Possible Compromised Server

Mar 8, 2008

I can resolve this situation I have.

I sent a server I have with a provider to have a RAM upgrade yesterday at 15:33 UTC, and ever since then I have had no access to my server.

SSH has been changed back to port 22, from a random high port.
root password has changed
RSA key has changed too.

I can see 3 possable reasons for this:

1) It's a different server plugged into the rack/router or a stolen IP

2) My provider "kindly" formatted and reinstalled my OS.

3) I have a compromised server, I very much doubt this as the server was offline.

I informed my provider about 18 hours ago that I had a "possable compromised server" and since then I have been given the run around as to what is happening.

For the last couple hours or so I have been trying to get them on live chat, which shows as online, but no-one answers. Thats another pet hate of mine.

I also have a couple tickets open asking for an update as they are not answering my origional ticket with updates.

Am I just being impaitent wanting a resolution to this in less than 18 hours or am I correct to complain?

View 8 Replies


ADVERTISEMENT

Is My Server Compromised

Oct 6, 2007

I am trying to determine if i am hacked, here is details:

I just got a message from softlayer support: ABUSE - 66.228.xxx,xxx - HACKING/MALICIOUS ACTIVITY - IMMEDIATE ACTION REQUIRED. with some log like this:
Quote:

Connection attempt to TCP IP.IP.IP.34:80
>from 66.228.xxx.xxx:41212 flags:0x02 Sep 28 14:05:55 PDT kernel:

Also, I did a rkhunter scan and found:

Quote:

cat /var/log/rkhunter.log | grep Warning
[18:26:29] /usr/bin/GET [ Warning ]
[18:26:29] Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable
[18:26:29] /usr/bin/groups [ Warning ]
[18:26:29] Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
[18:26:30] /usr/bin/ldd [ Warning ]
[18:26:30] Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable
[18:26:35] /usr/bin/whatis [ Warning ]
[18:26:35] Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable
[18:26:36] /sbin/ifdown [ Warning ]
[18:26:36] Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
[18:26:36] /sbin/ifup [ Warning ]
[18:26:36] Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable

[18:27:43] Checking '/etc/xinetd.d/ftp_psa' for enabled services [ Warning ]
[18:27:44] Checking '/etc/xinetd.d/poppassd_psa' for enabled services [ Warning ]
[18:27:44] Checking '/etc/xinetd.d/smtp_psa' for enabled services [ Warning ]
[18:27:44] Checking '/etc/xinetd.d/smtps_psa' for enabled services [ Warning ]
[18:27:44] Checking for enabled xinetd services [ Warning ]
[18:27:44] Warning: Found enabled xinetd service: /etc/xinetd.d/ftp_psa
[18:27:44] Warning: Found enabled xinetd service: /etc/xinetd.d/poppassd_psa
[18:27:44] Warning: Found enabled xinetd service: /etc/xinetd.d/smtp_psa
[18:27:44] Warning: Found enabled xinetd service: /etc/xinetd.d/smtps_psa

[18:27:59] Checking for hidden files and directories [ Warning ]
[18:27:59] Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression

[18:27:34] Checking running processes for deleted files [ Warning ]
[18:27:34] Warning: The following processes are using deleted files:
[18:27:34] Process: /usr/libexec/mysqld PID: 4773 File: /tmp/ib2RpbEj
[18:27:34] Process: /usr/sbin/httpd PID: 8449 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 8452 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 12102 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 12950 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 13044 File: /tmp/.apc.PGGxew
[18:27:34] Process: /usr/sbin/httpd PID: 13046 File: /tmp/.apc.PGGxew

So does that mean my server was compromised?

View 6 Replies View Related

Linux Server Compromised

Jun 6, 2007

Linux Fedora 5

I just got a letter from my dedicated host stating we had just been compromised. These servers just were set up last week! And there is nothing on them yet. The only thing I have done is modified the /etc/hosts file via SSH.

My servers are not even public yet. Can SSH'ing in from an unsecured wireless network make me vulnerable?

What do you guys think? Best way not to let this happen again?

Oh this is great :-| He's still logged in!

