[BlueOnyx:26536] Re: Network settings changing.

[Fungal Style via Blueonyx]

Taco,

Thank you for the info, a little different as I used the ISO images from BO, 
but as Chris mentioned I will look at the tools (which could be something 
similar to your situation) and in light of Michael's suggestion with the 
network config files (which was in the back of my head but just still have not 
got round to it... life gets in the way... __

Well at least it is now documented in case someone has the same issue, there 
may be more info added that may make it easier for the next person searching 
for it... __

Regards
Brian

On 7/10/2023, 12:23 am, "Blueonyx on behalf of Taco Scargo via Blueonyx" 
mailto:blueonyx-boun...@mail.blueonyx.it> 
on behalf of blueonyx@mail.blueonyx.it > 
wrote:


Hi guys,


I have actually seen this happen on a specific poster/cloud provider.


What that provider does is actually overwrite the settings from the hypervisor 
side.
Every time I reboot such a machine, I need to login to the console to restart 
the network script to properly set the default gateway.


Both machines that experience this behaviour were “normal” Linux images 
provided by the provider, and had BlueOnyx installed manually.


Best regards,


Taco


> On 6 Oct 2023, at 14:05, Chris Gebhardt - VIRTBIZ Internet via Blueonyx 
> mailto:blueonyx@mail.blueonyx.it>> wrote:
> 
> 
> On 10/5/23 8:54 PM, Michael Stauber via Blueonyx wrote:
>> 
>> I can't imagine a way how the network settings would switch to DHCP on their 
>> own. So I'm as confused as you are why this has happened in your case.
> 
> We've set up and operated hundreds of BlueOnyx servers of every version since 
> its inception, with BlueQuartz and Cobalts before that. (We won't get into 
> the couple of dalliances with the likes of TurboLinux) and have NEVER seen 
> this happen. Not in a quarter-century of use, and even in some "alternative" 
> configurations.
> 
> I would suggest that this type of change would be deliberate. Is this system 
> perhaps assigned to a dedicated user who may have made this change by mistake 
> / not knowing any better? We've certainly seen end users get things mangled.
> 
> You mention it's a virtual machine, so I'm also curious which hypervisor 
> you're using and would its toolkit have tried to "help" you out by making the 
> change. (We've never seen that happen with VMware products or Aventurin{e} or 
> ProxMox.)
> 
> Also... why is it picking up DHCP in the first place? Why is there a DHCP 
> server on your public network? I would absolutely recommend locking that down 
> and placing your resources into proper pools / VLANs. There should not be a 
> chain of events that would have a DHCP server suddenly appear on a production 
> hosting network.
> 
> There may be a way to use RPM/YUM to re-install the networking components 
> from stock. I'd defer to Michael on that one. Or you may want to consider 
> spinning up a replacement and using EasyMigrate to hop over. If it was me in 
> your shoes, though, I would hesitate to do that without fully understanding 
> the chain of events that caused the issue in the first place. After all, if 
> it happened once, it's certainly reasonable to expect it could happen again.
> 
> My suggested steps in any case would be:
> 
> 1. Fix the network. Your public hosting needs to be completely segregated 
> from other traffic. DHCP doesn't belong there.
> 
> 2. Evaluate the security policy that allowed DHCP on your hosting network in 
> the first place and install safeguards as necessary.
> 
> 3. Evaluate the users on the system that went haywire. If there are 
> admin/root permissions in another user's hands, could they have made this 
> change, even if completely by accident or without understanding their 
> actions? Have you dumped / reviewed the bash history? Not foolproof but 
> helpful in some cases... Lock out / lock down any users who have root/admin 
> but don't NEED it.
> 
> 4. Once above conditions are satisfied (at least, as best as possible) 
> evaluate if system is trustworthy/stable. If so, continued operations on the 
> server may be fine, especially if you are able to locate & address the root 
> cause(s). If not, consider replacing the server, limit access and in any 
> event monitor closely (set alerts for logins, etc).
> 
> HTH,
> 
> -- 
> Chris Gebhardt
> VIRTBIZ Internet Services
> Access, Web Hosting, Colocation, Dedicated
> www.virtbiz.com | toll-free (866) 4 VIRTBIZ
> 
> ___
> Blueonyx mailing list
> Blueonyx@mail.blueonyx.it 
> http://mail.blueonyx.it/mailman/listinfo/blueonyx 
> 




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it 
http://mail.blueonyx.it/mailman/listinfo/blueonyx 





___
Blueonyx mailing list
B

[BlueOnyx:26535] Re: Network settings changing.

[Fungal Style via Blueonyx]

Hi Chris,

Thank you for the insights, I too have been lurking for a long time too, having 
been indoctrinated from one of the first versions when it was BQ.

I also understand the comments about users, but this is locked down to myself 
and one other person, we tend not to trust end users that much and most just 
want us to make sure it works... so a good relationship that way.

The change was not deliberate, but I will be checking the network config files 
just in case there is something weird there.

I am using VMWare ESXI as the hypervisor and have done so for quite some may 
years without issue, although it was only over the last year or two I had a 
DHCP server on the network which is part of a firewall I use to use NAT for 
some Windows Servers I use for some maintenance and commercial backup reasons. 
But I believe I have the open source toolkit (as VMWare's native one does not 
work with later Linux releases they even refer you to the open source one). So 
this is actually a good point and something to keep an eye on in case it is 
"trying to be helpful", I did not think of that.

The vlans is a work in progress so yes, it is ideal to have it separate but 
sometimes necessity does not understand time constraints...  so I know it is 
not the best to have them on the same vlan.

Agreed that it is good to know the root cause before jumping and going to the 
effort of moving things around (I am planning a migrate to 5211R at some point 
too, but I think the tools and checking the network config files would be a 
good place to start, I got distracted as the disabling of the DHCP server took 
out a NAS as I do not want a NAS on a routable IP address, but it bit me in the 
butt as I ended up locking myself out of the ESXI (long story, just ment I had 
to take a quick trip to get a crash cart connected and fix the cause which I 
put off for a long time and was not a problem till I killed the DHCP... go 
figure.. snow ball effect.

So as to your summary...

1. yes, that has shuffled up the to do list now (yes I always knew it was a bad 
idea, just did not think it would be this way though, I was more concerned 
about traffic and congestion but it was working so it was easier to ignore)
2. n/a, it was me, it was initially a quick fix to get something done, but 
became too easy to keep and put off point 1. 
3. n/a only 2 people and one is my brother and he has a vested interest as he 
will have people yelling at him.. __
4. n/a in this circumstance as the server is fairly locked down already, hence 
I managed to lock myself out as I did not have a way around and I am looking to 
get a KVM o IP also for the servers which would have saved the trip to the data 
centre.

Even though most things are already ticked off or not applicable, you still 
spurred some lines of though as an example, I did not think about the vm tools 
as a possible cause and I thank you for the time and effort in posting also, as 
well as Michael also who replied earlier.

If anything I need to take this as a learning experience and work to fixing the 
things that need to be fixed on the to-do list and check the other things.

Thanks again.
Regards
Brian



On 6/10/2023, 11:11 pm, "Blueonyx on behalf of Chris Gebhardt - VIRTBIZ 
Internet via Blueonyx" mailto:blueonyx-boun...@mail.blueonyx.it> on behalf of 
blueonyx@mail.blueonyx.it > wrote:




On 10/5/23 8:54 PM, Michael Stauber via Blueonyx wrote:
>
> I can't imagine a way how the network settings would switch to DHCP on 
> their own. So I'm as confused as you are why this has happened in your 
> case.


We've set up and operated hundreds of BlueOnyx servers of every version 
since its inception, with BlueQuartz and Cobalts before that. (We won't 
get into the couple of dalliances with the likes of TurboLinux) and have 
NEVER seen this happen. Not in a quarter-century of use, and even in 
some "alternative" configurations.


I would suggest that this type of change would be deliberate. Is this 
system perhaps assigned to a dedicated user who may have made this 
change by mistake / not knowing any better? We've certainly seen end 
users get things mangled.


You mention it's a virtual machine, so I'm also curious which hypervisor 
you're using and would its toolkit have tried to "help" you out by 
making the change. (We've never seen that happen with VMware products 
or Aventurin{e} or ProxMox.)


Also... why is it picking up DHCP in the first place? Why is there a 
DHCP server on your public network? I would absolutely recommend 
locking that down and placing your resources into proper pools / 
VLANs. There should not be a chain of events that would have a DHCP 
server suddenly appear on a production hosting network.


There may be a way to use RPM/YUM to re-install the networking 
components from stock. I'd defer to Michael on that one. Or you may 
want to consider spinning up a replacement and using EasyMigrate to hop 
over. If it was me in your shoe

[BlueOnyx:26531] Re: Network settings changing.

[Fungal Style via Blueonyx]

Hi Michael,

Thank you for the prompt reply, the server is a VM, but very stock, nothing has 
been added/removed or fiddled with, this is why I was also puzzled as I have 
not seen it happen previously and thought maybe an update may have switched 
something.

So your comment about "/etc/is_aws" if it is present, would that mean that if I 
set the IP address via the ./network script, then add an emply file of 
that name in the location specified the setting for IP and network settings 
should be locked?
If that is the case, that would make me feel more secure as the reason the the 
restart was a high resource usage slowing things to a standstill where things 
were effectively "broken", as the server tends to get hit hard with (wordpress) 
xmlrpc requests even when they are blocked via .htaccess denial and upon reboot 
(hard reset), the issue was observed.

I may need to expedite the move to 5211R as I have no idea how it would have 
lost the settings and went to DHCP (and seemed to be locked in DHCP as the 
primary setting).

Regards
Brian




-Original Message-
From: Blueonyx  On Behalf Of Michael Stauber 
via Blueonyx
Sent: Friday, October 6, 2023 12:54 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:26530] Re: Network settings changing.

Hi Brian,

> Not sure if this has been questioned before, but had an issue earlier 
> today where I had to restart a server and although the server had been 
> running for a long time with a static IPv4 address, it seems it 
> discovered a rogue DHCP server and decided it would use the IP address 
> from DHCP instead. When trying to change the IP address it was a 
> little weird as the settings would not stick as it kept reverting to 
> the DHCP server assigned IP address.


The whole network stack of BlueOnyx doesn't use DHCP at all. When you install 
BlueOnyx DHCP gets turned off and static network settings are configured. And 
they remain static unless someone manually fiddles with it or maybe some third 
party software fiddles with it.

I can't imagine a way how the network settings would switch to DHCP on their 
own. So I'm as confused as you are why this has happened in your case.

The only way how you can still use DHCP on a BlueOnyx (there are some valid 
usage cased for this after all) is when you create the (empty) file 
/etc/is_aws. When that is present, all network related handlers and 
constructors will no longer have permissions to change your network settings at 
all. But even then: That doesn't switch your server to DHCP on its own and one 
has to manually modify the network config files to do so.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:26529] Network settings changing.

[Fungal Style via Blueonyx]

Hi all,

Not sure if this has been questioned before, but had an issue earlier today 
where I had to restart a server and although the server had been running for a 
long time with a static IPv4 address, it seems it discovered a rogue DHCP 
server and decided it would use the IP address from DHCP instead. When trying 
to change the IP address it was a little weird as the settings would not stick 
as it kept reverting to the DHCP server assigned IP address.
Let me provide the steps I did and what was observed (as best as I can recall).

  *   Server was not responding, did a ping to the server name and it resulted 
in a 10.x.x.x IP address (non routable, so not good for a production server 
that is supposed to be internet facing)
  *   Ran the ./networksettings script, I noticed the 10.x.x.x IP address when 
I said to set the IPv4 settings, along with all the other details as per the 
DHCP server
  *   In desperation I created a second ethernet device (it is a VM) and tried 
to set it using the ./net... script to no avail - this is probably not 
important but added just in case.
  *   When attempting to set the IP address via the ./network... script the 
subnet kept being a little weird, like making it 255.0.0.0, again this may not 
be important as it could have been part of the hangover from the DHCP and I am 
not sure exactly which order I tested this
  *   Once the DHCP server was disabled I was eventually able to set the IP 
address correctly and have it remain.
I suppose the question is does Blueonyx have DHCP enabled even when you set the 
IP address via the network setting script? It would appear so and is this by 
design?

The server is running 5210R

Regards
Brian
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:26172] Re: BlueOnyx 5210R/5211R "open_basedir" can be set to "none" now

[Fungal Style]

Thanks, will check it out a little later and let you know.

Get Outlook for Android

From: Blueonyx  on behalf of Michael Stauber 

Sent: Sunday, April 30, 2023 11:36:11 AM
To: blueonyx@mail.blueonyx.it 
Subject: [BlueOnyx:26171] Re: BlueOnyx 5210R/5211R "open_basedir" can be set to 
"none" now

Hi Brian,

> Ran into an issue I believe after the update.
> WHMCS says it wants to run the following, which has been working for a long 
> time until within the last 24 hours (I think around 4-5 when I write this).
 >
> /usr/bin/php -q /home/.sites/site3/wwwroot/web/portal/crons/cron.php
>
> Via SSH root account, I get the following:
> [root@ ~]# /usr/bin/php -q 
> /home/.sites/site3/wwwroot/web/portal/crons/cron.php
> PHP Warning:  require_once(): open_basedir restriction in effect. 
> File(/home/.sites/site3/wwwroot/web/portal/crons/bootstrap.php) is not within 
> the allowed path(s): 
> (/tmp/:/usr/sausalito/configs/php/:/var/lib/php/session/) in 
> /home/.sites/site3/wwwroot/web/portal/crons/cron.php on line 0
> PHP Warning:  
> require_once(/home/.sites/site3/wwwroot/web/portal/crons/bootstrap.php): 
> failed to open stream: Operation not permitted in 
> /home/.sites/site3/wwwroot/web/portal/crons/cron.php on line 0
> PHP Fatal error:  require_once(): Failed opening required 
> '/home/.sites/site3/wwwroot/web/portal/crons/bootstrap.php' 
> (include_path='.:/usr/share/pear:/usr/share/php') in 
> /home/.sites/site3/wwwroot/web/portal/crons/cron.php on line 0


There is no way for a cronjob to know which Vsite it belongs to. And
therefore it runs with the default php.ini for whatever PHP version (OS
or shop) you are using. And that php.ini does have restrictive
open_basedir settings.

But there is a way around that. Modify your cronjob to set a
'open_basedir=none' on the commandline:

/usr/bin/php -d open_basedir='none' my-script.php

... or ...

/home/solarspeed/php-/bin/php -d open_basedir='none' my-script.php

So in your case it would be this:

/usr/bin/php -d open_basedir='none' -q
/home/.sites/site3/wwwroot/web/portal/crons/cron.php

That should do the trick.

Or if you want it to be restrictive, assemble a correct open_basedir for
your usage case like this:

/usr/bin/php -d
open_basedir='/tmp/:/usr/sausalito/configs/php/:/var/lib/php/session/:/home/.sites/site3/'
-q /home/.sites/site3/wwwroot/web/portal/crons/cron.php

That then limits this PHP cronjob to the above defined directories and
this one includes the root directory of the Vsite, which is missing if
you run with the 'open_basedir' settings of the php.ini alone.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:26170] Re: BlueOnyx 5210R/5211R "open_basedir" can be set to "none" now

[Fungal Style]

Hi Michael,

Ran into an issue I believe after the update.
WHMCS says it wants to run the following, which has been working for a long 
time until within the last 24 hours (I think around 4-5 when I write this).
/usr/bin/php -q /home/.sites/site3/wwwroot/web/portal/crons/cron.php

Via SSH root account, I get the following:
[root@ ~]# /usr/bin/php -q 
/home/.sites/site3/wwwroot/web/portal/crons/cron.php
PHP Warning:  require_once(): open_basedir restriction in effect. 
File(/home/.sites/site3/wwwroot/web/portal/crons/bootstrap.php) is not within 
the allowed path(s): (/tmp/:/usr/sausalito/configs/php/:/var/lib/php/session/) 
in /home/.sites/site3/wwwroot/web/portal/crons/cron.php on line 0
PHP Warning:  
require_once(/home/.sites/site3/wwwroot/web/portal/crons/bootstrap.php): failed 
to open stream: Operation not permitted in 
/home/.sites/site3/wwwroot/web/portal/crons/cron.php on line 0
PHP Fatal error:  require_once(): Failed opening required 
'/home/.sites/site3/wwwroot/web/portal/crons/bootstrap.php' 
(include_path='.:/usr/share/pear:/usr/share/php') in 
/home/.sites/site3/wwwroot/web/portal/crons/cron.php on line 0

I tried to toggle the security settings in server management, which did not 
initially show a tick, but that could be a cache/refresh issue, and went to the 
vsite and could then enable it, it is ticked but I still get the above message 
along with the 15 minute messages from WHMCS saying it has failed.

Any ideas?

Regards
Brian


On 27/4/2023, 8:04 am, "Blueonyx on behalf of Michael Stauber" 
mailto:blueonyx-boun...@mail.blueonyx.it> 
on behalf of mstau...@blueonyx.it > wrote:


Hi all,


Yesterday I wrote:
> Tomorrow I'll look into providing the option to selectively set 
> "open_basedir" to "none" for selected Vsites and will publish updates 
> that allow to do so.


This feature has just been published for BlueOnyx 5210R and BlueOnyx 5211R.


Under "Server Management" / "Security" / "PHP" you can tick the checkbox 
"Allow 'open_basedir none'".


If that is ticked, then on all Vsites where you want to have 
'open_basedir' disabled, you can now find a matching "Allow 
'open_basedir none'" in the PHP Settings of Vsites and can toggle it to on.


If "Allow 'open_basedir none'" is ticked on a Vsite, then 'open_basedir' 
is set to 'none' and you will gain some limited speed increase on 
complex PHP sites that use lots of includes - at the loss of some security.


We don't recommend to use the feature, as we value security over speed, 
but we leave the choice to you if you see it otherwise.


Please note: If "Allow 'open_basedir none'" is toggled off in
Under "Server Management" / "Security" / "PHP", then it will be turned 
off for all Vsites which had it on. So that's a quick way to pull the 
rug out from under this feature if needed.


-- 
With best regards


Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it 
http://mail.blueonyx.it/mailman/listinfo/blueonyx 





___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:26104] Re: Best way to have users securely fetch and send e-mail

[Fungal Style]

Hi Michael,

Yes, my lines of thinking, it is not perfect but it does get the job done and 
you confirmed my belief that it would treat the source of the original as a 
master copy and overwrite the new host emails, if I tried to take the short cut.

Regards
Brian

On 11/4/2023, 5:26 pm, "Blueonyx on behalf of Michael Stauber" 
mailto:blueonyx-boun...@mail.blueonyx.it> 
on behalf of mstau...@blueonyx.it > wrote:


Hi Brian,


> Looking at my steps, I suspect there is a way to migrate email only without 
> having to do each email box separately?


Yeah, ImapSync isn't ideal. It gets the job done, but has it's 
complications.


Ideally you'd just run Easy Migrate again with the --nomysql switch, 
which will make sure that the target server has the same user data 
(which includes emails) as the source server.


However, this assumes that the target server hasn't received any new 
emails in between, as these would simply vanish during that final Easy 
Migrate run.


So the proper procedure is:


- Stop SMTP on the source server
- Run Easy Migrate to get all data across.
- Change DNS


Or:


- Leave SMTP on source server running
- Run Easy Migrate to get all data across.
- Stop SMTP on the source server
- Change DNS
- 2nd Easy Migrate run with --nomysql
- Start SMTP on target server




-- 
With best regards


Michael Stauber


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it 
http://mail.blueonyx.it/mailman/listinfo/blueonyx 





___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:26102] Re: Best way to have users securely fetch and send e-mail

[Fungal Style]

Hi Michael,

OK, thanks for the update and clarification (I thought I must have missed 
something about an update as I know I hit it at least once).

Last migrate I did:
- the initial migrate, then test web sites. 
- then swiched DNS for web sites, 
- then making sure all were working... 
- then stop email on the original server then used IMAP Sync in the BO admin 
for each of the email boxes (I notice it does not like some characters in the 
passwords that BO allows, so a a little fiddling of password resets sometimes)
- then switched email dns across,  as most REAL mail servers will attempt to 
resend if the mail server is not working. Besides I usually do it late at night 
so not many emails will have to retry.

Looking at my steps, I suspect there is a way to migrate email only without 
having to do each email box separately?

I was concerned that if I snc'd across, then moved web and email dns entries to 
the newly setup server, syncing again would overwrite new emails that had come 
in since the original sync, as the original server would be seen as the more 
correct source, or is the sync smart enough to keep any new emails, I know this 
goes on a tangent a little, just more mind wandering... as I am just about to 
look at migrating to 5211, just taking stock of what sites I have where etc.

Regards
Brian

On 11/4/2023, 4:47 pm, "Blueonyx on behalf of Michael Stauber" 
mailto:blueonyx-boun...@mail.blueonyx.it> 
on behalf of mstau...@blueonyx.it > wrote:


Hi Brian,


> Sorry for dropping in, I thought that the SQL DB users and/or DBs should not 
> be on the destination, as I thought it stopped the SQL migration across if 
> the DB or username already existed.
> 
> Was there a change?


Sorry, my mistake. I think my mind skipped a step. Indeed: When you do 
additional syncs, you either need to delete the DBs on the target server 
first, or need to migrate with the switch --nomysql to keep the DBs as is.


-- 
With best regards


Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it 
http://mail.blueonyx.it/mailman/listinfo/blueonyx 





___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:26100] Re: Best way to have users securely fetch and send e-mail

[Fungal Style]

Hi Michael,

Sorry for dropping in, I thought that the SQL DB users and/or DBs should not be 
on the destination, as I thought it stopped the SQL migration across if the DB 
or username already existed.

Was there a change?

Regards
Brian

On 11/4/2023, 9:44 am, "Blueonyx on behalf of Michael Stauber" 
mailto:blueonyx-boun...@mail.blueonyx.it> 
on behalf of mstau...@blueonyx.it > wrote:


Hi Taco,


> As you might have seen from my previous e-mail I discovered some of your very 
> clear instructions myself, before reading your mail.


Very well. :o)


> Nice to see it has progressed so much lately.


Yeah, 5211R was a big step forward and the GUI is also much more agile 
than it used to be. I implemented caching for CODB related transactions 
and also a rudimentary form of indexing to speed things up.


> I will be indeed migrating from 5209R and wanted to see how I can make it as 
> flawless as possible.
> Initially I wanted to do the migration per site, but maybe a big-bang 
> scenario is best with some announced downtime.
> At least I can then retain the hostname as now all users use the server 
> hostname to receive and send e-mail.


With "Easy Migrate" you could move the Vsites one by one, but if 
everyone right now is using the hostname for email that would indeed be 
a problem, right.


My suggestion: Use "Easy Migrate" to migrate to 5211R, but don't update 
the DNS yet. Then take your time to verify that everything is OK. When 
you're happy with the state of things, run "Easy Migrate" again and it 
will copy any changes over that happened by doing CCEd "SET" or "UPDATE" 
transactions and it'll also RSYNC over any file changes that happened in 
the userspace - like Emails or webpage changes. It'll also 
export/reimport the SQL databases to reflect any changes that might have 
happened there.


That is another big benefit it has over CMU: You don't have to "burn the 
house down" for this, as it just fetches the changes and applies them.


-- 
With best regards


Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it 
http://mail.blueonyx.it/mailman/listinfo/blueonyx 





___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25955] Re: OpenDKIM support for BlueOnyx 5211R released

[Fungal Style]

Seems to have done the trick, thanks

Get Outlook for Android

From: Blueonyx  on behalf of Michael Stauber 

Sent: Wednesday, January 25, 2023 2:25:18 PM
To: blueonyx@mail.blueonyx.it 
Subject: [BlueOnyx:25953] Re: OpenDKIM support for BlueOnyx 5211R released

Hi Brian,

> Message: Undefined index: OpenDKIM_Mode
> Filename: controllers/Emailsettings.php
> Line Number: 695


A "/usr/sausalito/sbin/cced.init restart" will fix that.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25952] Re: OpenDKIM support for BlueOnyx 5211R released

[Fungal Style]

Sorry:

SERVER MANAGEMENT (not SYSTEM) tab

On 25/1/2023, 2:14 pm, "Blueonyx on behalf of Fungal Style" 
mailto:blueonyx-boun...@mail.blueonyx.it> 
on behalf of wa...@hotmail.com <mailto:wa...@hotmail.com>> wrote:


Hi Michael,


Skewing off slightly


I have a 5210R and a few days ago I did not have this issue, but it appears 
something has happened, and the timing may be the update so I thought I would 
mention it.


When checking the email settings from the SERVER MANAGEMENT tab, I get a lot of 
PHP warnings:
--


A PHP Error was encountered
Severity: Notice


Message: Undefined index: enableOpenDKIM


Filename: controllers/Emailsettings.php


Line Number: 686


A PHP Error was encountered
Severity: Notice


Message: Undefined index: OpenDKIM_Mode


Filename: controllers/Emailsettings.php


Line Number: 695


A PHP Error was encountered
Severity: Notice


Message: Undefined index:


Filename: controllers/Emailsettings.php


Line Number: 695


A PHP Error was encountered
Severity: Notice


Message: Undefined index: OpenDKIM_SendReports


Filename: controllers/Emailsettings.php


Line Number: 698


--


There is the OpenDKIM tab along with the usual tabs below this (ie screen 
renders fine below the warning messages)


I performed a YUM update as there were around 4 to be done, but still the same 
issue. The only reason I noticed was I was going to make a change to block an 
email address from emailing the server, but it fails with system errors "Sorry, 
an Internal Server error occurred" Then it lists 3 attributes which are unknown.


I checked one of the VSITES email settings and can see there is DKIM tab, but 
it is enabled by default and I cannot disable it (was thinking I could try 
disabling it on all the site (a mammoth task but was the only logical thing I 
could think of).


The reason for wanting to make the change that alerted me has passed for now 
but I would like to look at DKIM at some point also (and if there is a messed 
up setting, I would not want to migrate that at a later date either).


Any ideas on what could be happening?


Regards
Brian








On 7/1/2023, 2:50 pm, "Blueonyx on behalf of Michael Stauber" 
mailto:blueonyx-boun...@mail.blueonyx.it> 
<mailto:blueonyx-boun...@mail.blueonyx.it 
<mailto:blueonyx-boun...@mail.blueonyx.it>> on behalf of mstau...@blueonyx.it 
<mailto:mstau...@blueonyx.it> <mailto:mstau...@blueonyx.it 
<mailto:mstau...@blueonyx.it>>> wrote:




Hi all,




> https://www.blueonyx.it/opendkim <https://www.blueonyx.it/opendkim> 
> <https://www.blueonyx.it/opendkim> <https://www.blueonyx.it/opendkim>;>
> 
> BlueOnyx 5211R now has OpenDKIM support out of the box. \o/
Today I realized that the OpenDKIM integration into 5211R was a bit 
incomplete and the release perhaps somewhat premature. So I cranked out 
some more code and just published an improved version of it.




You see: DKIM is per domain.




What if you have multiple Vsites that share the same domain name?




Example:




Vsite: www.company.com
Vsite: mail.company.com
Vsite: support.company.com
Vsite: wiki.company.com




So in this example there are four Vsites that share the same domain name 
"company.com". When you now tick on DKIM support for one of them? The 
GUI will now create the keys, the DNS TXT record and will automatically 
add DKIM support to ALL Vsites that share the "company.com" domain name.




This will cover:




Domain name, all FQDNs and all Email Server Aliases of all Vsites under 
the same domain name.




If you add/remove an Email Server Alias? The DKIM configuration will be 
updated automatically. Same if you rename a Vsite and give it a 
different hostname. As long as it keeps the domain name? It'll be covered.




If you already have a Vsite with DKIM enabled present and add another 
Vsite that shares the same domain name? It'll get DKIM support as well.




If you delete a Vsite that has DKIM enabled, then the DKIM config 
entries related to the Vsite will be removed, but the DNS TXT Record as 
well as the DKIM key remain present (and working) until the last Vsite 
of that domain name is deleted as well.




Like said: This should now work better and is a more complete approach 
to things.




Meanwhile: I'm almost done backporting the DKIM support to 5210R as 
well, but this will potentially be a disruptive YUM update for 5210R 
users with the AV-SPAM, so I'll hold off publishing until the next week. 
I'll probably push it to the BlueOnyx-Testing YUM repository first and 
ask some volunteers to check it out.




An updated AV-SPAM for 5210R will be released as well when this goes 
public for 5210R.




-- 
With best regards




Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it <mailto:Blueonyx@mail.blueonyx.it> 
<mailt

[BlueOnyx:25951] Re: OpenDKIM support for BlueOnyx 5211R released

[Fungal Style]

Hi Michael,

Skewing off slightly

I have a 5210R and a few days ago I did not have this issue, but it appears 
something has happened, and the timing may be the update so I thought I would 
mention it.

When checking the email settings from the SYSTEM tab, I get a lot of PHP 
warnings:
--

A PHP Error was encountered
Severity: Notice

Message: Undefined index: enableOpenDKIM

Filename: controllers/Emailsettings.php

Line Number: 686

A PHP Error was encountered
Severity: Notice

Message: Undefined index: OpenDKIM_Mode

Filename: controllers/Emailsettings.php

Line Number: 695

A PHP Error was encountered
Severity: Notice

Message: Undefined index:

Filename: controllers/Emailsettings.php

Line Number: 695

A PHP Error was encountered
Severity: Notice

Message: Undefined index: OpenDKIM_SendReports

Filename: controllers/Emailsettings.php

Line Number: 698

--

There is the OpenDKIM tab along with the usual tabs below this (ie screen 
renders fine below the warning messages)

I performed a YUM update as there were around 4 to be done, but still the same 
issue. The only reason I noticed was I was going to make a change to block an 
email address from emailing the server, but it fails with system errors "Sorry, 
an Internal Server error occurred" Then it lists 3 attributes which are unknown.

I checked one of the VSITES email settings and can see there is DKIM tab, but 
it is enabled by default and I cannot disable it (was thinking I could try 
disabling it on all the site (a mammoth task but was the only logical thing I 
could think of).

The reason for wanting to make the change that alerted me has passed for now 
but I would like to look at DKIM at some point also (and if there is a messed 
up setting, I would not want to migrate that at a later date either).

Any ideas on what could be happening?

Regards
Brian




On 7/1/2023, 2:50 pm, "Blueonyx on behalf of Michael Stauber" 
mailto:blueonyx-boun...@mail.blueonyx.it> 
on behalf of mstau...@blueonyx.it > wrote:


Hi all,


> https://www.blueonyx.it/opendkim 
> 
> BlueOnyx 5211R now has OpenDKIM support out of the box. \o/
Today I realized that the OpenDKIM integration into 5211R was a bit 
incomplete and the release perhaps somewhat premature. So I cranked out 
some more code and just published an improved version of it.


You see: DKIM is per domain.


What if you have multiple Vsites that share the same domain name?


Example:


Vsite: www.company.com
Vsite: mail.company.com
Vsite: support.company.com
Vsite: wiki.company.com


So in this example there are four Vsites that share the same domain name 
"company.com". When you now tick on DKIM support for one of them? The 
GUI will now create the keys, the DNS TXT record and will automatically 
add DKIM support to ALL Vsites that share the "company.com" domain name.


This will cover:


Domain name, all FQDNs and all Email Server Aliases of all Vsites under 
the same domain name.


If you add/remove an Email Server Alias? The DKIM configuration will be 
updated automatically. Same if you rename a Vsite and give it a 
different hostname. As long as it keeps the domain name? It'll be covered.


If you already have a Vsite with DKIM enabled present and add another 
Vsite that shares the same domain name? It'll get DKIM support as well.


If you delete a Vsite that has DKIM enabled, then the DKIM config 
entries related to the Vsite will be removed, but the DNS TXT Record as 
well as the DKIM key remain present (and working) until the last Vsite 
of that domain name is deleted as well.


Like said: This should now work better and is a more complete approach 
to things.


Meanwhile: I'm almost done backporting the DKIM support to 5210R as 
well, but this will potentially be a disruptive YUM update for 5210R 
users with the AV-SPAM, so I'll hold off publishing until the next week. 
I'll probably push it to the BlueOnyx-Testing YUM repository first and 
ask some volunteers to check it out.


An updated AV-SPAM for 5210R will be released as well when this goes 
public for 5210R.


-- 
With best regards


Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it 
http://mail.blueonyx.it/mailman/listinfo/blueonyx 





___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25770] Re: BlueOnyx 5211R Released

[Fungal Style]

Just as a quick heads up, I tested with WHMCS and it seems to work, as it 
created the vsite, but have not tested further yet, but it appears to be 
working thus far (after I got the IP address right, yeh, I shuffled the WHMCS 
server and wondered why it was failing with not much to report in the logs).

Regards
Brian

On 28/11/2022, 4:45 pm, "Blueonyx on behalf of Michael Stauber" 
 wrote:

Hi,

> Maybe not all services were starting as I could not ping it nor resolve 
> an address from it but could ping up addresses from it...
> 
> But all seems to work as expected after the reboot and then setup via 
> browser and all seems ok this far, will test with a link to whmcs soon...

Many thanks for letting us know. Yeah, there is a strange gateway issue 
after first install. It doesn't always happen, but sometimes when you 
configure the gateway the changes get applied to the configs, but don't 
get applied. A reboot usually clears that.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25758] Re: BlueOnyx 5211R Released

[Fungal Style]

Hi all, I did a 5211 VM and had an issue connecting to setup via the web 
interface for the initial and password etc, but I had to restart after I did 
the initial cli with host name, up, gateway etc... Maybe not all services were 
starting as I could not ping it nor resolve an address from it but could ping 
up addresses from it...

But all seems to work as expected after the reboot and then setup via browser 
and all seems ok this far, will test with a link to whmcs soon...

Get Outlook for Android

From: Blueonyx  on behalf of Michael Stauber 

Sent: Saturday, November 26, 2022 3:31:15 AM
To: blueonyx@mail.blueonyx.it 
Subject: [BlueOnyx:25746] Re: BlueOnyx 5211R Released

Hi Colin,

> Followed the instructions and VM was created okay but no host name.
> Rebooted but still no host name. I put in a host name and save it and 
> rebooted for good measure.

Yeah, it may not show a hostname in the list for a VM. That's fine.

> I can ping it but no SSH access.
> No WebVNC access either from the GUI

Send me the login details (for the node) offlist and I'll take a look.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25750] Re: CSRF mismatch: The action you have requested is not allowed.

[Fungal Style]

Hi Keith,

Just a quick 2 cents worth, I setup a couple of (5208 or similar I think as I 
needed some older PHP version for a site to be moved) in the last few days and 
started to hit this issue with them, it was more about the time and date set on 
the BO server, after setting, restarting from the shell they seem to be stable 
now, maybe it was something in my environment, but something to look out for: 
timezone name
Date
Time

Regards
Brian

On 26/11/2022, 8:27 am, "Blueonyx on behalf of Michael Stauber" 
 wrote:

Hi Keith,

> Just did 2 fresh install of 5210R and I've faced with this again
> 
> CSRF mismatch: The action you have requested is not allowed.
> 
> On two different fresh installs
> 
> Just thought I would let you know Michael

This is how it's supposed to be: Upon a fresh install of BlueOnyx 5210R 
CSRF is disabled automatically until you finish the web based setup 
wizard. Then it gets turned on automatically. It protects both GET and 
POST requests.

Where did the error happen? During the web based initial setup or past it?

On the Login page? Or past it?

Anyway: If you want, you can turn off CSRF protection this way from SSH 
as root. This goes all into one line:

echo "Find System"|/usr/sausalito/bin/cceclient|grep ^104|awk '{ print 
"SET " $3 " csrf_protection = 0"}'|/usr/sausalito/bin/cceclient

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25527] Re: Strange DNS goings on

[Fungal Style]

I also do not play much with CNAMES (have dabbled a little) but looks like it 
is doing what is expected:
https://mxtoolbox.com/SuperTool.aspx?action=mx%3aautodiscover.flintevos.co.uk&run=toolpage

Note: should you be using the domain you have the cname for? As if you drop the 
Autodiscover, there would be no cname for just the FQDN, but only for the 
subdomain:
autodiscover.flintevos.co.uk

Eg:
https://dnschecker.org/cname-lookup.php?query=autodiscover.flintevos.co.uk&dns=google

I got cnames setup for a few who are using exchange365 and barracuda, they are 
configured and test results are the same as your domain. So you may be looking 
at the wrong issue here.

Regards
Brian

On 25/7/2022, 5:26 am, "Blueonyx on behalf of Office" 
 wrote:



>We have customer’s IT guys having difficulty with CNAMES on our servers.
>
>If they use something like dnschecker.org it doesn’t return any CNAME 
records. Returns all other records.
>
>e.g 
>autodiscover.flintevos.co.uk
>
>If I look up 
https://dnschecker.org/cname-lookup.php?query=flintevos.co.uk&dns=google I get 
no result.
>If however I use dig I get
>
>colin@Colins-MacBook-Pro ~ % dig @8.8.8.8 autodiscover.flintevos.co.uk
>
>; <<>> DiG 9.10.6 <<>> @8.8.8.8 autodiscover.flintevos.co.uk
>
>;; ANSWER SECTION:
>autodiscover.flintevos.co.uk. 3600 IN  CNAME   
autodiscover.cloudplatform1.com.
>autodiscover.cloudplatform1.com. 104 INA   51.140.78.157
>autodiscover.cloudplatform1.com. 104 INA   51.140.253.155
>
>Anybody any idea what's going on?
>

I don't think you're running the same query online, it pulls the same 
result as your dig for me when adding the autodiscover subdomain. Pulling CNAME 
for the TLD itself is entirely different.

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25203] Re: High Load Average

[Fungal Style]

I was thinking about the issue again, a couple of other things to check and if 
it is not something obvious it may at least get you started on the right track.

A couple of other “common” issues would be:

  *   An exploited plugin
  *   An exploited site
With the exploited sites and plugins it is usually to send spam, now checking 
your maillog may show large amounts of sending and/or bounces, also checking 
webalizer to see the traffic statistics and often if there is an exploitd site 
or plugin it will show up as having a large number of hits/visits from often 
the same IP address(es).

Well that is where I would start looking…

Summary:
from TOP command, you can probably workout the site that is causing grief, then 
check maillog and http logs (although webalizer will be easier to see as it 
will show in a report format after the cpu load goes back down, so more 
post-mortem), the http logs are good to tail (using the -f switch) as you can 
often see a pattern with the ip address of the path of the site being accessed 
if the cpu utilisation is high.

Regards
Brian

From: Fungal Style 
Date: Tuesday, 9 November 2021 at 4:52 pm
To: Blueonyx mailing list 
Subject: Re: [BlueOnyx:25196] High Load Average

Try disabling XMLRPC in wordpress sites, it is the script kiddie spammers 
trying to post to the comments via a proxy.

Check the PHP-CGI and php-fpm users, that will usually tell you the site they 
are hitting.

Also some unscrupulous SEO people will use that to try and bring up unique hits 
to make it look like they are doing a good job and the web owner needs to 
convert them or words to that effect… sad, I see it too many times.

Regards
Brian.

From: Blueonyx  on behalf of Richard Sidlin 

Reply to: Blueonyx mailing list 
Date: Tuesday, 9 November 2021 at 1:30 am
To: Blueonyx mailing list 
Subject: [BlueOnyx:25196] High Load Average

5210R

Just recently the load average is going crazy and of course the server slows 
right down. I have about 10 low to medium usage websites, no emails. Mainly 
Wordpress sites.

In Top, there is a lot of either php-fpm or php-cgi depending on the php 
settings that constantly use loads of CPU. This is happening across most sites, 
not just one causing an issue.

Can anyone point me in the right direction on how to trace where the problem is?

Thanks


Richard
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25200] Re: High Load Average

[Fungal Style]

Try disabling XMLRPC in wordpress sites, it is the script kiddie spammers 
trying to post to the comments via a proxy.

Check the PHP-CGI and php-fpm users, that will usually tell you the site they 
are hitting.

Also some unscrupulous SEO people will use that to try and bring up unique hits 
to make it look like they are doing a good job and the web owner needs to 
convert them or words to that effect… sad, I see it too many times.

Regards
Brian.

From: Blueonyx  on behalf of Richard Sidlin 

Reply to: Blueonyx mailing list 
Date: Tuesday, 9 November 2021 at 1:30 am
To: Blueonyx mailing list 
Subject: [BlueOnyx:25196] High Load Average

5210R

Just recently the load average is going crazy and of course the server slows 
right down. I have about 10 low to medium usage websites, no emails. Mainly 
Wordpress sites.

In Top, there is a lot of either php-fpm or php-cgi depending on the php 
settings that constantly use loads of CPU. This is happening across most sites, 
not just one causing an issue.

Can anyone point me in the right direction on how to trace where the problem is?

Thanks


Richard
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25126] Re: Blueonyx 5210r on ARM? I assume ARM support ended with 5109r?

[Fungal Style]

Hi Michael,

Ironically, it was the Oracle one I was trying to spin up as they have a 
freebie forever program, and I thought it would be a good place just to test 
things in a secure-ish environment for testing or staging of sites.

I was trying Oracle Linux 8.4 but it had issues with the repo for ARM, hence 
the question, as the freebie from Oracle has a lot more resources for the ARM 
processor VMs as to memory and bandwidth (and number of CPU cores).

So yeh I can spin up a VM anytime I really need to on an Intel based server, 
but just wanted to see if I could "easily" utilise the freebie (they have a 
very low end freebie forever intel based vm also), although I might just use it 
to config a VPN or something at some later date, just when I get round to it... 
as it is too much work right now with so many other things on my plate.

But I appreciate the suggestions and the tip. 

Anyway, as I said, not a real issue, just wanted to make sure I was not missing 
anything or if there was a problem I could get around easily.
Regards
Brian


On 29/9/21, 4:07 am, "Blueonyx on behalf of Michael Stauber" 
 wrote:

Hi Brian,

> I concur most likely not advisable due to lack of updates as it would be 
for a RH8 variant.

Yeah, I'd advise against something for which no updates are available.

There are ARM ports for EL8 and CentOS, Alma, Rocky and Oracle all have
their ports for it.

But if you just want something to play around with? Why not just spin up
a VM?

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25124] Re: Blueonyx 5210r on ARM? I assume ARM support ended with 5109r?

[Fungal Style]

Thanks Michael, I suspected as much, but thought I would ask just in case (and 
put it out there in case anyone else was wondering).

It was a passing though and I was thinking an "easy way" for a quick test 
environment, although it would be visible on the internet so I concur most 
likely not advisable due to lack of updates as it would be for a RH8 variant.

Regards
Brian

-Original Message-
From: Blueonyx  On Behalf Of Michael Stauber
Sent: Tuesday, 28 September 2021 4:36 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:25123] Re: Blueonyx 5210r on ARM? I assume ARM support ended 
with 5109r?

Hi Brian,

> Just a quick question as I was just playing with a cloud account that 
> has ARM for the processor, so I can get a version of Linux installed 
> (RedHat 8.x variant) but I tried the manual install and it appears 
> there are no repositories for the manual install (I see from the BO 
> site Oliver Paukstadt was doing the fork).

I'm not up to date on what the state of the 5109R ARM port of BlueOnyx 5209R 
is, so I just checked. I don't have any compatible hardware, so I never got 
involved into it.

Oliver Paukstadt still has the installation instructions up and you can find 
them here:

http://www.sourcentral.org/blueonyx/

Oliver's YUM repositories for 5109R seem to be pretty stale, though and there 
haven't been any updates in it since January 2018.

So ... this looks kinda dead'ish to me. Therefore: I wouldn't recommend using 
5109R for anything that's reachable from the outside world and you'll be 
missing out on a lot of stuff that made it into 5209R since the 5109R port was 
done.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25122] Blueonyx 5210r on ARM? I assume ARM support ended with 5109r?

[Fungal Style]

Hi all,

Just a quick question as I was just playing with a cloud account that has ARM 
for the processor, so I can get a version of Linux installed (RedHat 8.x 
variant) but I tried the manual install and it appears there are no 
repositories for the manual install (I see from the BO site Oliver Paukstadt 
was doing the fork).

It is not important to me so do not go to any trouble on this, it was more a 
passing thought and a test of a free environment and I just thought it would be 
an easy way to setup a quick test environment as zero cost to me 😊.

Regards,
Brian
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24956] Re: BlueOnyx VDMK and VDI images

[Fungal Style]

Hi Michael,

Is there any advantage over using say the VMDK over creating a new VM and using 
the ISO? I assume the difference is just in the deployment?

The reason I ask as I have had a couple of VMs in the past lose their boot 
partitions or somehow become corrupt so I now create a snapshot before ever 
restarting or shutting down a VM just in case.

Regards
Brian

On 29/5/21, 5:29 pm, "Blueonyx on behalf of Michael Stauber" 
 wrote:

Hi all,

For an unrelated project I'm currently messing with QEMU KVMs and
conversion of these KVMs into disk images for other virtualization
platforms.

I'm also using QEMU KVMs to quickly test freshly built BlueOnyx ISO
images to see if they work. That made the next step kinda natural:

From now on whenever a new BlueOnyx ISO is published I'll also publish
disk images in VMDK format (for VMware) and VDIs (for VirtualBox).

This gives users of these virtualization platforms (and others that
allow imports of these formats) two options: Either install BlueOnyx off
the ISO, or use one of the pre-installed disk images for their
virtualization platform.

A BlueOnyx 5210R (on AlmaLinux 8.4) VMDK and a VDI are now available and
can be downloaded via the links at the bottom of the usual download page:

https://www.blueonyx.it/downloads

Or directly at this URL at the primary mirror(s):

http://updates.blueonyx.it/pub/BlueOnyx/OVA/

BlueOnyx 5209R VDMKs and VDIs will be published when I next update the
5209R ISO image.

Ideally publishing OVAs (Open Virtual Appliance format) would be more
ideal, as they are more universally accepted and not only contain the
virtual disk, but also the basic configuration of the VM (such as which
virtual hardware should be simulated). However, there is no direct way
to convert from QEMU to OVA and I can't easily do this without bloating
up the publishing process in an unreasonable fashion.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24936] Re: WHMCS & API CSRF issue - fixed

[Fungal Style]

Hi Michael, sounds good, will see if I can test over the weekend.

Thank you again for your hard work and dedication.

Brian

On 29/4/21, 9:09 am, "Blueonyx on behalf of Michael Stauber" 
 wrote:

Hi Brian,

> From WHMCS, select to open the BO gui, upon entering the credentials,
> it fails with a CSRF message

This has just been fixed in a two-part fix:

Updated base-alpine-* and base-api-* RPMs have been released for
BlueOnyx 5209R, BlueOnyx 5210R and Aventurin{e} 6109R.

Additionally the WHMCS modules for BlueOnyx and Aventurin{e} have been
updated. The updated versions are available here:

https://devel.blueonyx.it/pub/BlueOnyx/TAR/

Logins from WHMCS (backend as well as customer portal) no longer go to
/login, but to /api/apilogin instead. That URL has been excluded from
the CSRF-protection if accessed from your WHMCS instance while the API
itself is enabled.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24926] Re: 5210r AlmaLinux and API CSRF issue

[Fungal Style]

Slight update, I tried in a private session, same results… however…

I tired logging in for the second attempt and I logged in to the main page of 
the BO interface, then I changed the tab back to the WHMCS tab and tried again, 
this time when the login went through it was successful showing the site 
management tab of the BO interface, but there was another tab open and logged 
in already…  I tried in a normal session and it did the same as before.

So to recap…

From WHMCS, select to open the BO gui, upon entering the credentials, it fails 
with a CSRF message
Click on the address bar, hit enter, log in, all ok, and loads up normal start 
page of the BO gui.

The same happens in a private browser session… however
I log in to the BO gui (in the private browser session),
flip back to the WHMCS gui’s tab (in the private browser session),
select to open the BO gui from WHMCS (note there is still the original BO login 
open on a tab in the private browser session)
log in to the newly opened tab opened from the WHMCS action and can log in, it 
takes me to the Site Management tab of BO gui.

It would seem like the CSRF issue is being caused somehow by the link being 
opened trying to access the Site Management tab on login. As it only fails the 
login if it is being opened from WHMCS. The only really weird bit is the 
private browser session, if there is a tab logged in already it will log in 
when a new tab is opened by WHMCS to log in, which I thought CSRF would be 
blocking…

Regards
Brian

From: Blueonyx  on behalf of Fungal Style 

Reply to: Blueonyx mailing list 
Date: Thursday, 22 April 2021 at 9:07 pm
To: Blueonyx mailing list 
Subject: [BlueOnyx:24925] 5210r AlmaLinux and API CSRF issue

Here is a weird one. I have checked the time and it is pointing to the ESXI as 
a time server (which is sync'd over the internet, but it means all machines are 
based on the ESXI to avoid drift), the time also matches my Windows desktop 
machine and my mobile phone time also (so it is pretty close to correct well as 
much as you can expect).

https://ior.ad/7xKa?iframeHash=trysteps-1
[https://www.iorad.com/api/tutorial/sharingScreenshot?tutorial_id=1798010&sharing_type=default&cache=161908824]<https://ior.ad/7xKa?iframeHash=trysteps-1>
Console - How to untitled task name<https://ior.ad/7xKa?iframeHash=trysteps-1>
Check out this tutorial on iorad.com
ior.ad


I try to open the BlueOnyx gui from WHMCS and it brings the login page as 
expected, but when entering the username and password it then provides a CSRF 
message, but when I click on the address bar, press enter to reload the page, I 
can log in manually. I turn off CSRF and there are no issues with the initial 
attempt (which would be as expected) unlike in the screen grab where it fails 
with CSRF enabled and I have to reload the page manually and log in is then 
successful.

Any specific logs I can provide to help with this?

Regards
Brian
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24925] 5210r AlmaLinux and API CSRF issue

[Fungal Style]

Here is a weird one. I have checked the time and it is pointing to the ESXI as 
a time server (which is sync'd over the internet, but it means all machines are 
based on the ESXI to avoid drift), the time also matches my Windows desktop 
machine and my mobile phone time also (so it is pretty close to correct well as 
much as you can expect).

https://ior.ad/7xKa?iframeHash=trysteps-1
[https://www.iorad.com/api/tutorial/sharingScreenshot?tutorial_id=1798010&sharing_type=default&cache=161908824]
Console - How to untitled task name
Check out this tutorial on iorad.com
ior.ad


I try to open the BlueOnyx gui from WHMCS and it brings the login page as 
expected, but when entering the username and password it then provides a CSRF 
message, but when I click on the address bar, press enter to reload the page, I 
can log in manually. I turn off CSRF and there are no issues with the initial 
attempt (which would be as expected) unlike in the screen grab where it fails 
with CSRF enabled and I have to reload the page manually and log in is then 
successful.

Any specific logs I can provide to help with this?

Regards
Brian
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24914] ALMA BlueOnyx 5210r CSRF issue weirdness.

[Fungal Style]

Hi all, just sharing with you my current experience…

I setup a couple of new VMs, ALMA ran through real nice, the enabling the API 
also worked with standard settings…

Then I set up a third VM (I archived one as it was just as a backup whilst I 
was shuffling vsites from a server vm having issues and I have now archived it 
also)… then I got major issues.

I found if I:

  *   Installed Alma
  *   Setup ip copnfig in cli
  *   Ran yum update
  *   Setup via BO IP address to set passwords etc.
The CSRF would fail for me (often on the web setting up stage on the last 
page). If I got through to the normal BO console and tried to enable the API, 
it would fail with a message about CSRF, yet if I was to disable it in the 
console settings section, it would still give the same message, the messages 
log would also say it failed due to invalid key (or similar, I did not take too 
much notice as it was frustrating me as around 24 hours earlier I did not have 
an issue with a 2 new vms).

So I thought about it and checked my notes of the steps I did originally… I 
noticed I setup the web interface prior to the yum update…. Got me to thinking… 
then I tried by nuking and paving the new VM.

  *   Installed Alma
  *   Setup ip copnfig in cli
  *   Setup via BO IP address to set passwords etc.
  *   Tried to enable API, it failed with the red banner again complaining 
about CSRF token
  *   Had yet to run the yum update
So then I ran the yum update and then tried to enable the API, and it enabled 
it without an error.

To me it looks like something is amiss with the CSRF settings if you do the yum 
update prior to the web setup step it seems to stop the API being enabled (and 
maybe other issues). This may have been the issue I was having previously that 
Michael suggested a way to completely disable the CSRF, but I did not need to 
go to that extreme although it looks like something gets messed up if the steps 
are done in the wrong order. I did get in the habit of running the yum update 
after setting the IP address etc in the cli but noticed it does not prompt for 
that now with ALMA (currently).

Just popping it on the mailing list in case anyone else is banging their head 
against the wall like I was as I was following what I though was exactly the 
same steps with the same ISO so could not figure out what I was doing different 
till I read my notes that I did the yum update in a different order to the rest 
of the items.

When I get a moment I will see if I can replicate the issue once again, just 
got a few things to do as I do want to test the WHMCS linking again, now I got 
the API enabled on a couple of servers.

Regards
Brian


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24896] Re: BlueOnyx API and WHMCS module updated

[Fungal Style]

Thanks... I was about to see how I could tackle the beast when I got a moment 
as I have been shuffling servers.

Regards
Brian

On 9/4/21, 8:50 am, "Blueonyx on behalf of Michael Stauber" 
 wrote:

Hi all,

I just published updated base-alpine-* and base-api-* RPMs to the
BlueOnyx 5209R and BlueOnyx 5210R YUM repositories.

These extend the existing API on 5209R and (finally!) adds a fully
working API to BlueOnyx 5210R as well.

These updates also introduce changes to the "Cross Site Request Forgery"
(CSRF) protection in BlueOnyx. IPs added to the field "API Host(s)"
under "Server Management" / "Maintenance" / "API" are now excluded from
the CSRF protection that usually protects the GUI against unsolicited
POST and GET requests.

The API documentation at https://www.blueonyx.it/api/ has been updated
as well and new screenshots and usage clips have been added to it.

Additionally a new WHMCS integration for BlueOnyx has been released at
this URL:

https://devel.blueonyx.it/pub/BlueOnyx/TAR/

It's the whmcs-blueonyx-5200R-server-module-v2.4-1.tar.gz tarball.

The tarball contains two WHMCS modules. One named "BlueOnyx 5209R" and
one named "BlueOnyx 5210R".

In WHMCS you can use these to automatically provision "Shared Hosting"
accounts against 5209R or 5210R servers.

The updated modules now also allow you to specify which PHP method
created Vsites should use and which PHP version should be activated
(provided suPHP or FPM is used in the product).

Additionally on products deployed via the 5210R WHMCS module you can
choose which type of shell should be activated for the Vsite and the
auto-created siteAdmin user:

- None
- Chrooted (SFTP SCP RSYNC)
- Chrooted (Shell SFTP SCP RSYNC)
- Full Shell Access

In the 5209R WHMCS module the only available Shell options are (of
course) still only "Yes" or "No", where "Yes" would mean a full shell if
deployed against a 5209R.

You *can* use the 5209R module to deploy products on a 5210R, but
instead of a full shell a user would (at best) receive "Chrooted (SFTP
SCP RSYNC)".

The 5210R module *can* be used to safely deploy against 5209R servers,
provided the checkbox for Shell isn't ticked in the product(s).

As always: If you have any questions, then let me know here or offlist.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24826] Re: 5209 Cannot enable Api // BlueOnyx_CSRF_token is unknown

[Fungal Style]

Hi Michael,

Thanks, I was beginning to wonder also as I setup a 5210r and also tried a 
5209r as I was getting the same thing but was yet to post as I had a few other 
pressing items on my plate, was thinking of trying the suggestion you made but 
did not get round to it yet, at least I know it is not just me and thanks for 
the update and prompt reply also.

Regards
Brian

On 17/3/21, 8:10 am, "Blueonyx on behalf of rordo...@xnet.com.mx" 
 wrote:

Thank you for the prompt answer,
Did try that too, 

***With CSRF Disabled We get the following error;

Sorry, an internal server error occurred. The attribute ci_csrf_token is
unknown. Please visit http://BlueOnyx.it/ for technical info.

What we tried:
Restart cced and admserv :
systemctl restart cced.init
systemctl restart admserv

Maybe missed something, this happens the same on all our virtual 5209
Nginx is enabled ,

regards

Rodrigo O
Xnet

-Mensaje original-
De: Blueonyx  En nombre de Michael
Stauber
Enviado el: martes, 16 de marzo de 2021 12:25 p. m.
Para: blueonyx@mail.blueonyx.it
Asunto: [BlueOnyx:24824] Re: 5209 Cannot enable Api // BlueOnyx_CSRF_token
is unknown

Hi Rodrigo,

> To report that on all of our 5209 fully yummed servers we cannot enble 
> de
> API:
> 
> The error received on all of them is the following:
> "Sorry, an internal server error occurred. The attribute 
> BlueOnyx_CSRF_token is unknown. Please visit http://BlueOnyx.it/ for
technical info."

Sorry, a this time CSRF and API usage are mutually exclusive. So if you want
to use the API, you have to turn off CSRF in "Server Management" /
"Maintenance" / "Server Desktop".

As is the CSRF functionality we use is the one that ships with CodeIgniter
and it doesn't have provisions to exclude certain IPs from CSRF.

Eventually I will need to extend, augment or replace that function with one
that takes the "API Host(s)" settings into account.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24602] Re: End of life of Centos 8?

[Fungal Style]

FWIW, I suspect there will be a lot of movement over the coming months with 
relation to this, as an example ROCKY LINUX which someone you may have heard 
of... Gregory Kurtzer has announced he would create (he was one of the 
co-founders of CentOS).

So I would not get too bogged down on this topic for now, let the dust settle 
and we will probably see a better picture.

