#1  
Old 17th December 2010, 17:40
Etienne Etienne is offline
Member
 
Join Date: Nov 2005
Location: Belgium
Posts: 31
Thanks: 5
Thanked 0 Times in 0 Posts
Question Server and mail down, but why?

Hi,

I have a Perfect setup Debian 5 ISPConfig 2 that was running a little over a year, but over the last couple of days I see some strange behaviour like spontaneous blackouts etc. nothing seems to be wrong then, but I cannot access the server via SSH or whatever, so ending up in restarting.

This morning from checking the email at 9 or so, found out that the mail server was not responding and on further looking also the sites was out ... (again) sop I thought that like before with a quick reset the thing should be up and running again... Yeah right.

I have allready spended all day figuring out what is wrong, reading varius error messages that I found in mail.warn etc, but now I found in the Apache error log a refference that I can lead back to the system hangups...

But the question is what is causing it, so my Question if any of you guys can make anything from these log file, am i under attack of some kind or what...

Let me know please, cuz I am not receieving my mail also...

Thanks ia
Etienne
Attached Files
File Type: txt error_log.txt (16.8 KB, 195 views)
Reply With Quote
Sponsored Links
  #2  
Old 17th December 2010, 19:48
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,459
Thanks: 813
Thanked 5,240 Times in 4,108 Posts
Default

The lines in the log are attacks. Please check your server with rkhunter. Also make sure that you have all Linux updates installed.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 17th December 2010, 22:33
Etienne Etienne is offline
Member
 
Join Date: Nov 2005
Location: Belgium
Posts: 31
Thanks: 5
Thanked 0 Times in 0 Posts
Default

Wonderful, I was already afraid of that, but the next Question is, what to do, I scanned with CHKROOT and RKHUNTER without any compromises on the site and have the most updates in place just dont know if I have the latest update for ISPConfig

But what is the best way to get back in the sadle at the moment I cannot connect to
the site, neither remote or local and I would like to get it up again... without blue pill

Any suggestions besides reinstalling a Perfect Setup again.

Thanks in advance,
Etienne
Reply With Quote
  #4  
Old 18th December 2010, 14:05
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,726 Times in 2,565 Posts
Default

Any errors in your mail log?

what's the output of
Code:
netstat -tap
? Did you check your system load with
Code:
top
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 21st December 2010, 10:35
Etienne Etienne is offline
Member
 
Join Date: Nov 2005
Location: Belgium
Posts: 31
Thanks: 5
Thanked 0 Times in 0 Posts
Default

The output of Netstat -tap is:

Code:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:51813                 *:*                     LISTEN      1666/rpc.statd
tcp        0      0 *:mysql                 *:*                     LISTEN      1968/mysqld
tcp        0      0 *:sunrpc                *:*                     LISTEN      1655/portmap
tcp        0      0 *:81                    *:*                     LISTEN      2294/ispconfig_http
tcp        0      0 server.web-world:domain *:*                     LISTEN      2631/named
tcp        0      0 localhost:domain        *:*                     LISTEN      2631/named
tcp        0      0 *:ssh                   *:*                     LISTEN      1890/sshd
tcp        0      0 *:smtp                  *:*                     LISTEN      24569/master
tcp        0      0 localhost:953           *:*                     LISTEN      2631/named
tcp        0      0 server.web-worlds.c:ssh 192.168.123.9:1410      ESTABLISHED 17996/0
tcp        0      0 localhost:36556         localhost:www           TIME_WAIT   -
tcp6       0      0 [::]:imaps              [::]:*                  LISTEN      2059/couriertcpd
tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      2077/couriertcpd
tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      2065/couriertcpd
tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      2047/couriertcpd
tcp6       0      0 [::]:www                [::]:*                  LISTEN      3628/apache2
tcp6       0      0 [::]:ftp                [::]:*                  LISTEN      24404/proftpd: (acc
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      1890/sshd
tcp6       0      0 [::]:smtp               [::]:*                  LISTEN      24569/master
tcp6       0      0 localhost:953           [::]:*                  LISTEN      2631/named
tcp6       0      0 [::]:https              [::]:*                  LISTEN      3628/apache2
And what I am supposed to look at with top?

Thanks,
Etienne
Reply With Quote
  #6  
Old 21st December 2010, 17:05
Etienne Etienne is offline
Member
 
Join Date: Nov 2005
Location: Belgium
Posts: 31
Thanks: 5
Thanked 0 Times in 0 Posts
Default

Funny, if I read through the last couple of postings here, it almost looks like the ISP config was compromised, i cannot find any other type of way... no bash files
no logs of people entering the site, maybe I am wrong but it looks like there is
a security bug in ISPconfig 2, so maybe it is time to move on to ISPconfig 3.0 and hope this is safer.
Reply With Quote
  #7  
Old 22nd December 2010, 14:57
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,726 Times in 2,565 Posts
 
Default

Quote:
Originally Posted by Etienne View Post
Funny, if I read through the last couple of postings here, it almost looks like the ISP config was compromised, i cannot find any other type of way... no bash files
no logs of people entering the site, maybe I am wrong but it looks like there is
a security bug in ISPconfig 2, so maybe it is time to move on to ISPconfig 3.0 and hope this is safer.
There's no known security bug in ISPConfig 2.

Your mail, POP3, and IMAP daemons seem to be running. Are there any errors in the mail log?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig3 mail doesn't work Marr General 6 1st September 2010 09:32
amavis & ispconfig 3 yalex2000 Installation/Configuration 20 18th February 2010 17:02
I don't recieve mail. privir Installation/Configuration 2 3rd June 2009 22:08
just the last step...and it works. Postfix...need help config. ubuntusr Installation/Configuration 1 5th January 2009 09:50
Core 4: Error Messages on Fresh Install re CTX/SSL jjw Installation/Configuration 30 6th September 2006 12:16


All times are GMT +2. The time now is 11:26.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.