[root@server~]# who
root pts/0 2007-06-06 07:12 (xxx)
test pts/2 2007-06-06 03:08 (81.89.10.92)

View 14 Replies View Related

Server Compromised (ensim_sshd), What To Do

Aug 22, 2007

I receive reports from my DC that my server is launching some hacking / malicious activity. This is the log that they provide:

Quote:

>
> Aug 20 12:34:35 ensim sshd[30628]: Did not receive identification
> string from MY.SERVER.IP
>
> Aug 20 12:44:23 ensim sshd[444]: Failed password for admin from
> MY.SERVER.IP port 57896 ssh2
>
> Aug 20 12:44:23 ensim sshd[444]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:26 ensim sshd[445]: Failed password for root from
> MY.SERVER.IP port 58029 ssh2
>
> Aug 20 12:44:26 ensim sshd[445]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:28 ensim sshd[446]: Failed password for root from
> MY.SERVER.IP port 58141 ssh2
>
> Aug 20 12:44:28 ensim sshd[446]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:31 ensim sshd[449]: Failed password for root from
> MY.SERVER.IP port 58276 ssh2
>
> Aug 20 12:44:31 ensim sshd[449]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:33 ensim sshd[450]: Failed password for root from
> MY.SERVER.IP port 58421 ssh2
>
> Aug 20 12:44:33 ensim sshd[450]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:36 ensim sshd[453]: Failed password for root from
> MY.SERVER.IP port 58565 ssh2
>
> Aug 20 12:44:36 ensim sshd[453]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:38 ensim sshd[455]: Failed password for root from
> MY.SERVER.IP port 58672 ssh2
>
> Aug 20 12:44:38 ensim sshd[455]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:41 ensim sshd[456]: Failed password for root from
> MY.SERVER.IP port 58787 ssh2
>
> Aug 20 12:44:41 ensim sshd[456]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:43 ensim sshd[457]: Failed password for root from
> MY.SERVER.IP port 58961 ssh2
>
> Aug 20 12:44:43 ensim sshd[457]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:46 ensim sshd[458]: Failed password for root from
> MY.SERVER.IP port 59132 ssh2
>
> Aug 20 12:44:46 ensim sshd[458]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:48 ensim sshd[459]: Failed password for root from
> MY.SERVER.IP port 59348 ssh2
>
> Aug 20 12:44:48 ensim sshd[459]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:51 ensim sshd[465]: Failed password for root from
> MY.SERVER.IP port 59495 ssh2
>
> Aug 20 12:44:51 ensim sshd[465]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:53 ensim sshd[466]: Failed password for admin from
> MY.SERVER.IP port 59622 ssh2
>
> Aug 20 12:44:53 ensim sshd[466]: Received disconnect from
> MY.SERVER.IP: 11: Bye Bye
>
> Aug 20 12:44:56 ensim sshd[467]: Failed password for admin from
> MY.SERVER.IP port 59803 ssh2
>
> Aug 20 12:44:56 ensim sshd[467]: Received disconnect from
> MY.SERVER.IP: 11:

View 2 Replies View Related

Server Compromised – Steps For Recovery

Apr 12, 2008

one of the worst things (in hosting) has happened. I received a notice this morning from lfd (configserver) that someone had logged into my server as root and it wasn’t me.

Unfortunately I didn’t notice it until eight hours later so I have no idea (yet) what happened during that period. Thankfully I don’t have any really critical data on the system that could have been stolen.

I’m in the process of restoring from a full system backup right now. After that’s done I’m going to look to see what the differences are between the files from the backup and that on the comprised drive. I’m not sure if I’ll get anything useful from the diff but hopefully I’ll find a clue as to how they got root access.

Then of course I need to get my server back up. However, I don’t want to do this until I’ve taken some steps to identify how the individual got in and take some additional preventative steps.

Here’s what I am planning on doing:

1) Check to make sure all exposed services are patched and look at some security sites to see if there are any known vulnerabilities for these services. Anyone know which sites are good to look at?

2) Change firewall to only allow ssh access from a couple specific IP addresses.

3) Disable root ssh access so I have to login via a different account and perform sudos, etc.

4)?

I’ll also look for a good server-hardening guide to see if there are some obvious things I forgot to secure.

Do any of you find folks have any other suggestions or resources that I should check out?

