pingdom does the testing, or just a 'feature' of the way DNS works.
Anyone with any bright ideas on how to explain this?
I've been fiddling with Plesk to get HTTPS to work for [URL] .... Unfortunately I haven't had any successes at forcing HTTPS, all result in a 'to many redirects' message.
The certificate is already activated and can be verified trough; [URL] ....
All my sites on both my hosting accounts are infected with an iframe.
At the end of the index.html files the malicious code just appeared...suddenly 3 weeks ago.
The host blamed Joomla so I took the appropriate steps:
Upgraded my Joomla to the latest version, changed the whole account username and password, changed the configuration and template to unwriteable.
It stopped the injection for a few days but then it came back. I would also like to add that 2 other sites on my account, one simple index.html file and an old website I have that is totally HTML with nothing to do with Joomla also got infected.
The iframe also infected a Drupal install I did as a test.
So according to these fact is this a Hosting Company not taking responsibility or can a Joomla site infected spread to other normal HTML sites and different CMS's on the server?
This situation is ruinning me and I strongly suspect it's a Hosting problem and not Joomla.
Any expert opinions from true professionals would be appreciated because if I can prove that it's not a Joomla issue I might take legal action against the hosting company since this has cost me dozens of hours of work and several hundred dollars of lost revenue.
I am attaching the iframe exploit. It installs itself on every index file...in every folder - components, mambots, ect..additionally it attaches itself on any and every kind of addon that has an index.html file.
So, the installation procedure finished partially, installing net packages, but not really updating all info.
Comparison of the MySQL scheme for DB psa with another server with the new installation shows that some minimal differences in some tables and a couple of missing tables. So, it looks like it _almost_ succeeded.
Comparison of the RPMs installed on the two servers, shows some differences in installed packages and versions. For example, there are 2 versions of psa-backup-manager and 2 versions of psa-migration-manager on the "malfunctioning" machine.
Further runs of the autoinstaller does not work, since it seems to think that everything is fully installed/updated. How to proceed from this point. Control panel does not work...
We've looked through the installation log files and Wonder if there is some log file that we are missing - where shold we look for messages in case of a failed installation?
To automate some tasks for some projects I'm working on, I need to be able to automatically create or delete ftp-users.
Creating and listing ftp-accounts is working great, but when it comes to deleting them I run into an internal server error. Before my script gets the response it's waiting for, the script crashes.
- When live watching the Apache error-log with 'tail -f', the terminal-session is exited with 'Killed (core dumped)' - Apache error-log shows:
Code: (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server, referer: http://example.com/ftp.php?action=delete Premature end of script headers: ftp.php, referer: http://example.com/ftp.php?action=delete - Webbrowser shows default '500 Internal Server Error'
I have checked and changed time-out settings, but it didn't work. Error occurs a few seconds after executing, while the timeouts are set to 60 to 90 seconds.
Maybe someone would be kind enough to enlighten me of the meaning of a netstat output. I know netstat is supposed to tell you the current active connections but would like some more details(what does each column mean?):
Code: [root@]# netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address Stat I notice that often times I see my ISP's mail server connecting to domains I didin't even set up yet. Sometimes I see google(I guess indexing my sites). But in addition some times I see some scary foreign addresses like from nigeria or one really common one, one which I see pretty often when I run netstat is: