There is already an instance of server.php running

Discussion in 'Installation/Configuration' started by heatlerrr, Feb 12, 2015.

  1. heatlerrr

    heatlerrr New Member

    Code:
    2015-02-12 11:30    hosting.swisogroup.ro    Debug    Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock  
    2015-02-12 11:29    hosting.swisogroup.ro    Debug    There is already an instance of server.php running. Exiting.
    As the title says, ISPConfig throws me this error. I tried deleting the .ispconfig_lock file and nothing happened. I believe there are two separate errors and they don't start from the same core but idk, I'm not an ISP specialist and I would really appreciate and need some help.

    The problem is that I try to send an email via a PHP script (to localhost and/or other email addresses) but it fails to work.

    Feb 12 11:30:03 hosting postfix/qmgr[3815]: 043FD4A1C12: from=<[email protected]>, size=1250, nrcpt=1 (queue active)
    Feb 12 11:30:03 hosting postfix/error[19307]: 0B4284A760E: to=<[email protected]>, relay=none, delay=87377, delays=87376/0.03/0/0.07, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx4.hotmail.com[207.46.8.167] while sending RCPT TO)
    Feb 12 11:30:03 hosting postfix/error[19318]: 0DC6A4466BB: to=<[email protected]>, relay=none, delay=41393, delays=41392/0.04/0/0.1, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx2.hotmail.com[65.55.92.184] while sending RCPT TO)
    Feb 12 11:30:03 hosting postfix/error[19257]: 03D02456766: to=<[email protected]>, relay=none, delay=387844, delays=387843/0.03/0/0.05, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx2.hotmail.com[65.55.92.184] while sending RCPT TO)
    Feb 12 11:30:03 hosting postfix/error[19255]: 00BC1447A2E: to=<[email protected]>, relay=none, delay=410812, delays=410811/0.01/0/0.06, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta7.am0.yahoodns.net[98.136.217.203] while sending RCPT TO)
    Feb 12 11:30:03 hosting postfix/error[19262]: 0104745F5D2: to=<[email protected]>, relay=none, delay=225118, delays=225117/0.04/0/0.08, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx2.hotmail.com[65.55.92.184] while sending RCPT TO)
    Feb 12 11:30:03 hosting postfix/qmgr[3815]: 0B6DC485E5B: from=<[email protected]>, size=1507, nrcpt=1 (queue active)
    Feb 12 11:30:03 hosting postfix/error[19308]: 69E6744368B: to=<[email protected]>, relay=none, delay=0.16, delays=0.1/0.02/0/0.04, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx2.hotmail.com[65.55.92.184] while sending RCPT TO)
    Feb 12 11:30:03 hosting postfix/error[19306]: 09D1A500CF0: to=<[email protected]>, relay=none, delay=75263, delays=75262/0.02/0/0.04, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta7.am0.yahoodns.net[98.136.217.203] while sending RCPT TO)
    Feb 12 11:30:03 hosting postfix/error[19256]: 05CD450160E: to=<[email protected]>, relay=none, delay=35162, delays=35162/0.02/0/0.06, dsn=4.0.0, status=deferred (delivery temporarily suspended: host mailin-01.mx.aol.com[64.12.88.131] refused to talk to me: 554- (RTR:BL) http://postmaster.info.aol.com/errors/554rtrbl.html 554 Connecting IP: 82.79.230.132)
    Feb 12 11:30:03 hosting postfix/error[19314]: 0C3844A91F0: to=<[email protected]>, relay=none, delay=68067, delays=68066/0.03/0/0.06, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mx2.hotmail.com[65.55.92.184] while sending RCPT TO)
    Feb 12 11:30:03 hosting postfix/smtp[13336]: 0FD3C445C8A: host mx00.emig.gmx.net[212.227.15.9] refused to talk to me: 554-gmx.net (mxgmx008) Nemesis ESMTP Service not available 554-No SMTP service 554-IP address is black listed. 554 For explanation visit http://postmaster.gmx.com/en/error-messages?ip=82.79.230.132&c=bip
    Feb 12 11:30:03 hosting pure-ftpd: ([email protected]::1) [INFO] New connection from ::1
    Feb 12 11:30:03 hosting pure-ftpd: ([email protected]::1) [INFO] Logout.
    Feb 12 11:30:03 hosting postfix/smtpd[19369]: warning: hostname localhost does not resolve to address ::1: No address associated with hostname
    Feb 12 11:30:03 hosting postfix/smtpd[19369]: connect from unknown[::1]
    Feb 12 11:30:03 hosting postfix/smtpd[19369]: lost connection after CONNECT from unknown[::1]
    Feb 12 11:30:03 hosting postfix/smtpd[19369]: disconnect from unknown[::1]
    Feb 12 11:30:03 hosting postfix/qmgr[3815]: 086A35044BA: from=<[email protected]>, size=1227, nrcpt=1 (queue active)

    What is wrong with the server? Afaik, those email addresses look like spam. Any help is greatly appreciated and welcome!
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The ispconfig issue and the mail problem are very likely not connected to each other.

    For the ispconfig problem:

    Comment out the server.sh cronjob in the root crontab, then delete the lock file and then run the ispconfig server.sh script manually as root and post the messages that you get on the screen.

    For the mail problem:

    It might be that a website or mail account has been hacked and your server is sending spam now. How much emails do you find in the mailqueue when you run:

    postqueue -p
     
  3. heatlerrr

    heatlerrr New Member

    I can't even count them, the queues are spammed!

    Code:
    E8159507439*     766 Thu Feb 12 08:14:55  [email protected]
                                             [email protected]
    
    5ACB9505452*     719 Thu Feb 12 11:57:18  [email protected]
                                             [email protected]
    
    10186508E0C*     787 Thu Feb 12 09:31:34  [email protected]
                                             [email protected]
    
    EB87C4E632C*     788 Thu Feb 12 08:00:22  [email protected]
                                             [email protected]
    
    52BA5508676*     740 Thu Feb 12 10:48:32  [email protected]
                                             [email protected]
    
    C13A3506CCE*     831 Thu Feb 12 09:33:48  [email protected]
                                             [email protected]
    
    A6FE75029AC*     773 Thu Feb 12 11:37:34  [email protected]
                                             [email protected]
    
    2199244C998*     790 Thu Feb 12 11:58:25  [email protected]
                                             [email protected]
    
    20D8344621D*     736 Thu Feb 12 11:14:27  [email protected]
                                             [email protected]
    
    4F5ED4C0868*     731 Thu Feb 12 12:04:04  [email protected]
                                             [email protected]
    
    2331344E376*     846 Thu Feb 12 10:25:46  [email protected]
                                             [email protected]
    
    277744C4A12*     785 Thu Feb 12 08:27:38  [email protected]
                                             [email protected]
    
    83D09508EEA*     742 Thu Feb 12 09:32:33  [email protected]
                                             [email protected]
    
    2DB2245BBF4*     805 Thu Feb 12 11:26:13  [email protected]
                                             [email protected]
    
    96C7444D7D8*     716 Thu Feb 12 09:43:31  [email protected]
                                             [email protected]
    
    47990508B69*     743 Thu Feb 12 09:29:43  [email protected]
                                             [email protected]
    
    4E0D844E54B*     765 Thu Feb 12 11:22:05  [email protected]
                                             [email protected]
    
    810E0501D8A*     757 Thu Feb 12 09:35:41  [email protected]
                                             [email protected]
    
    C5B844C2854*     764 Thu Feb 12 09:36:36  [email protected]
                                             [email protected]
    
    423C4445AED*     733 Thu Feb 12 07:48:37  [email protected]
                                             [email protected]
    
    E4EFE44C50E*     761 Thu Feb 12 09:43:18  [email protected]
                                             [email protected]
    
    Part of the output ^
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. heatlerrr

    heatlerrr New Member

    Code:
    *** ENVELOPE RECORDS /var/spool/postfix/active/C5B844C2854 ***
    message_size:             764             212               1               0             764
    content_filter: amavis:[127.0.0.1]:10024
    message_arrival_time: Thu Feb 12 09:36:36 2015
    create_time: Thu Feb 12 09:36:38 2015
    named_attribute: rewrite_context=local
    sender_fullname:
    sender: [email protected]
    *** MESSAGE CONTENTS /var/spool/postfix/active/C5B844C2854 ***
    Received: by hosting.swisogroup.ro (Postfix, from userid 5007)
            id C5B844C2854; Thu, 12 Feb 2015 09:36:36 +0200 (EET)
    To: [email protected]
    Subject:  After playing with lad's dick
    X-PHP-Originating-Script: 5007:start.php
    From: "Allyson Howell" <[email protected]>
    Reply-To:"Allyson Howell" <[email protected]>
    X-Priority: 3 (Normal)
    MIME-Version: 1.0
    Content-Type: text/html; charset="iso-8859-1"
    Content-Transfer-Encoding: 8bit
    Message-Id: <[email protected]>
    Date: Thu, 12 Feb 2015 09:36:36 +0200 (EET)
    
    
    <div>
    After playing with lad's dick <a href="http://skzevc.ru/wp-includes/js/tinymce/themes/advanced/skins/default/ini.html?YGRtd3ZxOjFCe2NqbW0sYW1v">click here</a>
    </div>
    
    *** HEADER EXTRACTED /var/spool/postfix/active/C5B844C2854 ***
    named_attribute: encoding=8bit
    original_recipient: [email protected]
    recipient: [email protected]
    *** MESSAGE FILE END /var/spool/postfix/active/C5B844C2854 ***
    
    I am deeply sorry @till, I'm don't quite understand everything back here but I don't want to stay on your head either with stupid questions.
    I did remove the FTP user for "repereeconomice.ro" along with the DNS record. What should I do to stop dem spam?
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    The spam is send by a hacked website, the script that sends it is named start.php:

    X-PHP-Originating-Script: 5007:start.php

    and the userid is

    5007

    So first you have to find out the username to locate the website:

    grep 5007 /etc/passwd

    you will get something like web7 or so. The number after the word web is the ID of the website. Then go to that website and find the start.php file. E.g. if the website is named domain.tld:

    cd /var/www/domain.tld/web
    find . | grep start.php
     
  7. heatlerrr

    heatlerrr New Member

    Didn't found that file but I deleted the whole directory and still, when I run postqueue -p, there are lots of spamming queues... I. am. lost.
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

  9. heatlerrr

    heatlerrr New Member

    Ok, now it states that mail queue is empty. What do you think? Will I encounter mail spam again after I deleted the whole directory and emptied the mail queue? Anyway, thanks for your assistance, I would have never done it without you!
    What do you think about the other one, the instance thing?
     

Share This Page