I work as a systems support person, and recently our graphic designers have been centralized in one workgroup.
Before they were working independently in different departments of the company.
We are going to set them up on a server so at least they don't have their files all on their local drives, but are there any collaboration tools you can recommend that would facilitate a design team?
I am trying to get into contact with LW's support team but I have not had a response to a support ticket I raised 40 minutes ago. Just wondering if anyone else is having problems corresponding with their support team at the moment?
I have servers with softlayer current paying $2000 a month for 3 dedicated servers. THey are set up and work perfectly.
Issue is i was not aware that softlayer doesnt do "managed" support, would like to know if anyone has a good third party company that works with softlayer.
the tools they have on the portal our great so really would like to find a company thatworks with them. the co that softlayer suggested doesnt do windows support go figure!
If you have a dedicated server and you only need management and support team. how much will that cost. some body who can take care of all aspects including security and in time of trouble can answer support tickets.
I'm starting a multi-gaming organization and I'm hoping to run 3-4 servers at 1000FPS. The server i purchased is a Core2Quad 2.4, 4GB Ram, 500GB HD, 100MBIT windows 2008
I also purchased a TCAdmin license and have that setup and running. I know about the windows media player trick that makes it run at 500FPS and ive been doing that. Well i would like to get it to 1000FPS but ive been unsuccessful. Ive tried some reading about HPET but i havnt seen where i can change or enable that. what i can do to make them run at 1000FPS.
Dont know if this helps but the servers im hosting are CS 1.6, CSS and TF2.
I'm just wondering what a few good techniques to prevent DDoS would be. What causes them? How can I protect my server against them? I noticed that Apache has something called mod_evasive which helps against them. Does lighttpd have something like this?
I am a web designer, and have been doing this for about 5 years now and have never encountered such a problem. I had a problem come up a few days ago where one of my clients got into an argument with the Mavrick Team web hosting and computer services company's owner regarding services. She has reported to me that he went into her email account, and has emailed her clients false information about her services after their heated discussion. She told him that she was going to press charges. He told her that he had harvested all of her clients email addresses and will email them to her competitors if she does not back down. What can she do? I feel awkward as I am in the middle of it now. I was the one who referred her to Mavrick Team (aka as I host them) for web hosting services, and moved her site to their servers. This man has created such a big problem for this women now. Her clients are doubting her services and he is blackmailing her. She does not owe him any monies. She has forwarded two of the emails that her clients forwarded to her, so I know she is not making this thing up. I advised her to move all of her emails to a personal email account, contact all of her clients to let them know that someone has access to their info, and I am helping her move her site. Who can she report them to?
The images I am trying to block are on page generated by a simple PHP script on my server. The offender has replicated what I am doing with ASP on their server. They are hotlinking to my images for the resulting page. They left my website's name on them, so they must think that giving credit is enough.
I'm going to be contacting them to stop but I also want to see if there is a way for me to prevent it from happening in the first place.
I know mod_rewrite works on my server because I've been using it for some other things.
However, whenever I enable the above code (add it to the directives and restart apache - have also tried just putting it in a .htaccess file in the appropriate directory), I end up with images still being allowed on my domain and the other domain I'm trying to stop from using my images. Do you think it could have to do with an absent referrer? I read that the code doesn't work if the referrer is blank. What else would cause this not to work? Obviously the domain would have to be correct, but it doesn't block from my domain OR the offending domain.
I tried another method:
Code: <FilesMatch ".(gif¦jpg¦png)$"> SetEnvIfNoCase Referer ^$ allow_image SetEnvIfNoCase Referer ^[url] allow_image Order Deny,Allow Deny from all Allow from env=allow_image </FilesMatch>
This one blocked images to the offending domain, but it also blocked mine!
I am currently using IPB as my forum software. I've enabled admin validation only for registrations, to combat the increasing amount of spam signups. I see a lot of .ru and .cn email signups, or other suspicious signups, which I always delete.
What is the best way to combat these spammers?
I've been considering something like WHT uses, that you need X posts before being able to post links, how can I accomplish this with IPB?
I am running a hosting service. Recently a user put a phishing site on the server, pretending to be an eBay signup page and soliciting passwords. I had all kind of truble with this, because eBay complained to my server company.
I would like to ask if you know any solution what would block such sites automatically?
It could search for some predefined texts on the page (such as "sign in to eBay") and block the page if they are found. I wasn't able to find anything in Apache documentation.
I can't get SELinux to let httpd load the IonCube module for PHP. I've given the CentOS 5 forum a try (here: http://www.centos.org/modules/newbb/...15403&forum=42), talked with WHMCS's support (the app I'm using that needs it), and even opened a ticket with IonCube. Unfortunately nobody seems to know how to tell SELinux to let httpd "exec" modules.
I'm running CentOS 5, and the error I'm getting in /var/log/messages is:
I can disable SELinux and it works fine (setenforce 0), but that's not the solution I'm looking for. Can someone please tell me how to do this the *right* way?