View 11 Replies View Related

Windows Server Password Compromised

Jun 27, 2007

My windows server 2003 server password has been changed. My host tells me they must reload the entire OS in order to fix it..

Is there no way they can go in and rescue my server? Would save me alot of work.

View 6 Replies View Related

Server Compromised, Where To Get A Good Sysadmin

Jul 4, 2007

So one of the sites on our box was compromised earlier today.

We've shut it down for now and contacted our sysadmin to help research the problem. Not sure if he will be able to really help much as he's only done updates and such in the past.

Any idea of quality sysadmins who might be able to investigate the box and the site?

View 4 Replies View Related

Compromised Windows 2003 Server

Mar 19, 2007

I have been trying to troubleshoot our Windows 2003 server for weeks, but have made no lead way. The following are the steps they take to breach the server.

“They” are able to create an account. Some used usernames they have created are: sysadmin, adm, mssqladm.

It is very odd, looking in the event viewer, they just appear to create accounts out of the blue, they don’t even login or attempt to login or anything, all the sudden it says, New Account Created.

“They” then change the password of the account they just created.

Then “They” assign themselves the following group permissions, ‘Users’, and ‘Administrators’. ** SHAKING MY HEAD ** How the bloody hell do they assign themselves Administrator rights?

Then the do a few different actions depending, often times they disabled the windows firewall, and change open ports, other times they simply just logoff, other times, they have placed Trojans horses and other malware in their temporary internet folder under their use folderr.

This has been a cat and mouse game for weeks, I catch the new account, and immediately delete it, and check the firewall and enable if needed, then run a full system scan with AVG and Prevx. Sometmies AVG finds Trojans and malware, other times its clears.

I have racked my brain, checked all running processes with google, and they are seem legit. I have updated everything in windows via windows update, we are running windows 2003 server SP2. I have looked at the users and groups and everything seems secure.

Do you have guys have any idea what is going on? I have feeling something is running internally, which is allowing them to create the accounts.

Is there a tool that tracks all currently running processes, and allows you to go look at the logs to see what exactly was running at a certain time?

View 10 Replies View Related

Plesk IIS WP User & Compromised Server

Feb 24, 2007

My server (using plesk 8.1 on windows 2003 server) has been compromised with some sort of rootkit and I'm investigating vulnerabilities. This server hosts some of my asp.net applications and I have to grant Modify Permission to IIS WP (iwam_plesk) user on Some subfolders (under Httpdocs folder for each domain). Is it a security problem? if yes, how else can I allow asp.net applications to write to, say, an Access db?

View 2 Replies View Related

How To Track Down A Compromised Php Script

Oct 29, 2009

I have a few shred hosting servers I run. One of them keeps getting listed on CBL. It is very frustrating. Does anyone have an tools, tips, or tricks on finding the compromised?

So far I have confirmed that a script is using PHP to send mail out bypassing the MTA. It is faking the HELO and impersonating a well known ISP.

I used a combination of tshark and netstat. tshark can show me the HELO and EHLO. When I see the wrong entry I cross check that with netstat to see what. So Netstat only shows that it was PHP not the script path.

Here are the commands I'm running:

Code:
nohup netstat -c -p -n -e | grep -i ":25" > /var/log/monitor/netstat-smtp.log &

nohup tshark -f "port 25 and src host XX.XX.XX.XX" > /var/log/monitor/tshark-smtp.log &
Then I grep for what I'm looking for:

grep -i "HELO" /var/log/monitor/tshark-smtp.log

Is there a way to get Netstat to show the script path or complete command that is establishing the connection? Currently these scripts are eating up memory to a point that other process or getting killed off.

I also tried to force all mail through the MTA, but When I enable SMTP_BLOCK in my firewall config I get and error:

*WARNING* Cannot use SMTP_BLOCK on this VPS as the Monolithic kernel does not support the iptables module ipt_owner - SMTP_BLOCK disabled.

If there is a better way I'm game. Maybe some IDS that can tell me more of what is going on with the server?

