I designed one of my web services so that 'nobody' has to put commands to cron. Unfortunately this thing stops to work from time to time because "someone" is putting 'nobody' back to cron.deny file.
How to stop that?
I edited the /etc/apf/deny.hosts_rules files, then removed all lines from the file and finally restarted apf so it can restart with no deny host listed. But that is not working... the file appears empty or again with the rules removed before.
iptables -L -n shows the same banned hosts as dropped.
I already tried.. remove the deny hosts IPs from the file, then ran "iptables -F", then "service iptables save", and finally restarted apf and the deny IPs still there
I have WHM 11.1.0 cPanel 11.2.1-C11635
FEDORA 4 i686 - WHM X v3.1.0
PHP Version 4.4.4
I'm not sure what my apache version is.
I want to try this:
http://www.webhostgear.com/232_print.html
It says it's for Apache 1.3x, PHP 4.3x
Will that work on my server? Will it be safe to try?
Currently my site is having a extreme surge in traffic (in and out). My webhost just sent me a warning, saying that my site is generating abusive traffic to the host's network.
Code:
Please be aware that abusive traffic is being generated from your IP, xx.xxx.xx.xxx, directed to our network as seen in the logs below. We have added a Nullroute for this IP on our network for a period up to 24-hours. Please take action to remove and prevent this abusive traffic from being generated. Repeated offenses will result in a permanent Nullroute of your entire network block.
2007-07-05 09:59:51 - sensor-ds04.tpa.sagonet.net - sshd[13496]: Did not receive identification string from ::ffff:xx.xxx.xx.xxx
2007-07-05 09:59:51 - unknown.sagonet.net - sshd: refused connect from ::ffff:xx.xxx.xx.xxx (::ffff:xx.xxx.xx.xxx)
2007-07-05 09:59:51 - spamassassin-lbb.tpa.sagonet.net - sshd[24910]: Did not receive identification string from xx.xxx.xx.xxx
2007-07-05 09:59:51 - spamassassin-lba.tpa.sagonet.net - sshd[32041]: Did not receive identification string from xx.xxx.xx.xxx
2007-07-05 09:59:51 - spamassassin-lbb.tpa.sagonet.net - sshd[24911]: Did not receive identification string from xx.xxx.xx.xxx
2007-07-05 09:59:51 - spamassassin06.cust.sagonet.com - sshd[12792]: refused connect from ::ffff:xx.xxx.xx.xxx (::ffff:xx.xxx.xx.xxx)
2007-07-05 09:59:49 - sensor-ds06.tpa.sagonet.net - sshd[99600]: warning: /etc/hosts.allow, line 1: host name/address mismatch: xx.xxx.xx.xxx != thtdomains.com
2007-07-05 09:59:49 - sensor-ds06.tpa.sagonet.net - sshd[99600]: warning: /etc/hosts.allow, line 1: host name/address mismatch: xx.xxx.xx.xxx != thtdomains.com
2007-07-05 09:59:49 - sensor-ds06.tpa.sagonet.net - kernel: Jul 5 09:59:49 sensor-ds06 sshd[99600]: warning: /etc/hosts.allow, line 1: host name/address mismatch: xx.xxx.xx.xxx != thtdomains.com
2007-07-05 09:59:49 - sensor-ds06.tpa.sagonet.net - kernel: Jul 5 09:59:49 sensor-ds06 sshd[99600]: warning: /etc/hosts.allow, line 1: host name/address mismatch: xx.xxx.xx.xxx != thtdomains.com
2007-07-05 09:59:49 - sensor-ds06.tpa.sagonet.net - sshd[99600]: refused connect from xx.xxx.xx.xxx (xx.xxx.xx.xxx)
2007-07-05 09:59:49 - sensor-ds06.tpa.sagonet.net - sshd[99600]: refused connect from xx.xxx.xx.xxx (xx.xxx.xx.xxx)
2007-07-05 09:59:49 - sensor-ds06.tpa.sagonet.net - kernel: Jul 5 09:59:49 sensor-ds06 sshd[99600]: refused connect from xx.xxx.xx.xxx (xx.xxx.xx.xxx)
2007-07-05 09:59:49 - sensor-ds06.tpa.sagonet.net - kernel: Jul 5 09:59:49 sensor-ds06 sshd[99600]: refused connect from xx.xxx.xx.xxx (xx.xxx.xx.xxx)
2007-07-05 09:59:52 - sensor-ar01.tpa.sagonet.net - sshd[12730]: warning: /etc/hosts.allow, line 1: host name/address mismatch: xx.xxx.xx.xxx != thtdomains.com
My VPS is using Plesk v8.01 as the control panel. I have purchased my own 3 IPs so I'm sure this is not the case of sharing the same IP with another account.
