I ran the Trojan scan in WHM and it came up with the list below. I have a strong feeling WHM is mis-reporting these as trojans, but I thought I would ask the experts here:
Scan for Trojan Horses
Scanning for Trojan Horses.....
Possible Trojan - /usr/bin/cpan Possible Trojan - /usr/bin/instmodsh Possible Trojan - /usr/bin/prove Possible Trojan - /usr/bin/xmlcatalog Possible Trojan - /usr/bin/xmllint Possible Trojan - /usr/bin/xml2-config Possible Trojan - /usr/lib/libxml2.la Possible Trojan - /usr/bin/mysqlhotcopy Possible Trojan - /usr/bin/Wand-config Possible Trojan - /usr/bin/animate Possible Trojan - /usr/bin/compare Possible Trojan - /usr/bin/composite Possible Trojan - /usr/bin/conjure Possible Trojan - /usr/bin/convert Possible Trojan - /usr/bin/display Possible Trojan - /usr/bin/identify Possible Trojan - /usr/bin/import Possible Trojan - /usr/bin/mogrify Possible Trojan - /usr/bin/montage Possible Trojan - /usr/bin/curl-config Possible Trojan - /usr/bin/curl Possible Trojan - /usr/lib/libcurl.so.3.0.0 Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.la Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.so Possible Trojan - /usr/sbin/pureauth 25 POSSIBLE Trojans Detected
We would like to offer root servers to customers, but we worry that they change the IP address to another IP address in our network and make troubles like this. I think, if a customer takes the same IP like our gateway router, our whole network is not reachable anymore. How can I avoid this?
but i never added that... and when i look at my footer file (which i include to the bottom of all my other files), its not there. even when i transfer the current one from my server, so its definetly not in that file
any idea how else that could have been added, and how i can take it off. my sites also been acting kind of weird lately, scrolling all the way to the bottom any time a page loads, which is really annoying
when I FTP into my server, I can't see the files files and folders starting with dots, such as .thumbs or .htaccess. How do I configure my server (through SSH) so that these files are visible rather than hidden? I'm running Fedora on my server.
Tools&Settings Plesk Appearance Interface Management -Power user View (with & without) Use Custom View-Service Provider View (with & without) Open hosting operations in Server Administration Panel However when I go to
Websites&Domain TheWebsite/Show More, the DNS settings are still missing.
Is there any other setting I can try to show the dns settings?
I've been trying to configure Plesk as a hidden (super) master for a domain and I've run into some problems.
First off, for those who don't know, a hidden master is a nameserver that is actually the master server, yet does not list in the NS records of the domain.
The servers listed as NS in the zone have accepted the server as their master, but the rest of the world does not know it exists. Hence the term hidden master. The slaves consist of two PowerDNS servers that acknowledge the Plesk server as a supermaster, thus enabling automatic zone configuration and the like upon receiving a notify from the Plesk server.
However, the Plesk server refuses to send automatic notify messages to the slaves (listed in the NS records, also added to the ACL / transfer restrictions template). When requesting an AXFR by hand the Plesk server happily transfers the requested zone to the PowerDNS slaves, but upon changing the zone files through the Plesk panel's DNS management system, no notify goes out to the slaves, which thus don't know anything has changed. I've tried adding an also-notify clause to named.conf (which was suggested elsewhere), but it appears Plesk overwrites the entire named.conf upon zone changes, thus erasing the also-notify clause, subsequently refusing to send out a notify.
Further research into the workings of Bind (the nameserver used by Plesk in this setup) suggests that, by default, it should send notify messages to all servers listed in the NS records part of a given zone. This is clearly not the case in this particular setup, but I can't seem to find where exactly notify messages have been disabled (there is no mention of notify in named.conf).
My questions therefore are: 1) Why doesn't Plesk / Bind send automatic notify messages to its slaves, which is the default behavior of Bind? Where and how has this been disabled? 2) Should 1 turn out to be impossible to fix, how do I override named.conf on a per-domain basis?
I hope your day is going good. I've been trying to fix a problem I had all week. I receive daily email notification that "example.[url]" does not resolve to any IP. However, when in WHM, it already contains Server Main Ip: 18.104.22.168. I've tried a few solutions from the web, but to no avail:
IMPORTANT: Do not ignore this email. The hostname (example.mydomainname.com) resolves to . It should resolve to 22.214.171.124. Please be sure to correct /etc/hosts as well as the 'A' entry in zone file for the domain.
Some are all of these problems can be caused by /etc/resolv.conf being setup incorrectly. Please check this file if you believe everything else is correct.
You may be able to automaticly correct this problem by using the 'Add an A entry for your hostname' under 'Dns Functions' in your Web Host Manager
1) Within WHM, I have the following:
-Add an A entry for your hostname (I only have one listed) Hostname: example.mydomainname.com Server Main Ip: 126.96.36.199
-Primary/secondary nameserver Primary Nameserver: ns1.mydomainname.com (A entry = 188.8.131.52) Secondary Nameserver: ns2.mydomainname.com (A entry = 184.108.40.206)
-Additional IP my webhost gave me to use: 220.127.116.11 (used in primary name server) 18.104.22.168 (used in secondary name server) 22.214.171.124
-Current DNS Zone listing: example.com (my website URL that is currently working) example.mydomainname.com (hostname I made myself that contains the server main IP) ns1.mydomainname.com (A entry = 126.96.36.199) ns2.mydomainname.com (A entry = 188.8.131.52)
2) My edit "edit /etc/resolv.conf" contains the following: Search localdomain nameserver 184.108.40.206 nameserver 220.127.116.11
Issue: I receive daily email notification that "example.mydomainname.com" does not resolve to any IP. However, when in WHM, it already contains Server Main Ip: 18.104.22.168.