Upon a shutdown or reboot, the system shuts down sw-collectd. Further along, it will end wdcollect and the following will occur:
init: psa-wdcollect main process (pid) killed by KILL signal init: psa-wdcollect main process ended, respawning wdcollect[pid]: Language en-US is used for sending e-mail messages. wdcollect[pid]: Failed to connect to database server during the startup. New attempts will be made if needed. wdcollect[pid]: Server started
I believe this is preventing the un-mounting of drives which in the end freezes the shutdown process on:
Please stand by while rebooting the system...
After this occurs, I have to force the VM off and then boot again.
I am currently installing lxadmin in my webserver, but during the intallation i received a alert message from my "settroubleshootebrowser" saying:
SummarySELinux is preventing /usr/local/lxlabs/ext/php/php from loading /usr/local/lxlabs/ext/php/lib/mysql.so which requires text relocation.
Allowing AccessIf you trust:
/usr/local/lxlabs/ext/php/lib/mysql.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t /usr/local/lxlabs/ext/php/lib/mysql.so"The following command will allow this access:chcon -t textrel_shlib_t /usr/local/lxlabs/ext/php/lib/mysql.so
This message was for thwe SQL and Zend optimizer.
My Question is, where do i find the "chcon -t textrel_shlib_t" file allow access?
On my server, users can connect to any database as long as they have the database user and password. This makes it easier to hack any database on the server. What I want to do is to make the users can only connect to their own databases and not other's.
I tried changing the localhost ip address but it didn't work ( I assume I didn't do it the right way)
I am renting a 384mb Plesk VPS, have 1 client website on it, and it was hacked. Someone set up a new user with root access and was attacking other networks including dictionary attacks. My host has cleaned up the mess. I suspect access was gained thru a weak password choice or thru a Wordpress hack.
The client website ran a php/mysql survey script sometimes with 20-25 simultaneous users, and about 5-10% were unable to complete the survey due to screen freeze up or time outs. I'm trying to get to the bottom of these errors and know that some of the problems were client side but could the attacks also have affected connectivity & website performance?
2 days ago i noticed my cpanel hardisk usage was a lot more then it should be, after looking around i found out my inbox was 400mb (82143)emails!! i don't use any of the cpanel email because i have them set to forwarding. all the emails are spam and i discovered a few emails using my domain (that i did not create) that are valid and when i email them it reaches this cpanel inbox
So how bad is it? have i been completely comprised or is someone managed to get some type of spaming access only?
I have a server with about 100 domains on it in Plesk. I have about 10 or so clients that pay me a pittance to host their site and the rest are various domains that have been parked.
About a week ago we received a "too many connections" error when accessing Plesk. This is our server and it sits at The Planet (formerly EV1). I cranked up the mx connections to 1,100 or so following some web tutorial but I'm really a complete idiot when it comes to this server stuff. (I'm more of a php / html kind of guy).
I check out logs and it appears that someone has been trying to access a bunch of celebrity images that shouldn't exist on our server. It's clearly spam of some kind. I can't seem to actually find these images on my server anywhere, but I've got a feeling that foul play has been involved.
Well, this is rather weird. I cant tell if this is a server error, or a hack.
Basically the contents of the thumbnail directories for videos, games and pictures were deleted, at 3pm today (according to the ftp time stamp). All those folders were chmodded 777, to allow PHP to upload the images into them.
My cpanel server has an intruder who brought all the sites down. I did my best to harden the server a year or so ago, but...
I got an email from one of my scripts:
SUBJECT: [hackcheck] kill has a uid 0 account
IMPORTANT: Do not ignore this email. This message is to inform you that the account kill has user id 0 (root privs). This could mean that your system was compromised (OwN3D). To be safe you should verify that your system has not been compromised.
To say the least, the server was compromised. I cannot find the user "0" or "kill" in WHM, but under "Wheel Group Users" "kill" is listed under "Add a user to the wheel group."
Any help or insight would be appreciated! Anyone proficient at hardening servers and exorcising hackers?
I uploaded the latest chkrootkit and ran it. The results say it's clean.
Any thing I can do to stop this (for example by hiring server management company)???