View 14 Replies View Related

Web Hosting Where Security Cannot Be Compromised

Dec 15, 2008

I have read many helpful feedbacks regarding choosing a reliable web host. Most of the concerns are centered around costs. However, I am more particular about the relative security of my website in addition to other perks such as space, speed and bandwidth. I rate my concerns on a 1-10 scale:

Security 9/10
Bandwidth 7.5/10
Disk space 6/10
E-mails, backups, etc: 8/10
Cost: 7/10

View 10 Replies View Related

Compromised Account At Gnax.net

Sep 17, 2007

Ok...posting this here to hopefully get someone's attention at gnax.net.

I've written their abuse@gnax.net and engineer@gnax.net multiple times and even called into their support line and spoke with Stephen (or Steven). No one there seems to care.

They have a group of Vietnamese hackers on their network that are launching attacks from several of their servers. They also have a google phising site on one of the servers.

Spoke with Stephen at Gnax support and his answer was that it wasn't his job and I needed to send a e-mail to abuse. After telling him that I'd done that multiple times he basically said oh well that he didn't know what to do.

Seems like the admins of gnax.net are either very irresponsible, stupid or just ignorant.

Here are the URL's.

[url]

[url]

Just replace the 1's with t's and you can see for yourself. The fwooshnet.com attempts to download a trojan to your system so if you don't know what your doing don't visit either URL.

Hopefully admins from Gnax watch this forum.

View 6 Replies View Related

WHMCS Breach - Some 3.5.1 Downloads Were Compromised

Jan 8, 2008

I just received a fairly scary WHMCS notice, you can view the details here:

<<please don't paste the file names, there are accounts that may have these on them>>

What are your thoughts on the entire situation? Personally, I'm a tad fearful (luckily, I hadn't upgraded to the next version yet as I was letting the other users play beta-testers) given the fact that there wasn't any versioning / modification 'notification' system in place on their end.

I'm fearing further updates. In essence, my concern is that the WHMCS development team isn't entirely certain how they were backdoored or to what scale they were backdoored.

Are their own billing systems & servers hosted in the same environment, were our billing details also released? etc. I want to know the scale of the attack.

View 14 Replies View Related

Email Account Compromised: Tools For Analysing

May 27, 2008

whose has 5 email accounts and several computers Windows and Mac.

Some spam has been sent out to people in his address book. I received one and have the email headers.

What tools are there for identifying which account/machine has been compromised?

View 3 Replies View Related

1and1.com User Database Compromised, Sites Hacked

Jun 19, 2008

Even worse, they didn't even notice until I called. If you're a 1and1.com customer I recommend you change your username and password now!

I included some log snippets to help you make sure your account hasn't been compromised.

1and1.com hacked

View 6 Replies View Related

Linux System Compromised, Hacker In As "root"

Mar 16, 2007

I've been trying to fight off a hacker's attack for the past 24 hours. Chronologically, this is how the events evolved:

- Yesterday, I tried SSH-ing into my server as usual and I got an error saying that the host's key was not recognized, which made a bit suspicious

- I tried logging into my VPS' PowerPanel, but my root password did not work, which I found disturbing. I reached out to support and they reset the password

- I ignored Putty's warning and SSH-ed into the server and was greeted by this, which I've never seen before:

Code:
Last login: Wed Mar 14 2007 14:13:35 -0500
No mail.
This made even more conscious and I started actively searching for indicators of a breach.

- The following processes were running, and I did not recognize them:

Code:
named 15756 0.0 0.4 36088 2256 ? S Mar14 0:00 /usr/sbin/named -u named -t /var/named/chroot

dmorg 26360 0.0 0.1 2264 872 pts/2 T 20:40 0:00 sh -c (cd /usr/share/man && (echo ".ll 14.2i"; echo ".pl 1100i"; /usr/bin/gunzip -c '/usr/share
dmorg 26361 0.0 0.1 2264 512 pts/2 T 20:40 0:00 sh -c (cd /usr/share/man && (echo ".ll 14.2i"; echo ".pl 1100i"; /usr/bin/gunzip -c '/usr/share
- Then I found a user called 'pma' in the /home directory, which I had never created. I could not find any suspicious files in the user's directory

- I finally spotted the point of breach in /var/log/messages:

Code:
Mar 15 15:05:25 xxxxxxxxx passwd(pam_unix)[28121]: password changed for root
Mar 15 15:06:34 xxxxxxxxx su(pam_unix)[30182]: session opened for user news by (uid=0)
Mar 15 15:07:16 xxxxxxxxx su(pam_unix)[30182]: session closed for user news
Mar 15 15:22:04 xxxxxxxxx sshd[20118]: Listener created on port 22.
Mar 15 15:22:04 xxxxxxxxx sshd[20119]: Daemon is running.
Mar 15 15:28:01 xxxxxxxxx su(pam_unix)[32568]: session opened for user pma by (uid=0)
Mar 15 15:28:45 xxxxxxxxx su(pam_unix)[32568]: session closed for user pma
Somehow they had gotten in as root and then opened sessions for news and pma.

- This morning I finally found where the hacker's files are hiding. He had created a new user overnight and a directory in there called "...". The folder contains various files:

Code:
[root@xxxxxxxxx root]# ls -al
total 445
drwxr-x--- 8 root root 1024 Mar 16 15:48 .
drwxr-xr-x 20 root root 1024 Mar 16 15:48 ..
drwxr-xr-x 2 1004 1004 1024 Dec 17 08:57 ...
-rw-r--r-- 1 root root 1126 Aug 23 1995 .Xresources
-rw------- 1 root root 14641 Mar 16 15:47 .bash_history
-rw-r--r-- 1 root root 24 Jun 10 2000 .bash_logout
-rw-r--r-- 1 root root 234 Jul 5 2001 .bash_profile
-rw-r--r-- 1 root root 176 Aug 23 1995 .bashrc
-rw-r--r-- 1 root root 210 Jun 10 2000 .cshrc
-rw------- 1 root root 38 Jul 26 2005 .mysql_history
drwx------ 2 root root 1024 Mar 15 18:01 .ssh
drwxr-xr-x 2 root root 1024 Mar 15 15:21 .ssh2
-rw-r--r-- 1 root root 196 Jul 11 2000 .tcshrc

Code:
[root@xxxxxxxxx root]# cd "..."
[root@xxxxxxxxx ...]# ls -al
total 420
drwxr-xr-x 2 1004 1004 1024 Dec 17 08:57 .
drwxr-x--- 8 root root 1024 Mar 16 15:48 ..
-rwxr-xr-x 1 1004 1004 141817 Sep 3 2001 init
-rw-r--r-- 1 1004 1004 113482 Mar 15 15:09 log
-rw------- 1 1004 1004 640 Feb 18 05:34 messages
-rw-r--r-- 1 1004 1004 664 Feb 27 01:12 muhrc
-rwxr-xr-x 1 1004 1004 165596 Nov 2 2004 pico
-rw------- 1 1004 1004 5 Mar 15 15:09 pid
[root@xxxxxxxxx ...]#
- Here's what's in the log file:

Code:
[root@xxxxxxxxx ...]# less log

[Thu 08 May 08:03:27] + ---------- NEW SESSION ----------
[Thu 08 May 08:03:27] + muh version 2.05d - starting log...
[Thu 08 May 08:03:27] + listening on port 6667.
[Thu 08 May 08:03:27] + muh's nick is 'StefanG'.
[Thu 08 May 08:03:27] + trying server 'geneva.ch.eu.undernet.org' on port 6667...
[Thu 08 May 08:03:28] + tcp-connection to 'geneva.ch.eu.undernet.org' established!
[Thu 08 May 08:03:29] + connected to 'Geneva.CH.EU.Undernet.org'.
[Thu 08 May 08:03:30] + caught client from 'pcp02588223pcs.shlb1201.mi.comcast.net'.
[Thu 08 May 08:03:45] + authorization successful!
[Thu 08 May 08:03:45] + reintroducing channels...

[Thu 08 May 08:07:54] + ---------- NEW SESSION ----------
[Thu 08 May 08:07:54] + muh version 2.05d - starting log...
[Thu 08 May 08:07:54] + listening on port 6667.
[Thu 08 May 08:07:54] + muh's nick is 'StefanG'.
[Thu 08 May 08:07:54] + trying server 'eu.undernet.org' on port 6667...
[Thu 08 May 08:07:55] + tcp-connection to 'eu.undernet.org' established!
[Thu 08 May 08:08:05] + connected to 'Diemen.NL.EU.Undernet.org'.
[Thu 08 May 08:08:05] + caught client from 'pcp02588223pcs.shlb1201.mi.comcast.net'.
[Thu 08 May 08:08:05] + authorization successful!
[Thu 08 May 08:08:05] + reintroducing channels...
There is a whole lot of these in that log file, and the timestamps look odd. I am not sure what all this is.