I have a server with RHEL 5 installed. The problem is that the server shows the output of the hostname command as (none). I checked the /etc/sysconfig/network file and it shows the correct hostname. I also tried to change the hostname in the /etc/sysconfig/network file and restart the server. But hostname command still shows (none).
I have a dedicated server with WHM 11.23.2. I am in the process of "attempting" to change the hostname for a group of websites and also the nameservers.
Let's say for practical senses that these were the old details: Hostname: abc.example.com Nameservers: ns1.example.com and ns2.example.com
I changed in the following sections of WHM..
Server Configuration -> Basic cPanel/WHM Setup -> Hostname to 123.newsite.com
Networking Setup -> Hostname to 123.newsite.com
Server Configuration -> Basic cPanel/WHM Setup -> Primary Nameserver to ns1.newsite.com and then...
Server Configuration -> Basic cPanel/WHM Setup -> Secondary Nameserver to ns2.newsite.com.
Networking Setup -> Nameserver IPs. I deleted the old ones and created the two new ones: ns1.newsite.com and ns2.newsite.com.
I have double checked that this information is still there. Obviously newsite.com is listed as a domain/account. However, example.com was naturally the first one associated with this server.
I performed a server reboot, apache reset etc.
This was three days ago. I assumed it had all changed over. Until I (stupidly) remembered that I hadn't changed the goDaddy information to point to these new nameservers. I panicked thinking all the sites (six of them) would be down. However, they weren't. When I tried to change the nameserver information for a domain in goDaddy it came back with errors... it would only accept ns1.example.com and ns2.example.com.
So, I did a tracert to the IP address of the server and indeed it comes back as abc.example.com. Every domain is associated with that static IP.
I can't even find anywhere where abc.example.com is listed within the WHM. All the new values are listed... so, where is it pulling this from? I thought the reset of the server (as a graceful reboot) would resolve this issue.. it hasn't. I've rebooted twice and awaited the thirty minutes for everything to get back online. No success.
The zone for the root domain splinteredmedia.net is missing, or could not be read. The ip address will be read from the webserver configuration and a new zone will be created for this subdomain. Bind reconfiguring on smpl using rndc Error reconfiguring bind on smpl: rndc: connect failed: 127.0.0.1#953: connection refused Created DNS entry for ns1.splinteredmedia.net
Is the error i get when i try to add a entry for one of my nameservers.
I have cPanel on a CentOS 5.1 VPS
I am still pretty new to CentOS
how would i go about adding a zone and if somebody cpuld point me to a place where i can read exactly what it is and how to set it up i would be very grateful
my VPS with Steadcom has been running for about six months now and for the most part I'm very pleased.
I'm not all that skilled at running it yet, still learning.
First, My email was being blocked by some recipients, I am using sendmail. So I had to change the hostname and the hosts file, and the network file to my domain name, instead of the hostname Steadcom gave me. This fixed the email and it seems receipients are okay with the new settings.
However, whenever I restart the VPS, these files and the hostname get reset. How can I make it so these are not changed... is this something I have to bring up with Steadcom or is it a setting I'm not getting quite right?
Second... my webmin seems to have problems. I can log in, but then sometimes I cannot navigate to the areas I need to, as I'll get a page not found error. I have been stopping and restarting webmin, and that sometimes helps, but sometimes not and I have to restart the whole server. Which I really don't want to do just for webmin. I don't really know webmin that well, either, so would love some help on what I can do about this.
Third.. when I have SSH running I often get Brute Force warnings for a bot or someone trying to log in. So I just stop the service all together. But when I restart, it starts up again. How can I keep SSH from starting unless I need it?
I've set up a few domains in WHM, though I noticed when I use Ping Plotter to do a traceroute on the domain, the result always shows host.mydomain.com as the last stop, instead of just mydomain.com:
Code: Target Name: mydomain.com " " 12 84 ms CWIE-LLC.car1.Chicago1.Level3.net [43.793.208.66] 13 82 ms [22.214.171.124] 14 84 ms host.mydomain.com [126.96.36.199] I was wondering, how can I configure the DNS in WHM so the last stop is just mydomain.com?
Say for example I have a cPanel dedicated server, with a hostname> earth.anonymous.com which is where I host several resold shared accounts all using my nameservers, ns2.anonymous.com and ns2.anonymous.com
I am using the cPanel dns, simply pointing the domain namesevers to two IP`s given in my IP allocation.
I wish to lease another server, using the hostname: venus.anonymous.com
This is where I start getting confused with the domain/dns. Would it be easier for me to use a third party dns service such as easydns to host the actual main domain dns?
If someone can understand what I`m getting at here, could they give me a few tips of getting this setup and easy and reliable as possible.
A lot of hosting companies are using anonymous hostnames, is this a good plan?