Here's the info that RKHunter provided:
/sbin/modinfo [ NA ] /sbin/insmod [ NA ] /sbin/depmod [ NA
Rootkit 'RH-Sharpe's rootkit'... [ Warning! ]
-------------------------------------------------------------------------------- Found parts of this rootkit/trojan by checking the default files and directories Please inspect the available files, by running this check with the parameter --createlogfile and check the log file (current file: /dev/null). --------------------------------------------------------------------------------
Checking users with UID '0' (root)... [ Warning! (some users in root group) ] info: adm:0
And here's the info I've found after investigation:
-bash-2.05b# pwd /usr/local/games -bash-2.05b# ls -lah total 332K drwxr-xr-x 3 root root 4.0K Feb 5 15:59 . drwxr-xr-x 15 root root 4.0K Feb 12 19:32 .. drwxr-xr-x 3 1555 1555 4.0K Feb 2 12:58 .fl -rwxr-xr-x 1 root root 263K Feb 2 12:51 ettercap -rwxr-xr-x 1 root root 17K Feb 2 12:51 parse -rw-r--r-- 1 root root 119 Feb 2 12:51 pid -rw-r--r-- 1 root root 27K Feb 3 17:44 x -bash-2.05b#
i daily check my error log files to see if something was wrong , checkout what i found
the first one is probably trying to hack my site to get to my ads and changing it to them i think [error] [client 195.23.16.24] File does not exist: /var/www/html/a1b2c3d4e5f6g7h8i9 [error] [client 195.23.16.24] script '/var/www/html/adxmlrpc.php' not found or unable to stat [error] [client 195.23.16.24] File does not exist: /var/www/html/adserver [error] [client 195.23.16.24] File does not exist: /var/www/html/phpAdsNew [error] [client 195.23.16.24] File does not exist: /var/www/html/phpadsnew [error] [client 195.23.16.24] File does not exist: /var/www/html/phpads [error] [client 195.23.16.24] File does not exist: /var/www/html/Ads [error] [client 195.23.16.24] File does not exist: /var/www/html/ads
this 1 I dont know
[error] [client 71.190.229.120] File does not exist: /var/www/html/_vti_bin [error] [client 71.190.229.120] File does not exist: /var/www/html/MSOffice [error] [client 69.181.195.171] File does not exist: /var/www/html/_vti_bin [error] [client 69.181.195.171] File does not exist: /var/www/html/MSOffice [error] [client 69.181.195.171] File does not exist: /var/www/html/MSOffice
This 1 is kinda keep me scared i dont know what it is either
[Mon May 21 16:11:00 2007] [error] [client 129.29.227.4] Invalid URI in request T 5.1; U; en) [Tue May 22 15:59:09 2007] [error] [client 129.29.227.4] Invalid URI in request f705120b3663bb; yab_logined=0; yab_uid=0; yab_last_click=1179781859 [Tue May 22 16:09:15 2007] [error] [client 129.29.227.4] Invalid URI in request d14379f705120b3663bb; yab_logined=0; yab_uid=0; yab_last_click=1179867547 [Tue May 22 16:09:20 2007] [error] [client 129.29.227.4] Invalid URI in request d14379f705120b3663bb; yab_logined=0; yab_uid=0; yab_last_click=1179867547 [Tue May 22 16:09:24 2007] [error] [client 129.29.227.4] Invalid URI in request -gzip, identity, *;q=0 [Tue May 22 16:09:25 2007] [error] [client 129.29.227.4] Invalid URI in request -gzip, identity, *;q=0 [Tue May 22 16:09:25 2007] [error] [client 129.29.227.4] Invalid URI in request -gzip, identity, *;q=0 [Tue May 22 16:09:26 2007] [error] [client 129.29.227.4] Invalid URI in request -gzip, identity, *;q=0 [Tue May 22 16:09:26 2007] [error] [client 129.29.227.4] Invalid URI in request -gzip, identity, *;q=0 [Tue May 22 16:09:28 2007] [error] [client 129.29.227.4] Invalid URI in request -gzip, identity, *;q=0 [Tue May 22 16:09:29 2007] [error] [client 129.29.227.4] Invalid URI in request -gzip, identity, *;q=0 [Tue May 22 16:29:29 2007] [error] [client 129.29.227.4] Invalid URI in request f705120b3663bb; yab_logined=0; yab_uid=0; yab_last_click=1179868171 [Tue May 22 16:30:23 2007] [error] [client 129.29.227.4] Invalid URI in request d14379f705120b3663bb; yab_logined=0; yab_uid=0; yab_last_click=1179869368 [Tue May 22 16:30:26 2007] [error] [client 129.29.227.4] Invalid URI in request -gzip, identity, *;q=0 [Tue May 22 16:30:28 2007] [error] [client 129.29.227.4] Invalid URI in request -gzip, identity, *;q=0
I have a new server and I have hardened it with csf+lfd. It's about 65/70 in the cfs score.
This morning, I noted that lfd log sent me an email saying there is a SSH login via 207.210.233.128 on 10th May 2007. I am not sure whether it was a successful login or not?
Here is the output: ================= Time: Thu May 10 01:31:52 2007IP: 207.210.233.128 (Unknown)Account: rootMethod: password authentication ========================
I know for sure that I did not login my SSH yesterday.
However, when I logged in SSH this morning, it says in telnet that my last login was from my own home computer's IP, so from that it looks like no one else has logged in SSH since last time I logged in myself.
Was my server intruded or was lfd just playing up?
how I can find out what page they have changed? It is a php file with loads of includes etc. Not sure where to look! Or could it be a redirect or something?