- This is where I am at right now. Can you guys help figure this thing out?
How did they get in? What sort of vulnerability are they using? How can I patch things up?

- Here is my server info:

Code:
[root@xxxxxxxxx ...]# uname -a
Linux xxxxxxxxx.org 2.6.9-023stab033.9-enterprise #1 SMP Tue Dec 5 14:40:57 MSK 2006 i686 athlon i386 GNU/Linux

[root@xxxxxxxxx httpd]# vmstat 5 5
procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu----
r b swpd free buff cache si so bi bo in cs us sy id wa
1 0 0 390688 0 0 0 0 0 0 0 8365 1 0 99 0
0 0 0 390524 0 0 0 0 0 0 0 0 0 0 100 0
0 0 0 390524 0 0 0 0 0 0 0 0 0 0 100 0
0 0 0 390528 0 0 0 0 0 0 0 0 0 0 100 0
0 0 0 390528 0 0 0 0 0 0 0 0 0 0 100 0

- I have Apache & MySQL & PHP running. I host 3 websites. They run Simple Machines Forum 1.1.2, phpMyAdmin, phpcollab, awstats and that's about it.

View 11 Replies View Related

Improve Performance- Web Server, SSH Server, And Mail Server

May 8, 2007

I've got a VPS which is serving as the main server for a number of sites. Web Server, SSH Server, and Mail Server.

What I've got running:

Apache2, PHP5, MySQL5, Dovecot, Postfix

One of the sites is a growing forum with a MASSIVE photo album. This is the site where I notice the most slowness.

Changing the server software is not an option - Only optimization.

Quote:

Originally Posted by httpd.conf

ServerTokens OS
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 300
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 5
<IfModule prefork.c>
StartServers 8
MinSpareServers 8
MaxSpareServers 13
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 50
</IfModule>
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
Listen 80
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
Include conf.d/*.conf
User apache
Group apache

Quote:

Originally Posted by my.cnf

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1

[mysql.server]
user=mysql
basedir=/var/lib

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

View 8 Replies View Related

Remote Upload To Server (url/server To Server)

Mar 7, 2009

I looked a lot - can not find solution ....

I want to transfer a file from [url]to [url]or [url]Without it will pass my localcomputer (slow upload)

It can be also a script i will install like this one - this is only for images
[url](remote)

View 7 Replies View Related

Plesk 11.x / Windows :: Don't Have Root Access To Server As It Is A Webfusion Dedicated Server

Oct 16, 2013

I have Plesk 11.5 (service provider mode) on a Windows 2008 server IIS7.Most of my sites are developed in .asp and therefore i use a custom 500-100.asp error page that check s the IP of the visitor then displays either a friendly error, or if its my IP a full error of what has happened (it also emails me the error). This allows me to debug pages easily whilst developing and to keep an eye on anyone trying SQL Injection hacks on my sites (as the error and email also have session variables and IP address).I dont have root access to the server as it is a Webfusion dedicated server.I have following the Plesk documentation -

1) Switch on custom errors for the subscription
2) Look in virtual directories and navigate to error documents
3) Find the error in question (500:100) and change it to point at either a file or URL

FILE - I had the data centre add in the 500-100.asp error page in to the virtual template so that my page is available in the list of virtual files - this didn't work but that maybe because its not a static page??

URL - when i add the path it says its incorrect, if i add a fully qualified address, it accepts it but it doesn't work.give me a specific example of the URL that can be entered relative to the root as the format in the documentation isn't accepted. The last step is to restart IIS which is also an issue as i cant seem to do this from the Plesk panel..It is as if it isn't catching the 500:100 error, and only catching the general 500 error??

