machine hacked ...

Discussion in 'Installation/Configuration' started by albertux, Oct 11, 2007.

  1. albertux

    albertux New Member

    not no, everything happened the 11, but already I solved it, of the way that I commented previously
    Last edited: Oct 16, 2007
  2. teveo1

    teveo1 New Member

    well.. first crash in interactive mode reports

    "Error in named configuration: /home/admispconfig/ispconfig/web/mulc/edit " failed: file not found"

    this is where my box started complaining before i did any updates .. ( in a server room with 60 servers i had no chance to analyze or do much but take the box with me )... from there it is all downhill. what could this be?

    "Error in named configuration: /home/admispconfig/ispconfig/web/multidoc/edit " failed: file not found"
    Last edited: Oct 17, 2007
  3. teveo1

    teveo1 New Member

    .. from syslog..
    /etc/named.conf:3 ... change directory to /home/admispconfig/ispconfig/web/multidoc/edit " failed: file not found"

    /etc/named.conf:3 .. parsing failed...

  4. till

    till Super Moderator

    The probelm above occurs when ISPConfig has no permissions to read the named files. Please redo the BIND configuration steps from the perfect setup for your linux distribution to ensure that the permissions of the files and directories are correct. Then login to ISPConfig and corect the path to the named conf under management > server > settings
  5. marvinh

    marvinh New Member

    Same problem

    Hello focks,

    I have the same error;

    [root@localhost /]# /etc/init.d/named start
    Starting named:
    Error in named configuration:
    /etc/named.conf:3: change directory to '/home/admispconfig/ispconfig/web/multidoc/edit' failed: file not found
    /etc/named.conf:3: parsing failed

    Did everything here, nothing worked... some solution?

    Here are some settings:

    Locate named.conf:

    Named.conf ISPconfig: /etc/named.conf
    Zonefile dir in ISPconfig: /var/named/chroot/var/named

    Did already all the 755 chmod settings...

    Please help :)
  6. till

    till Super Moderator

    Please make sure that the chmod settings of the named directory are as described in the perfect setup. Then set the correct path to your named config directory in ISPConfig under management > server > settings.
  7. marvinh

    marvinh New Member

    Already did, but i think there is a strange thing... some Loop...

    in my /var/named are the following items:
    drwxrwxr-x 6 0 25 4096 Jul 24 18:51 chroot
    drwxrwx--- 2 25 25 4096 Jul 24 18:51 data
    drwxrwx--- 2 25 25 4096 Jul 24 18:51 slaves

    if i enter chroot, then i get this:
    drwxr-xr-- 2 0 25 4096 Nov 5 10:14 dev
    drwxr-x--- 2 0 25 4096 Nov 5 10:14 etc
    dr-xr-xr-x 135 0 0 0 Nov 2 23:22 proc
    drwxrwxr-x 5 0 25 4096 Nov 5 10:14 var

    Ill go to var and then named, there is the following:
    lrwxrwxrwx 1 0 0 6 Nov 5 10:15 chroot -> ../../
    drwxrwx--- 2 25 25 4096 Aug 25 2004 data
    drwxrwx--- 2 25 25 4096 Jul 27 2004 slaves

    If i enter chroot, ill start from the beginning...
    drwxr-xr-- 2 0 25 4096 Nov 5 10:14 dev
    drwxr-x--- 2 0 25 4096 Nov 5 10:14 etc
    dr-xr-xr-x 138 0 0 0 Nov 2 23:22 proc
    drwxrwxr-x 5 0 25 4096 Nov 5 10:14 var

    IS it possible the Bind9 is in a loop when checking the dirs?
  8. till

    till Super Moderator

    No, this "loop" is normal. the problem is just that ISPConfig aws not able to get read access to the bind config directoyr and thoufh set the path to /home/admispconfig/ispconfig/web/multidoc/edit what is wrong. Please do as I advised above and correct the path in ISPConfig and BIND should be able to start again.
  9. marvinh

    marvinh New Member

    My path config is "/var/named/chroot/var/named" in ISPconfig.

    and still doesn't work...
  10. till

    till Super Moderator

    Is the same path set in /etc/named.conf ?
  11. teveo1

    teveo1 New Member

    i gave up my case.. there must be a bug .. when did your problems occur? Mine occured right after I changed some email accounts.
  12. till

    till Super Moderator

    The reason for the named file change is very simple as I explained and I'am sure that there is no bug as this is a well known problem. You just have to make sure that the user admispconfig is able to read the directory with your zone files and then set the correct path in ISPConfig under management > server > settings on the dns tab and click on save.
  13. marvinh

    marvinh New Member

    Is the same path set in /etc/named.conf ?

    No, there still stands: directory "/home/admispconfig/ispconfig/web/multidoc/edit";
  14. marvinh

    marvinh New Member

    The problem is that the files en named.local only are in /home/admispconfig/ispconfig/web/multidoc/edit and not in /var/named/chroot/var/named


    options {
    pid-file "/var/named/chroot/var/run/named/";
    directory "/home/admispconfig/ispconfig/web/multidoc/edit";
    auth-nxdomain no;
    * If there is a firewall between you and nameservers you want
    * to talk to, you might need to uncomment the query-source
    * directive below. Previous versions of BIND always asked
    * questions using port 53, but BIND 8.1 uses an unprivileged
    * port by default.
    // query-source address * port 53;

    // a caching only nameserver config
    zone "." {
    type hint;
    file "";

    zone "" {
    type master;
    file "named.local";

  15. falko

    falko Super Moderator

  16. Melchior

    Melchior New Member


    exactly same problem.

    I just updated some email data. After that, I couldn't login to
    my imap accounts. Login by ssh also failed for every user with:

    :~# ssh_exchange_identification: Connection closed by remote host

    Rebooting the machine failed. The remote-hand-on by data center also...:rolleyes:

    tomorrow (Sunday) I've to get up early ..
    driving to the datacenter in Frankfurt/Main :eek:

    Version: 2.2.14
    worked always fine upto now

    could it be that if you perform many changes in near time, the
    "systemmanger" (the smart-guy who changes the passwd and
    shadow file) gets little bit "confused" by doing his job?

    otherwise I cannot explain to myself what there was going wrong.

    but the most curious thing is, that all this problems happend coextensive. :confused:

    hoping my forum members are goint to excuse the offline time :(

    // STATUS UPDATE: sunday 1pm
    machine is on the net again.
    Had to restore passwd, shadows and group
    thx for the tutorial "how to knoppix with lvm and raid" - was a real help to me!

    if I can help tracing the failure to his roots, I will mail all needed logs to ispconfig mods.
    best, give me some commands like: tail -5000 /var/log/auth.log > auth.log.txt
    thereby, I can collect all you want

    I'm on Debian etch,
    /root/ispconfig and /home/adminispconfig are the dirs

    what else attracts my attention:
    - the file local-host-names lost settings beyond "#### MAKE MANUAL ENTRIES BELOW THIS LINE! ####"
    - the shadow file was cropped. It only contents some webxx_* accounts. System account weren't there anymore.

    Last edited: Jan 6, 2008
  17. till

    till Super Moderator

    Please have a look at the file /home/admispconfig/ispconfig/ispconfig.log for errors and any unusual entrys around the time where the problem started. You can also mail me the logfile to dev [at] ispconfig [dot] org if you like.
  18. Melchior

    Melchior New Member

    thx, I just sent you a cropped logile.

    would be nice to get the problem tracked down. I've
    to do some mail account settings, and don't want to
    drive to the datacenter again :)

  19. peter.zagar

    peter.zagar New Member

    Today It happened to me also,..

    /etc/shadow corrupt somehow.

    I think the ispconfig system (v2) was doing some changes and did not finish properly.

    /etc/group file was empty
    /etc/shadow had ":x:" instead of crypted passwords ":h/TZR#HR!j3h)nj:"

    I restored these two files from backup but new users that were added after the backup are lost.

    What is the best way to get the system in full shape again?

    The ISPconfig interface still shows new users of course.

    I need a really good advice, as I have 600 users + 10 new.
    I would like to save these 600 users from backup and do the new users again.

    I made a full backup in ISPconfig interface 14 days ago.


  20. peter.zagar

    peter.zagar New Member


    As it turned out, the problem was solved by replacing the two mentioned files from the backup, then manually running
    /root/ispconfig/php/php /root/ispconfig/scripts/writeconf.php
    The system then updated all users in /etc/shadow.

Share This Page