I've checked the cgi-bin directory but there is nothing there except the usual default file (test.cgi). And I never have the right to alter the cgi-bin directory (can't remove, can't add files).
The traffic surge costs me 10 GB (in) and 5 GB (out) bandwidth a day as opposed to the normal 100~200 MB a day. I haven't ask them the exact form of the abuse. So far, I think my IP has becoming the source of abusive traffic that burdens THEIR server.
I've checked the latest access.log and everything looks normal.
But when I checked using menu Virtuozzo/Traffic Statistics, I can see that the incoming and outgoing traffic are surging up unnaturally (this is the third day).
Hour/Incoming/Outgoing (in MB):
Code:
01 5.61 26.31
02 4.94 25.11
03 6.77 33.48
04 10.42 47.17
05 91.43 94.06
06 289.51 196.99
07 309.13 200.02
08 51.78 33.33
Has anyone had any good results using spamassasin? If so, how did you go about setting it up? I was hoping someone would share some real world settings that work.
View 10 Replies View RelatedCan you control SPAM on a server ? I've got this email account that all receives is SPAM, nothing else. I'd like to eliminate this so it doesn't get any more SPAM.
View 13 Replies View RelatedI have ffmpeg installed on a webserver. If I enter the command to begin a conversion process, or the command is sent through PHP via exec(), it keeps going until it finishes or runs into an error.
Is there a way to cancel a conversion process after it's been started either through the command line or via PHP exec()?
I have CSF on my server (configserver security and firewall) and it blocks the IP when my server gets attacked, but it always seems to be a little too late... Apache goes down, even though the IP is blocked. I end up running:
iptables -I INPUT -s xx.xx.xx.xx -j DROP
service httpd restart
And that tends to sort things out... but the thing is, sometimes they still manage to attack and even though csf sends me messages explaining how it is connecting, I can check the "deny IPs" and the ip shows as blocked...
What other software is there (eg. mod_evasive... but how can I install it...) that I can run without harming my server, causing problems with CSF or any problems for that matter and how can I install it?
Apache keeps stopping. MULTIPLE times per day! There is no logic to when it dies. But about every 2 hours.
Load stays below .30 and there is free memory available.
This is on a VPS machine. None of the other VPS's are having an issue. Just this one.
Centos release 5.3 (Final)
Apache/2.2.3
Here is what is in the httpd.conf file. I realize the numbers are way too high, but just trying to get this issue to go away.
Code:
<IfModule prefork.c>
StartServers 100
MinSpareServers 100
MaxSpareServers 100
ServerLimit 512
MaxClients 512
MaxRequestsPerChild 4000
</IfModule>
<IfModule worker.c>
StartServers 100
MaxClients 500
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 100
</IfModule>
Here is what is in the /var/log/httpd/error_log file before it dies:
Code:
[Wed Jul 01 18:06:32 2009] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 98 idle, and 108 total children
[Wed Jul 01 18:08:17 2009] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 74 idle, and 76 total children
[Wed Jul 01 18:08:18 2009] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 16 children, there are 63 idle, and 63 total children
[Wed Jul 01 18:08:19 2009] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 32 children, there are 79 idle, and 79 total children
[Wed Jul 01 18:11:36 2009] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 93 idle, and 108 total children
Is there a script or program which I can use to start my game servers remotely? I am giving my friend a free game server, but the problem is that he wants the power to start/stop the server because he wants to update the binaries. I am not looking for a game server control panel, but more like a small script or program that has the power to start/stop the server. The game server I am hosting for him is Team Fortress 2. Also, it has to be free since I am not going to make any profit of this.
Game - Team Fortress 2
OS - Windows 2003 Server
Web hosting - WAMP
I will move my vbulletin site from one server to another server.
my web data is more than 10G including mysql data, I know I may stop the vbulletin at first and move data. but I am expecting a minimal forum-stop time or no forum-stop time.
My concern is, if I don't stop the vbulletin at first, after I dump sql data out and retore them to the new server, it would be more than 3-4 hours, there must be some new data come in during that period. how may I keep the vbulletin running and move all data to new server?
We're currently testing Postini after checking with Message Labs, etc and it seemed that Postini was the most highly recommended out of all of them. We shall see, as there does seem to be ALOT that get past their filters with spam level filtering set at their most sensative level.
However, what could I do for accounts with Hosting Firms. We have a couple on Pair, and while they use SA, their filters doesn't seem to be really effective at all. Users can come in over the weekend, and have 5 valid emails out of 200 junk......
BTW, has anyone used any of the spam appliances out there lately.
We tested them about 1.5 years back and none were really effective
I am trying to run backups to an off site location, however, I have noticed that even if I try on the server side, it will only backup 2gb, which when I check the backup, the file structure is there, but there arent any files in the backups.
View 8 Replies View RelatedI saw some spams and I try to remove them on my cPanel server from WHM > Mail Queue
Message 1MFr0q-0001cK-TV is locked
Message 1MGJLb-0001UL-4y is locked
Message 1MGIqC-00036q-7v is locked
Message 1MGIvk-00044Q-5r is locked
Message 1MGJpk-0003fU-5K is locked
Message 1MGJK9-00015D-US is locked
Message 1MGJhL-00006a-Mh is locked
Message 1MGHK4-0004e6-60 is locked
Message 1MFrD4-0002Up-OX is locked
I can't seem to remove them. What's the way to kill them at once?
We have a VPS Server from one of the most reputable VPS Provider. We have 384 Guaranteed RAM and 1GB Burst. We have Dual Core AMD Opteron(tm) Processor 265 - 1795.503 MHz with 1024 KB cached allocated to our VPS.
It is only hosting 2 average forums (10-15 concurrent users in total) and 30 small websites, low traffic websites.
The problem we are having is, almost 3 times a week, the cPanel, named and apache services keeps stopping. I am monitoring our server when this is happen and prior to the event its only using about 300MB RAM and low CPU..
What could be causing this problem? Do I need to upgrade our RAM?
PRODUCT, Plesk for Windows VERSION 11.5 latest update VERSION OF MICROUPDATE 11.5.30 Actualizar #39, OPERATING SYSTEM Windows 2008 Server Suddently with no apparent reason, MYSQL stops and Ihave to go to the panel and restart it.
Every Morning I have to restart MySQL thru the control panel in remote console of windows..Works all day long, and then stops at night..Should work as always did, for several months I did not even reboot the server, no I have to reboot the server to see if that fixes the problem. Latest windows update, latest Plesk for windows update, but I have the feeling that with the latest microupdate something has broken,
Plesk 11.5 Lunix
Centos 5.6
I am having problem sending email. Email from others came in but when sent from the server it does not arrived.
SMTP Server (Postfix) keep stopping...
how can i deny all ip from china?
they want to ligin to my ssh but lfd ban their ip
How can flush csf blocked ips? (csf.deny)
View 4 Replies View RelatedI want to ban complete range of an IP address. Lets say 123.123.123.12
Can I enter 123.123.0 to ban the range of IP addresses? Cpanel does not any info on blocking a range of IP addresses.
my iptables deny very very ips. how may i delete them?
View 7 Replies View RelatedOne of my client got DDOS on his website. He has visitor tracking module in his php script so he got almost 50,000 records during couple of hours. Normally he gets around 300 unique visitors per day but that DDOS added 50,000 records in tracking table. After extracting this data I got around 400 unique IPs.
Will this work if I added all these IPs in IP Deny Manager?
Will this stop DDOS from these IPs?
Will server not treat requests from these IPs as grabadge load?
Another question is from where these attackers got so many IPs? Definitely they pay to get IPs? how much they pay? Is this very easy to get so many IPS?
how can i deny all of ip instead 2 ip to access to some website?
because these are priv8 website and personal .
i thin that .htaccessis good.
can nany one creat it for me and ist good or use another method?
Completely new stuff for me so i have a few basic questions.
It all started after i've noticed a lot "/w00tw00t.at.ISC.SANS.DFind:" lines in log and after i've found they are random scanning by some hacker tool.
It is suggested to block IP's from where those attacks is comming by putting IP+s in host.deny.
Correct me what i am doing wrong as i keep seeing those scans after I've updated deny file.
I've edited hosts.deny like this:
ALL: 77.68.37.242, 89.19.2.58, 80.93.210.194
That is correct?
After that i've restarted sshd service but i still someone scanning my server from those IP's.
I have problems configuring some ports and rules on CSF on a cPanel server.
Port 37500 is used by a Java web app, so, i opened both tcp incoming and outgoing ports:
Code:
TCP_IN = "20,21,22,25,26,53,80,110,143,443,465,587,993,995,2082,2083,2086,2087,2095,2096,37500"
TCP_OUT = "20,21,22,25,26,37,43,53,80,110,113,443,587,2087,2089,2703,37500"
Then.. to allow access from the server IP and localhost, added this at csf.allow:
Code:
tcp:in:d=37500:s=127.0.0.1
tcp:in:d=37500:s=my.server.ip.address
csf.ignore:
Code:
127.0.0.1
my.server.ip.address
And to deny all access to the server on that specific port (except for the ones I whitelisted before), added this to csf.deny:
Code:
tcp:in:d=37500:s=0.0.0.0/0
Result = no one can connect to the server on that port, not even from the web app itself, it's not connecting to the port 37500.
How can I configure port 37500 to accept local connections (from the web server) and deny all external connections?
Yes, more ssh problems. I fixed it the last time. My IP was being block in "/etc/hosts.deny". So I removed my IP and BAM worked! I could login to SSH. Now today I get locked out AGAIN. I go in a look in "/etc/hosts.deny" my IP is not in there. So now I'm so confused and can't figure out whats going on....
View 12 Replies View RelatedI run a small hosting company in Spain. I have some dedicated servers in USA with Ensim control panel.
I have found some sendmail connections from spammers that use the accounts of my customers.
I want to know if I can deny connections to sendmail from all countries except Spain. This way most of foreigns spammers could not use the accounts of my customers to send spam.
My servers has Sendmail version 8.13.6.
What are the maximum number of entries that can go in hosts.deny? Will the server bog down the more entries that are in there? How many is a safe, reasonable number?
View 2 Replies View RelatedI have amassed a large number of IP addresses [both partial and whole] in my .htaccess file-- which I deny access to. I have two questions:
[1] Can a larger list effect server performance?
[2] MySQL databases seem to be ignoring the .htaccess list. Why would this happen?
Hello, I recently got myself into an unmanaged VPS package and I noticed in my log files, countless attempts to ssh into the system. After a bit of searching, fail2ban looked like a good way to ban the brute force attacks automatically.
My question is what should I configure it with? There's the option for iptables or host.deny. I've read that iptables are not fully supported under Virtuozzo but the stuff I've read are a bit dated. Are there still some issues with iptables under Virtuozzo?
What I'm using now:
*Virtuozzo 3 -not sure on exact version. Whatever SolarVPS is using.
*Signed up with centos4
*uname -r = 2.6.9-022stab078.14-enterprise