View 1 Replies View Related

Urchin 5 / Google A . Transfering From Server To Server (Serial Already Activated)

Nov 21, 2006

I am currently running Google Analytics/Urchin 5 (v5.7.02), on a server, the server has started to act up, (on its last legs etc) and now I am trying to transfer the Urchin Software to a new server, where it would work effectively.

However upon installing the urchin software on the new server and running it (localhost:9999), I am presented with An Action Items Page, and these following choices

Obtain Demo License
Buy License
Activate Pre-Purchased License

I choose ‘Activate Pre-Purchased License’ pop in the Serial number and complete the registration then…

---------------------------------------------------------
Urchin Licensing Center -- Error!

An error has occured during your transaction, please use the back button and correct the problem. The specific error message is:

• Unable to generate a license. Some possible reasons:

Your serial code is currently active <<< How do I disable it and use it on another server?
---------------------------------------------------------

So all I want to do is deactivate the serial and reactivate it on another server.

Does anyone have experience with this or a similar problem or have a solution to this problem. Any help be most appriciated.

Or even a Contact Number so that i can get some one over the phone!

View 2 Replies View Related

Cpanel Domain Name Server (DNS) Setting For Email On 2 Seperate Server

Nov 7, 2009

This is the scenario, domain.com are setup on server1, however server2 also has the same profile of domain.com as we use ns3 and ns4 using domain.com. This works fine with the nameserver setup on server2.

However I encounter problems as the emails from server2 won't reach server1 as there are duplicate profile on server2.

My question is how do I setup the DNS in cpanel/whm from server2 so the emails from server2 will reach server1?

Server1 (www.domain.com)
ns1.domain.com
ns2.domain.com

Server2
ns3.domain.com
ns4.domain.com

View 6 Replies View Related

File Server Setup With Nginx...how Do I Choose The Config For The Server

Apr 22, 2009

I just want to use a server for file sharing, it will have nginx and that's it. I'm looking at centos, or freebsd, but I been using centos forever now and I'm not sure how to use freebsd, should I just stay with centos?

Do I tell my hosting provider to just install the OS and give me ssh action and that's it? Don't install any control panels or any other stuff? I want one domain and one subdomain on it though and ftp action.

View 8 Replies View Related

Remote Spamassian With Multiple Mail Server (Smartermail Server)

May 12, 2009

Remote Spamassassin for Multiple Smartermail Server

I want to setup Remote Spamassassin(On Linux) for Multiple Smartermail servers. I want to the setup the spamassassin on a linux box

How i can setup this with multiple smartermail servers.

View 6 Replies View Related

How To Tansfer Backup Files From Linux Server To Windows Server

Jul 4, 2007

what is the fast and best way?

View 4 Replies View Related

Plesk 12.x / Linux :: Full Server Migration To New Server With Same Hostname?

Jul 20, 2015

I'm wondering whether it is possible to perform a full server migration to a new Plesk server with the same hostname or will Plesk give an error about the hostname being the same?

The new server would not be accessible by hostname (only via IP) until DNS and glue records were changed after the migration.

View 1 Replies View Related

Cheap European Server For Small Game Server

Aug 31, 2008

I've been developing a small 2D MMORPG lately. I bought a VPS to run the server on a few days ago and sadly it doesn't work so well. Sometimes the loads go pretty high (afaik not caused by me) and MySQL freezes, causing the server to just wait for MySQL to unlock, hanging all the players around on the map. Not a good thing.

Anyway, the game is very small scale, and I'm not planning to have more than maybe 30-50 players online. It does not suck up much CPU, I had ~10 guys online and loads stayed down at 0.00 on the VPS box.

Problem with getting a dedicated is our very low budget. As I'm still underage and living at home hammering my pc and don't have any real incomes, we're talking numbers like $ 30 - $ 50 USD per month - it's really hard to find for that price in Europe.

Requirements:
Monthly payment, $ 30 - $ 50 / month, no setup (or very small setup, like $ 20)
10Mbit/s or faster connection, 100GB traffic should do
500MHz CPU is all cool
512MB or more RAM
5GB diskspace is enough
Has to be in Europe due to ping times (< 100ms)
Linux, Debian 4.0 prefered

If anyone knows where I could get something like this for a low price, $ 30 to $ 50 USD, it'd be great.

View 12 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved