[root@box ~]# cat /etc/grub.conf # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/sda5 # initrd /initrd-version.img #boot=/dev/sda default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.18-92.1.22.el5) root (hd0,0) kernel /vmlinuz-2.6.18-92.1.22.el5 ro root=LABEL=/ initrd /initrd-2.6.18-92.1.22.el5.img [root@box ~]#
And now the problem. I want to automatically add extra html code with this filter. On most sites working fine without problem. PhpBB3 working just fine, for example.
But on other php scripts like vBulletin, SMF, Nuke, IPB it brokes entire site.
IE6 have unterminable refreshes, IE7 displays an error page, Firefox retunrs a blank page if extra code is placed on header. With Opera errors are minimal but sometimes it displays some strange code.
These errors are only related to vBulletin, SMF, Nuke, IPB and few others.
Removing this line $_=$_.'test';
everything is back to the normal without extra code
I've had a server running for a year or so and all of the sudden the server error log started outputting a very strange message that i've never seen before:
Code: 'groups' is not recognized as an internal or external command, operable program or batch file.
From what I understand this means apache is trying to run a program that doesn't exist, what could be triggering this?
I got a VPS last night and right after I got my HyperVM login info. I tried to install Lxadmin (Kloxo) but I got the following error:
Alert: rebuild_failed_could_not_untar
Screenshot: [url]
I have tried many times to rebuild the VPS and Install lxadmin but I get the same error. I am not an expert working with VPS but if anyone here would like to help, please give me as many steps as possible so that I can do it. As of right now, I cannot SSH to my VPS, I can only access HyperVM.
I dont know if this has been asked before. Anyway what I want to accomplish is I want an email be sent to my email address everytime someone connects to my SSH. I want an email sent regardless it was a successful or failed login. Is there a step by step tutorial for this.
Where is this email configurable? I have seen this email alert notification in the logs numerous times but have yet to receive any alert emails from CSF/LFD.
I have many domains and webservers. so it's hard to monitor everything usually. i heard there are some websites and softwares to do this.
does windows 2003 have anything default like this ? or can anyone suggest the application for my windows 2003 server? which sends alerts if any error is going on my server?
Also there any other websites which is doing this monitoring? because i have some shared accounts and i want to monitor it too.
this is way better, my server goes up for 10-20 minutes then I have to hit restart from the virtouzzo, becuase the server simply goes dead. nothing loads..
how can I know which site on my vps is causing trouble and how to fix it?
I am getting on every 10 minutes mails like that from my server every one has different ports
Quote:
This is an automated alert generated from *********. This alert is to notify the addressed users of new server sockets. New server sockets can indicate server-software that has been started on your host, or otherwise be an indication to malicious activity. It is advised to review this alert and investigate if needed.
Following is a summary of new Internet Server Sockets: > tcp 0 0 ************:3262 0.0.0.0:* LISTEN
Quote:
This is an automated alert generated from *************. This alert is to notify the addressed users of new server sockets. New server sockets can indicate server-software that has been started on your host, or otherwise be an indication to malicious activity. It is advised to review this alert and investigate if needed.
Following is a summary of new Internet Server Sockets: > tcp 0 0 *************:53007 0.0.0.0:* LISTEN -
Quote:
This is an automated alert generated from *********. This alert is to notify the addressed users of new server sockets. New server sockets can indicate server-software that has been started on your host, or otherwise be an indication to malicious activity. It is advised to review this alert and investigate if needed.
Following is a summary of new Internet Server Sockets: > tcp 0 0 ***********:44543 0.0.0.0:* LISTEN
How can i find why this is coming? My managment company said me that a script is tryig to open a socket but we couldnt find the script. Is there any people here have like a similar issue or how can i find and solve this?
In less than 5 mins of account activation user named Paul McGrath, supposedly from NY. Allegedly using lolchurch.com domain (that domain was never forwarded to our server) and user just put a script called send.php and let it rip.
Good thing i was around and management looked at it within minutes (AcuNett).
So, watch for this user signing up and check account(if using that user name or similar domain or recent signups) for any such php page.
Now asks us for refund for suspending his site for spamming.. Asked for his driver license copy to first verify his address, so possibly i can report to paypal for possible fraud too or some online internet police maybe for fraud if there is such a police
Note to Mods. not sure where threads like these go to!
Quick edit: Now user trying to threaten us to give their refund cause they want it back for they spammed and deserve a refund for the same.
"Your servers were awful anyways, I maybe sent 500 emails? I'm gonna ask nicely before I actually do something about this, give me a refund."
he forgot 500 emails in less than 5 mins. does not look like not-spam. Anyways i go have some chat with the fraud, id does not match paypal payment id
Gmail has a feature to detect email phishing and it marks them with a red header alert saying "Warning" This message may not be from whom......", I believe this red alert has nothing to do with spf record of that email, so how does it detect it as phishing email?
We have spf record and I sent an email from another server, when I received that emai the spf record was "softfail" but it does not have that red alert.
how i can secure vps from this kind of script and known when someone upload shell script. How do I set the alert so I get to know that someone has uploaded a script on the server
I've run "DNS report" test for one hosting in dnsstuff.com and got this warning (as some times before for other hosts:
--------------------- Fail: Open DNS server
ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. -----------------------
this is not a WHMCS vulnerability, & you are most likely not affected if you have used the Further Security Tutorials, given by WHMCS.
1.) What has happened?
A professional hacker, signs up as a client, & adds a shell script to your attachments/downloads folder. He gains complete access to your WHMCS admin, & changes your paypal & other gateway emails/accounts, to his emails/accounts.
2.) What to do? Check your attachments/downloads folders, for any such scripts. Use - [url]Furthur_Security_Steps to secure it.
Go to Payment Gateways, & check if the accounts are yours.
3.) How do I know so much about this? Our installation, was also hacked. But, this hacker made a mistake. He used his email account password, for signing up. I could get into his email, & see who has been hacked. I could also get into his PayPal & Egold, & refund all payments intended to go to LaceHost (me). I saw other host's payments too.
4.) Hacker has changed his modus operandi. He now changes the paypal, to some other host's paypal, instead of his. He also deleted tables from your database, may create a new administrator account, may modify other accounts, add affiliate commission etc.
5.) For more information on this hacker, Add me on IM - lacehost [dot] live1 [at] yahoo [dot] com
6.) How many have been hacked? According to what I saw in his PayPal, & his email, atleast 15 hosts have been hacked.
If your paypal has been changed to some other host's paypal, please do not blame them for hacking, we really do not need an inter-industry war here
I use CSF on a VPS with 512 RAM and 1024 Busrt and the other day I received the below notification. My hostsaid it was Mailman and since I don't use mailing lists the recommendationwas to disable it. So I did. I'm curious tho as to why this happened in the first place.
Time: Wed Mar 19 17:53:33 2008 1 Min Load Avg: 11.41 5 Min Load Avg: 6.37 15 Min Load Avg: 2.70 Running/Total Processes: 12/94 ...............
There are multiple occurrences of this at any one time, and the interesting thing is that it appears to be spoofing the source IP addresses - most are all different with few exceptions.
Has anyone else seen this and know of a solution? Normally I would simply use IP deny but given the addresses appear to be spoofed and too numerous it would be futile.. I thought if I programmed OSC to quit if it matched the keywords might be a decent solution, but so far I haven't had any luck
I searched google and this forum to see if I could find out anything with no luck at all, so I'm guessing this is fairly new.
I found a strange PHP file in a strange folder on a VPS I am using to host a few sites. I've looked through the logs but can't figure out how it got there and I've look at the code and can't make any sense of it. Can somebody take a look at the code and tell me what they think of it: .....
This month I just pruchase dedicated server, spec are AMD X2 with 1GB RAM.
On ssh, the memory result is: root@server1 [~]# free -m total used free shared buffers cached Mem: 883 836 47 0 163 397 -/+ buffers/cache: 275 608 Swap: 2047 0 2047
My question:
1. Why the total ram just 883MB? I think it should 1024Mb?
2. The server still empty, but why I see the total used memory is 836Mb?
I only have experience with cpanel vps and when my server empty it only use around 200MB RAM and around 400MB ram usage when my vps load with 30+ account.
A couple of days ago I came across www.just-ping.com site (it's a simple ping test site).
I tested my site avensen.com (IP: 72.232.147.154) with it, and got bad results like this one:
[url]
Santa Clara, U.S.A. Packets lost (20%) 50.6 51.9 52.8 Florida, U.S.A. Packets lost (80%) 45.6 45.6 45.7 Vancouver, Canada Packets lost (80%) 56.5 56.6 56.7 New York, U.S.A. Packets lost (20%) 50.7 57.2 61.5 Austin, U.S.A. Packets lost (60%) 9.5 9.6 9.9 Austin, U.S.A. Packets lost (90%) 9.4 9.4 9.4 Amsterdam, Netherlands Packets lost (60%) 121.6 122.4 123.3 Amsterdam1, Netherlands Packets lost (60%) 121.5 123.6 125.6 London, United Kingdom Packets lost (90%) 111.4 111.4 111.4 Sydney, Australia Packets lost (90%) 200.2 200.2 200.2 Stockholm, Sweden Packets lost (20%) 144.7 147.7 148.3 Cologne, Germany Packets lost (80%) 133.3 135.6 137.8 Madrid, Spain Packets lost (70%) 150.7 150.8 151.0 Paris, France Packets lost (60%) 128.4 132.5 135.5 Hong Kong, China Packets lost (30%) 196.1 196.4 196.8 Munchen, Germany Packets lost (60%) 131.7 131.8 132.0 Kraków, Poland Packets lost (70%) 196.3 198.5 200.2 Cagliari, Italy Packets lost (40%) 154.9 155.3 156.3 Melbourne, Australia Packets lost (50%) 199.6 205.5 208.2 Singapore, Singapore Packets lost (70%) 257.4 260.3 262.5
I'm trying to figure out if this is a network problem or a problem with my server. I don't get it, because there are no lost ICMP packets when I ping another hosts from my server, or when I ping my server from home PC.
And here is what server4sale support wrote:
Quote:
This is what we received from data center and will update you, when they get back to us.
"We apologize for the delay in responding to you. We are aware of an issue that involves our upstream provider, and we have opened a ticket with them to get the issue resolved ASAP. We have asked them to investigate this issue and attempt to isolate the cause. Once we have more information from them, we will update you here in this ticket.
In the meantime, if you note any changes (good or bad), please provide traceroutes BOTH "TO" your server, and "FROM" your server, as well as a 300 count ping summary. This request has been made by our upstream provider, as we will forward any additional pings and traceroutes we receive directly to them. Without the traceroutes both to and from the servers, the information will not be useful for their investigation.
We will provide you with updates thru this ticket as we receive information from our provider. If you have any additional questions, or need further assistance, feel free to contact us. We appreciate your patience, while we work with to resolve this issue."
Second message from support:
Quote:
The data center has informed that they have not yet received an update from their upstream provider as they used to inform them after performing changes.
However, for better investigation and providing the results more precisely to their upstream provider they have asked you to provide the latest:
Quote:
1) 300 ping results from your PC to server
2) Traceroute from your PC to Server and
3) Traceroute from Server to your PC
I'd really appreciate if you help me to get these results and isolate the problem.
IP of my server: 72.232.147.154
What's even stranger is that when I run a just-ping.com test over 72.232.147.174 IP (a machine in the same SAVVIS data center, I guess), I get "All OK results":
I’m running RHEL 3, Apache and Cpanel. When I ran: "netstat –an" I found this in the results:
tcp 0 0 11.11.111.229:49158 11.11.111.229:80 ESTABLISHED tcp 0 0 11.11.111.229:49578 11.11.111.229:80 ESTABLISHED
If I’m reading this right these two unprivileged ports are open and talking to my privileged http port 80. Does this seem right? Why would these two ports on my machine have a connection. All this attention was sparked by abnormal spikes in load. Now I’m getting paranoid that something may be off even though I’m clean when scanning for rootkits etc…