Regards
Brian

On 13/12/20, 3:21 pm, "Blueonyx on behalf of Ken Hohhof" 
 wrote:

Michael, what do you know about Oracle Linux?  I had never heard of it, but
this blog post sounds very convincing:
https://blogs.oracle.com/linux/need-a-stable%2c-rhel-compatible-alternative-
to-centos-three-reasons-to-consider-oracle-linux

I assume this is in no way an outgrowth of Solaris.  I'll admit I have a
possibly prejudiced negative opinion of Larry Ellison and thought of Oracle
as buying companies to kill them.  Those opinions may be totally uninformed.
But it seems strange that Debian, Ubuntu and Fedora come to mind but I've
never even heard of Oracle Linux before.

It also seems like IBM buying RedHat is reminiscent of what happened when
Oracle bought Sun.  Again, maybe an uninformed opinion.


-Original Message-
From: Blueonyx  On Behalf Of Michael
Stauber
Sent: Tuesday, December 8, 2020 7:09 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:24571] Re: End of life of Centos 8?

Hi Ernie,

> I wonder how Michael went with that experimental Debian port :)

It's still just that: A little side-show experiment.

Porting the build-environment from spitting out RPMs to building DEBs is a
colossal undertaking and I didn't get very far with it yet. :-/

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24400] 5210 SSL issue, Let's Encrypt seems to not renew on some sites after migration.

[Fungal Style]

Hi all,

Just want to try culling it back and removing the SSL certificate as a lot has 
happened with and since the migration to 5210 from a failing 5209 server (the 
old VM had MANY issues).

I would like to know how I can remove the SSL certificates, both the self 
signed and Let’s Encrypt certificates, not just disable, as I figure if there 
is nothing there to start with it should be able to just obtain a fresh SSL 
cert from Let’s Encrypt.

Note, this is not an issue for all domains, only a handful on the server and 
suspect it may have been an issue during migration or possibly an issue prior 
to migration.

Regards
Brian
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24322] Re: BO 5209 - not booting, looks like a problem with GRUB

[Fungal Style]

Hi Michael (and all),

Maybe my question/problem could be phrased more like:

As far as I know there is no EFI boot set as the vm was configured for BIOS and 
not EFI.

If I have a BlueOnyx install and it fails to boot what would be the steps I 
should take?

Based on the info that It shows the boot loader screen to select, but then just 
shows a message:
can’t find command ‘[‘
(then several other similar lines no matter which boot option I choose)

From reading around it looks like it is a GRUB issue and 5209 uses GRUB2 (I 
believe, correct me if wrong).

So if GRUB. Got destroyed, corrupted, what would you suggest? As I have booted 
into the troubleshooting option from a 5209 ISO I booted from, so I believe I 
can readily mount the partitions to view the data on there, it just will not 
boot normally.

I also know that this happened sometime after August 6th,(in case there was a 
yum update or something that went screwy) and I was fortunate enough to create 
a snapshot prior to going to restart the server.

One thought I also had, is there anything in the TMP partition that is required 
for booting? As just prior I had done some clean up hence the snapshot (albeit 
after the deleting), it killed a couple of services and I managed to bring them 
back, but though it was worth a mention in case it may be related.

Thoughts, suggestions, pearls of wisdom gratefully accepted and appreciated... 

Regards
Brian




On 19/9/20, 7:22 am, "Blueonyx on behalf of Fungal Style" 
 wrote:

Hi Michael,

A lot of these questions I do not know the answer for as the (original) VM 
was created quite some time ago and I am working with a copy so that I can do 
pretty much anything I need to without affecting the live VM.

The problem may have been the steps I took (hen e I listed what I did to 
get to that point), essentially I just need to make the VM bootable again so I 
can replicate the steps on the live VM.

I Checked the VM settings, it is set to BIOS and not EFI, hence I mention 
it may have been the steps I have followed which appeared to work to a degree, 
then boom, landed me here... back to the same problem with a differing root 
cause (ie non booting VM but potentially for a differing reason).

So getting back to your comments:
-
|On none of my 5209R's I have that RPM installed. I wonder why you have
|   it and why your Grub-image suddenly depends on it. Granted, I guess at
|   this time I don't have a single 5209R that uses EFI-boot to begin with.
|   The 5209R ISO is non-EFI as well.
-
As I mentioned, it may have been my steps taken to remedy the issue that 
caused the dependency.

-
|  So let's start fishing closer to that direction: Does that VM have EFI
|  enabled? Was the CentOS 7 installed with EFI-support and 5209R then got
|  installed via YUM?
-
No, EFI is not enabled, it is set to BIOS

-
|  Is EFI still on for that VM now?
-
No, as far I know it was never altered.

So it is VERY possible I followed steps which cause GRUB to want to use it, 
so maybe going back to the original issue or a BIOS boot optioned VM (non-EFI) 
not wanting to start, as trying to fix a problem of my own creating after the 
initial may well be self defeating.

So getting back to the original problem I was trying to fix is:
can’t find command ‘[‘
(then several other similar lines no matter which boot option I choose) 

Regards
Brian


On 19/9/20, 4:18 am, "Michael Stauber"  wrote:

Hi Brian,

> grub-install: error: /usr/lib/grub/i386-pc/modinfo.sh doesn't exist.
> Please specify --target or --directory.

Hmm. I haven't seen that one yet. Let's see where that is from:

#> yum whatprovides "*/i386-pc/modinfo.sh"
[...]
1:grub2-i386-modules-2.02-0.81.el7.centos.noarch : Modules used to build
custom grub images
Quelle  : base
Übereinstimmung von:
Dateiname : /usr/lib/grub/i386-pc/modinfo.sh

#> LC_ALL=C yum info 1:grub2-i386-modules-2.02-0.81.el7.centos.noarch
Loaded plugins: blueonyx, fastestmirror
Loading mirror speeds from cached hostfile
 * BlueOnyx-5209R: updates.blueonyx.it
 * Solarspeed.net-AVSPAM-v6: mirror.smd.net
 * base: yum.tamu.edu
 * extras: repos.hou.layerhost.com
 * updates: mirrors.tummy.com
Available Packages
Name: grub2-i386-modules
Arch: noarch
Epoch   : 1
Version : 2.02
Release : 0.81.el7.centos
Size: 847 k
Repo: base/7/x86_64
Summary : Modules used to build custom grub images
URL : http://www.gnu.org/software/grub/
License : GPLv3+
Desc

[BlueOnyx:24316] Re: BO 5209 - not booting, looks like a problem with GRUB

[Fungal Style]

Hi Michael,

A lot of these questions I do not know the answer for as the (original) VM was 
created quite some time ago and I am working with a copy so that I can do 
pretty much anything I need to without affecting the live VM.

The problem may have been the steps I took (hen e I listed what I did to get to 
that point), essentially I just need to make the VM bootable again so I can 
replicate the steps on the live VM.

I Checked the VM settings, it is set to BIOS and not EFI, hence I mention it 
may have been the steps I have followed which appeared to work to a degree, 
then boom, landed me here... back to the same problem with a differing root 
cause (ie non booting VM but potentially for a differing reason).

So getting back to your comments:
-
|On none of my 5209R's I have that RPM installed. I wonder why you have
|   it and why your Grub-image suddenly depends on it. Granted, I guess at
|   this time I don't have a single 5209R that uses EFI-boot to begin with.
|   The 5209R ISO is non-EFI as well.
-
As I mentioned, it may have been my steps taken to remedy the issue that caused 
the dependency.

-
|  So let's start fishing closer to that direction: Does that VM have EFI
|  enabled? Was the CentOS 7 installed with EFI-support and 5209R then got
|  installed via YUM?
-
No, EFI is not enabled, it is set to BIOS

-
|  Is EFI still on for that VM now?
-
No, as far I know it was never altered.

So it is VERY possible I followed steps which cause GRUB to want to use it, so 
maybe going back to the original issue or a BIOS boot optioned VM (non-EFI) not 
wanting to start, as trying to fix a problem of my own creating after the 
initial may well be self defeating.

So getting back to the original problem I was trying to fix is:
can’t find command ‘[‘
(then several other similar lines no matter which boot option I choose) 

Regards
Brian


On 19/9/20, 4:18 am, "Michael Stauber"  wrote:

Hi Brian,

> grub-install: error: /usr/lib/grub/i386-pc/modinfo.sh doesn't exist.
> Please specify --target or --directory.

Hmm. I haven't seen that one yet. Let's see where that is from:

#> yum whatprovides "*/i386-pc/modinfo.sh"
[...]
1:grub2-i386-modules-2.02-0.81.el7.centos.noarch : Modules used to build
custom grub images
Quelle  : base
Übereinstimmung von:
Dateiname : /usr/lib/grub/i386-pc/modinfo.sh

#> LC_ALL=C yum info 1:grub2-i386-modules-2.02-0.81.el7.centos.noarch
Loaded plugins: blueonyx, fastestmirror
Loading mirror speeds from cached hostfile
 * BlueOnyx-5209R: updates.blueonyx.it
 * Solarspeed.net-AVSPAM-v6: mirror.smd.net
 * base: yum.tamu.edu
 * extras: repos.hou.layerhost.com
 * updates: mirrors.tummy.com
Available Packages
Name: grub2-i386-modules
Arch: noarch
Epoch   : 1
Version : 2.02
Release : 0.81.el7.centos
Size: 847 k
Repo: base/7/x86_64
Summary : Modules used to build custom grub images
URL : http://www.gnu.org/software/grub/
License : GPLv3+
Description :
: The GRand Unified Bootloader (GRUB) is a highly
configurable and
: customizable bootloader with modular architecture.  It
supports a rich
: variety of kernel formats, file systems, computer
architectures and
: hardware devices.
:
: This subpackage provides support for rebuilding your own
grub.efi.


#> LC_ALL=C rpm -q grub2-i386-modules
package grub2-i386-modules is not installed

On none of my 5209R's I have that RPM installed. I wonder why you have
it and why your Grub-image suddenly depends on it. Granted, I guess at
this time I don't have a single 5209R that uses EFI-boot to begin with.
The 5209R ISO is non-EFI as well.

So let's start fishing closer to that direction: Does that VM have EFI
enabled? Was the CentOS 7 installed with EFI-support and 5209R then got
installed via YUM?

Is EFI still on for that VM now?

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24313] BO 5209 - not booting, looks like a problem with GRUB

[Fungal Style]

Hi all,

I have a problem where I have a VM with 5209 and it will not reboot, it shows 
the linux  boot menu, the shows that it can’t find command ‘[‘ as well as a few 
other similar lines (different characters/letters I suspect different mount 
points for the different kernels or similar), which appears to be a grub issue 
from what I have been reading when it cannot find the mount or mounts in my 
case as none of them will boot.

So here is what I have done…

Loaded up an ISO of 5209, booted with it, and selected to do trouble shooting.

It did produce an error about SUuser or something (I did not take too much 
notice of it at the time as I am working with a copy of the live VM).

So once at a bash prompt I did the following after if mounted the image with 
all the current folders appearing as I would expect:

I then use the following command…

/sbin/grub2-mkconfig -o /boot/grub2/grub.cfg

Which comes back with:
grub-install: error: /usr/lib/grub/i386-pc/modinfo.sh doesn't exist. Please 
specify --target or --directory.

So I am suspecting it needs to be something like 
/mnt/sysimage/boot/grub2/i386-pc/ ? As that is one of the locations I found the 
missing file to located at.

But when I do that, it finds a CentOS install and then I exit/reboot, I get…

Error: file ‘/grub2/i386-pc/priority_queue.mod’ not found.
Entering rescue mode…
grub rescue> _

From this point I cannot seem to make any further progress.

Is there a recommended way to “fix” a broken grub bootloader for BlueOnyx?
What/where can I check to make sure the correct files are in the location 
expected?


I have not seen anything specific and mainly reviewing CentOS references to 
this and suspect I am missing something relatively simple.

Regards
Brian
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24065] Re: online?

[Fungal Style]

The last message I saw was last Thursday (AEST) and your message is incremented 
by 2 (I may have deleted a message).

As I see your message I can only assume no issues have been reported over the 
4th July weekend?
Brian 

On 6/7/20, 4:56 pm, "Blueonyx on behalf of Meaulnes Legler @ MailList" 
 wrote:

hello

is the mailing list online? the last message I got was dated July 1st, the 
memberships reminder six days ago...

Thank you and best regards

で⊃ Meaulnes Legler
Zurich, Switzerland
+41¦0 44 260-1660



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23930] Re: SPF records for receiving email.

[Fungal Style]

Hi Michael,

Thanks for the info and clarification, I have just begun to heavily delve into 
SPF, DKIM, DMARC, etc as there were a few issues with "score" and not black 
lists sending to Hotmail and BigPond (an ISP here), and I could not find anmy 
reference where incoming mail checked it... 

But great reply and looking forward to it being available.

Brian

On 3/6/20, 2:17 pm, "Blueonyx on behalf of Michael Stauber" 
 wrote:

Hi Brian,

> A simple question I think, but as we can set SPF records for outgoing
> email, how does BlueOnyx handle incoming email, does it check SPF records?

No, at this time there is nothing in a stock BlueOnyx that checks SPF
records.

However, I'm currently working on transitioning 5210R to Postfix, which
will make this a lot easier to add.

Before someone asks about details for that:

I currently have a 5210R that works 99% with Sendmail or Postfix and you
can switch back and forth between either using Sendmail or Postfix via
the GUI.

The holdup in releasing it is adapting the AV-SPAM to Postfix, which is
currently underway.

From a technical point of view the dual MTA setup works like this:

As is the GUI writes the Sendmail config files. There were almost no
changes to that aspect.

If the default MTA is switched from Sendmail to Postfix, then on every
Postfix start or restart the Systemd Unit-File of Postfix will launch a
script that parses the Sendmail configs and converts them into a format
that Postfix understands. This is already 99% working with the only
feature loss being support for secondary mailservers.

The Postfix configuration can be edited by server admins at leisure as
the GUI integration of Postfix uses the "postconf" command to edit the
main.cf to set some basic aspects such as max message size, RBLs and such.

Any option not used by the GUI can be edited by server admins either via
"postconf" or by editing main.cf, which will make third party
modifications of the Postfix config a lot easier than it is for anything
Sendmail related.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23928] SPF records for receiving email.

[Fungal Style]

Hi all,

A simple question I think, but as we can set SPF records for outgoing email, 
how does BlueOnyx handle incoming email, does it check SPF records?

Regards
Brian
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23762] WHMCS and 5210, anyone using it yet?

[Fungal Style]

Hi all,

Just a couple of quick questions on WHMCS with BO 5210…

Has anyone tried on 5210 yet for provisioning?
Do the 5209 API files work for it also?

Regards
Brian
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23566] Is there an updated OVA file?

[Fungal Style]

Hi all,

I am just about to create a new server and I can only find an OVA file from 
July 2016, is there an updated image got 5209?

As a side question, are there plans for a 5210 OVA image also?

Regards
Brian
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23541] Re: GUI Login issue for user admin (5209R)

[Fungal Style]

@ would be a problem afaik and is not allowed in the password settings of the 
gui

Regards
Brian

On 20/12/19, 9:07 pm, "Blueonyx on behalf of Rickard Osser" 
 wrote:

Hi Michael,

The only blocked characters I can think of that I know is regularly
used in passwords are 'and' (&) and 'at' (@).

If I have to choose one I'd choose @...

IMHO,

Rickard 😀️

On Thu, 2019-12-19 at 13:28 -0500, Michael Stauber wrote:
> Hi Tobias,
> 
> > But I am quite sure you know what comes next: This seems to be a
> > known 
> > problem. So why is it still there? I am afraid we can expect this
> > to
> > happen again and again in the future. And I don't expect sympathy
> > for
> > this behaviour from my customers..
> > 
> > It's a bug, isn't it?
> 
> It's a longer story and essentially it's a fix for several bugs and
> potential exploits.
> 
> What we do have now is consistent behavior, though: You try to create
> a
> user via the GUI with a password that has illegal or unsupported
> characters? Or you or a siteAdmin or user tries to change his
> password
> via the GUI to one that contains illegal characters?
> 
> The GUI won't let you do that and will tell you that your password
> contains illegal characters.
> 
> So in essence and as far as *that* goes: There is neither a bug nor a
> problem.
> 
> The issue arises if users get their password changed by other means
> than
> the GUI, because there we cannot check for unsupported characters or
> those that are really unwise to be used in first place.
> 
> I agree that some of the error handling could perhaps be improved,
> but
> there is also a good security reason why NOT to do that. I don't want
> the login form snitch out on us to a potential attacker what the
> exact
> subset of allowed characters might be.
> 
> The code change that introduced the current password behavior is from
> four years ago and it's this one:
> 
> https://devel.blueonyx.it/trac/changeset/2504
> 
> That updated the regular expression that's being used on password
> validity checks when the password is entered via the GUI.
> 
> The other issue is the overhaul of the Login page. That was done in
> March 2018 to cope with a potential XSS vulnerability:
> 
> https://devel.blueonyx.it/trac/changeset/3035
> 
> 
> Let's get technical:
> ==
> 
> In essence both issues go hand in hand: Whenever we allow a user to
> enter data himself (instead of ticking a checkbox or selecting from a
> pull-down-menu or moving a slider, etc.) we're in danger. We need to
> make *really* sure that the entered data is sane, safe and that there
> will be no unforeseen consequences when our code processes that data.
> 
> Think of a MySQL quere where a malicious user could trick your MySQL
> routine into doing a "DROP ALL;", because you used the info the user
> entered as part of your SQL query. And the user entered something
> that
> closed your SQL statement and expanded it at the end with a "DROP
> ALL;"
> and a proper terminator that he supplied via your input form.
> 
> In BlueOnyx that won't happen for several reasons and the above
> measures
> are bricks in that wall of defense.
> 
> We parse all input and check it. Any input form field and any CODB
> database field has a "type" and that "type" specifies what regular
> expression is used to check the data for sanity. If entered data
> doesn't
> match that regular expression, then the GUI won't allow you to save.
> Even *if* you somehow get past that: CODB won't let the GUI (or the
> CLI)
> store data that doesn't match the regular expression that was
> specified
> in the "type" field in the database backend.
> 
> Take usernames. We only accept usernames that are of type
> "alphanum_plus", which is specified this way:
> 
> 
>name="alphanum_plus"
>   type="re"
>   data="^[A-Za-z0-9\\._-]+$"
> />
> 
> The reason not to allow - say - umlauts in usernames? Or Kanji
> characters? Or Chinese letters or Cyrillic? Because the OS won't
> allow
> it. There is nothing wrong with that and no reason to dispute that,
> right?
> 
> So what's wrong with *NOT* allowing *any* character under the sun for
> passwords? In essence it's the same story: The UTF-8 character set
> covers such a wide range of characters from different alphabets that
> it
> cannot be guaranteed that all stages of processing will transposition
> these characters unchanged.
> 
> For example:
> 
> https://www.rapidtables.com/code/text/ascii-table.html
> 
> The first 32 characters in ASCII code table are "con

[BlueOnyx:23258] Re: MX records to point to another server.

[Fungal Style]

Thanks for that, but I did try the suggestion, however it seems to not make any 
difference, will try again later

I was selecting to disable here:
Site Management>(vsite)>Services>Email 

So not sure where I am going wrong...

Regards
Brian

On 24/9/19, 1:49 pm, "Blueonyx on behalf of Ernie" 
 wrote:

Disable accept mail for that domain in the BX server 

- Ernie.

> 
> Hi all,
> 
> Just a quick question, it is likely staring at me in the face, but I just 
can’t see it.
> 
> Need to direct email away from the blueonyx server to a different server 
(they use barracuda and office 365), I have added MX records for the domain 
that point to the barracuda server names, but mail that is sent via the BO 
server still give the message the user does not exist and I can see it listed 
in the log files as trying to deliver locally….
> 
> What am I missing?
> 
> Regards
> Brian
> 
> ___
> Blueonyx mailing list
> Blueonyx@mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23257] Enable extended DNS logging - causes DNS to show as not running

[Fungal Style]

Hi all,

Got another issues, which had me worried for a little bit as I was trying to 
see if I could get more details on why the mail was still trying to be 
delivered to the BO server instead of going elsewhere…

I enabled Enable extended DNS logging and lo and behold I suddenly got a DNS 
issue, I tried it on two BO servers wit the same response, disable Enable 
extended DNS logging
and it returns to normal.

Anyone else seeing this?

BlueOnyx 5209R


Regards
Brian



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23254] MX records to point to another server.

[Fungal Style]

Hi all,

Just a quick question, it is likely staring at me in the face, but I just can’t 
see it.

Need to direct email away from the blueonyx server to a different server (they 
use barracuda and office 365), I have added MX records for the domain that 
point to the barracuda server names, but mail that is sent via the BO server 
still give the message the user does not exist and I can see it listed in the 
log files as trying to deliver locally….

What am I missing?

Regards
Brian
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23160] Re: Redirection and forwarding, needing to redirect to a different server to a different port, can this be done easily?

[Fungal Style]

Michael,

Thanks for the reply...

Ironically I was thinking along those lines, but in reverse, as in maybe get 
the external host to change the suffix, but will test and advise as it does 
look like it may work (in theory) from my understanding at least

Brian

On 24/8/19, 3:40 am, "Blueonyx on behalf of Michael Stauber" 
 wrote:

Hi Brian,

> So here is what I am thinking, having a BO server handle the DNS
> requests, change the port to port 443 and then forward the traffic to
> the IP address of their on prem server, but I cannot think of a good way
> to do this as I am thinking iptables but surely there must be a better,
> (read as “easier way”) to do this that I am just not seeing, as even
> with iptables I am not sure I would be able to (could be a skills
> shortage on my side if it is possible).

If you have a 5209R, then you can try this:

Say this site is called "www.company.com". They currently host it
internally. Create new DNS A Records and let "internal.company.com" be
the new host name that resolves to the IP of their internal server.

Then create www.company.com on a BlueOnyx 5209R as a regular Vsite via
the GUI. Enable SSL for the Vsite. Either with a real certificate or one
from Let's Encrypt.

Then go to the GUI of that Vsite and under "Services" / "Web" find the
option "Redirect/Proxy Website". Enable it. Set the "Redirect Type" to
"proxy" and enter https://internal.company.com as the "Target URL".

Then point the A Records for "www.company.com" and "company.com" to the
BlueOnyx and you should be good to go.

That should do it.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23159] Re: Redirection and forwarding, needing to redirect to a different server to a different port, can this be done easily?

[Fungal Style]

Roy,

Thanks for the reply…

I agree, I do not believe DNS can do it (although I know there are some funky 
things that can be done).

Port 80 would be open on the carrier for outbound traffic, but this particular 
carrier has blocked unsolicited inbound traffic of specific ports like port 25 
and port 80 in the past (to block phishing sites, spam, etc).
Although when I enquired they advised that it was open, although they were not 
specific and  this is what I hate about technical roles outsourced to 
developing countries  (ironically I personally know people who work for 
some of the BPOs who handle contact for this particular carrier, so I am VERY 
sceptical they really know).

I have reviewed their firewall and to me with enough knowledge to be dangerous, 
copied the same rules which worked for port 443 and applied them to port 80, 
changed order and various other ways to place a priority, but to null effect, 
hence my suspicion for the provider blocking, regardless of their claims.

I am let to believe the service is a “business grade” service, which is more 
about SLAs than anything else. (it is a fixed wireless connection on the nbn in 
Australia)

I did find references to others having the port blocked and others not with the 
same provider for port 80, however no one ever raised any issues over port 443 
or other obscure ports (mainly seen 25 and 80 being reported as blocked).

I have got another reply from Michael which I need to look at closely and test, 
so I will post here again once I have looked at it also.

But as for IP tables, unless I wanted to pass ALL traffic to the external 
server, from what I am finding/reading it will not do it.

Regards
Brian


From: Roy Urick 
Date: Saturday, 24 August 2019 at 1:09 am
To: Brian Carter 
Subject: Re: [BlueOnyx:23157] Redirection and forwarding, needing to redirect 
to a different server to a different port, can this be done easily?


Pretty sure DNS cannot add a port number to a query response, or even know what 
port the subsequent traffic is going to use. It just is asked "what is the IP 
of this host" and the DNS server responds.

I'd guess that if 443 is open, 80 is also open at the carrier level. I dont 
know of any non business service providers that block inbound 80  dont also 
block inbound 443 as well.

My gut says the firewall is misconfigured. You can always call the ISP and ask 
if they are blocking any inbound ports. In my experience they will all tell you 
whether they are or not. If its not business class service they are probably 
blocking it. But I cant imagine them not blocking both.
On 8/23/2019 10:02 AM, Fungal Style wrote:
Hi all,

Here is the situation, a website is hosted with an on-premise server (I know, 
stupid idea, but these guys are raised on *stoopid*, as in I bet their parents 
took a double helping thing more is better), they have port 80 blocked and port 
443 open, so if you access their site via HTTPS, it works fine, but drop the 
HTTPS and use just HTTP, it fails, as port 80 is blocked.

Simple solution would be to change their firewall right? Well I am not certain 
the issue is with the firewall but the provider of the link to their server, 
and the firewall is part of a fairly high end router that you may need some 
additional training to understand all of the features (I think it is one of the 
Vanguards from memory, been a little bit since I last looked at the configs).

So here is what I am thinking, having a BO server handle the DNS requests, 
change the port to port 443 and then forward the traffic to the IP address of 
their on prem server, but I cannot think of a good way to do this as I am 
thinking iptables but surely there must be a better, (read as “easier way”) to 
do this that I am just not seeing, as even with iptables I am not sure I would 
be able to (could be a skills shortage on my side if it is possible).

Anyway, any thoughts or ideas on how to do this are warmly received.

Regards
Brian



___

Blueonyx mailing list

Blueonyx@mail.blueonyx.it<mailto:Blueonyx@mail.blueonyx.it>

http://mail.blueonyx.it/mailman/listinfo/blueonyx
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23157] Redirection and forwarding, needing to redirect to a different server to a different port, can this be done easily?

[Fungal Style]

Hi all,

Here is the situation, a website is hosted with an on-premise server (I know, 
stupid idea, but these guys are raised on *stoopid*, as in I bet their parents 
took a double helping thing more is better), they have port 80 blocked and port 
443 open, so if you access their site via HTTPS, it works fine, but drop the 
HTTPS and use just HTTP, it fails, as port 80 is blocked.

Simple solution would be to change their firewall right? Well I am not certain 
the issue is with the firewall but the provider of the link to their server, 
and the firewall is part of a fairly high end router that you may need some 
additional training to understand all of the features (I think it is one of the 
Vanguards from memory, been a little bit since I last looked at the configs).

So here is what I am thinking, having a BO server handle the DNS requests, 
change the port to port 443 and then forward the traffic to the IP address of 
their on prem server, but I cannot think of a good way to do this as I am 
thinking iptables but surely there must be a better, (read as “easier way”) to 
do this that I am just not seeing, as even with iptables I am not sure I would 
be able to (could be a skills shortage on my side if it is possible).

Anyway, any thoughts or ideas on how to do this are warmly received.

Regards
Brian
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22839] Re: email username

[Fungal Style]

My 2 bits woth…

I use the usernames and not full addresses, and it just means you need to have 
a plan, although when someone moves from another host that does use the full 
email address, it does create some teething issues at first but you soon learn 
how to get around most things, like as they are changing hosts they will also 
be best to change passwords anyway, so a change of username would also be 
advisable
9and most email applications do it in the same spot), especially if they 
changed hosts due to a data breach (which is one reason I have had customers 
move to my servers).

One plan to use is the field to prefix the user name, so for example 
j...@smith.com and j...@doe.com 
could have the usernames smi_john and doe_john respectively. So you do not need 
to suffix manually with numbers, but get the system to automatically prefix the 
user name, other management systems do it too, do it is not a new thing.

Have a look at your failed logins log via the gui, you will see most use the 
email address to try and brute force, or use a compromised password.

HTH

Regards
Brian

From: Blueonyx  on behalf of Ken Hohhof 

Reply-To: Blueonyx mailing list 
Date: Monday, 22 April 2019 at 9:31 am
To: Blueonyx mailing list 
Subject: [BlueOnyx:22838] Re: email username

We don’t use BlueOnyx for email, just webhosting, but we moved away from using 
just usernames probably 15 years ago.  Hardly any email system does it that way 
anymore.  The reason is simple, once you have user john or mary, you can’t have 
another john or mary at a different domain.  This is maybe OK if you are just 
hosting mail for your own domain, but I don’t see how that will work if you are 
hosting mail for multiple customer domains.

Yes, you could have j...@foo.com with username john, and 
j...@bar.com with username john2, but that seems very 
confusing.


From: Blueonyx  On Behalf Of Greg Kuhnert
Sent: Sunday, April 21, 2019 6:01 PM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:22837] Re: email username

I would suggest this is not a great idea. If you have a look at failed login 
attempts on your server, you will notice most of them are email address 
formats. Combine that with many of the password breaches in the wild (unrelated 
to blueonyx), it is likely that a percentage of your users have compromised 
accounts but they dont know it. I have seen attacks using these compromised 
lists… but the fact that our email systems dont use email address for login has 
more than likely prevented entry by the bad actors.

GK



On Apr 22, 2019, at 12:31 AM, Kasey Matejcek 
mailto:ka...@lkm.bz>> wrote:

Is there a way to setup the email so the user name includes the domain
For the username u...@domain.com
Right it just username and no domain
The new version of outlook is getting a hard to setup and imap account it want 
the username to be someth...@domain.com
I know I can get around it be going to the mail icon in the control panel and 
set it up there
Just going to roll out a new server and figure if I could get this setup I 
could save me sometime when users setup there emails going forward on the new 
server
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22807] Re: Vsite Ip missing on general page

[Fungal Style]

Kasey,

Is this being viewed on a tablet or phone? The page does not appear to be 
properly rendered correctly.

What browser are you using and have you tried a different browser?

Was it working previously?

rgds
Brian

From: Blueonyx  on behalf of Kasey Matejcek 

Reply-To: Blueonyx mailing list 
Date: Thursday, 11 April 2019 at 10:41 pm
To: Blueonyx mailing list 
Subject: [BlueOnyx:22806] Vsite Ip missing on general page

I have blueonyx 5209R machine when I go under my vsites and go to general and 
try to make a change it tells me I don’t have IP v4 set or ip 6 set
When looking at the page the field for the ip are missing attached is a picture
This is the same for a new site also no ip fields no ip fields at all
http://www.lkm.bz/photos/blueonyx1.jpg
http://www.lkm.bz/photos/blueonyx2.jpg


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22775] Re: Email Forwarding not working

[Fungal Style]

Felix,

I suspect not, as Google won’t let you look at their logs I would expect.

There are a couple of other options.


  1.  Gmail can gather email from pop3 and imap servers
  2.  Whilst testing, select to save a copy, I assume you are doing this now, 
as then they can check the email via gmail as per the above suggestion (or via 
hotmail, roudcube etc).

You can check your mail log to see when the emails have been sent, maybe 
someone else can suggest some other logs to check, but one thing to look for is 
that gmail may be seeing the emails as SPAM, check junk mail folders

Rgds
Brian

From: Blueonyx  on behalf of Felix Kaegi 

Reply-To: Blueonyx mailing list 
Date: Saturday, 16 March 2019 at 1:28 pm
To: Blueonyx mailing list 
Subject: [BlueOnyx:22774] Email Forwarding not working

Hi

Email Forwarding was enabled for a customer, but the mails never reached him. 
The specified email address was a valid Gmail address. Senders did not get an 
error message that their emails didn’t get through. Since Safe Copy was not 
ticked no mails are on the server.

How can I troubleshoot this issue of disappearing emails? Any chance that the 
missing emails can be found?

Best regards
Felix

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22522] Re: SSL certificate for mail requiring to be trusted every time the certificate is renewed.

[Fungal Style]

Michael,

Thanks, I was thinking along those lines… I may need to name the server more 
appropriately or something….

Regards
Brian

From: Blueonyx  on behalf of Michael Aronoff 

Reply-To: Blueonyx mailing list 
Date: Friday, 23 November 2018 at 12:57 pm
To: Blueonyx mailing list 
Subject: [BlueOnyx:22521] Re: SSL certificate for mail requiring to be trusted 
every time the certificate is renewed.

Brian wrote:
> Any ideas on what I am doing wrong or how to do it so the SSL will work more 
> seamlessly?

BlueOnyx will always use the server name for the Sendmail process. You used to 
be able to tell Apple devices to accept the certificate once and it would 
remember it or disable SSL and that would stop the problems. However with the 
more recent versions of iOS devices neither works. Even with SSL is disabled it 
throws errors. It is like they include the setting to disable SSL but then 
ignore it. Very frustrating.

The only real solution is to explain to clients they are on shared hosting and 
have them use the server address for incoming and outgoing instead of their own 
domain name. Sure it is a little annoying but all the problems go away.

Happy Thanksgiving to everyone who celebrates this holiday. ☺

__
M Aronoff Out – maron...@gmail.com

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22520] SSL certificate for mail requiring to be trusted every time the certificate is renewed.

[Fungal Style]

Hi all,

I must have missed something, but every 2 months when Let’s Encrypt updates the 
SSL, it needs to trust the server again.

Here is an example…

Server1.domainname.com – has an SSL, all is fine
Mydomain.com – has an SSL certificate also enabled
Both are on the same server/IP address but are not linked in any other way (ie 
separate TLDs).

When the user checks email after the SSL has been updated they are prompted to 
trust the server1.domainname.com again, which can be confusing as they do not 
know the server’s name as it is a different TLD.

This is becoming frustrating as the user also has an iphone and it will not 
allow the certificate to be trusted without either a) deleting and recreating 
the account or b) disable the email account on the phone, create a new account, 
have it trusted when prompted and then you can delete it and revert back to the 
original email account (I have only read about this but still seems a lot to do 
every 2 months).

Any ideas on what I am doing wrong or how to do it so the SSL will work more 
seamlessly?

Regards
Brian
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22500] Re: RHEL 8 Beta is out - BlueOnyx 5210R development starts

[Fungal Style]

Michael,

And the point I (and most likely everyone else) was waiting to read.. was at 
the end... migration... __

Sounds good and looks like you have a big task.

Regards
Brian

On 16/11/18, 1:46 pm, "Blueonyx on behalf of Michael Stauber" 
 wrote:

Hi Ernie,

> for for those that are keen, Redhat just announced the RHEL 8 Beta
> 
> https://developers.redhat.com/rhel8/

Thank you. I've grabbed the ISO of it and will start some preliminary
development work for 5210R on it within the close future.

> Not sure what impact it will have on BX or how long before CentOS has it.

I have no solid idea when the beta ends and when we can expect to see
the first releases of RHEL 8 and CentOS 8 respectively. But I guess it
might be a couple of months. Like sometime in Q1 of 2019. We'll see.

I poked a bit around in the RHEL-8-beta ISO to get an idea what we can
expect. Here are some ballpark figures:

- Kernel 4.18
- Perl 5.26.4
- PHP 7.1.20 and PHP-7.2.11 (the ISO has both)
- Apache 2.8.0
- Nginx 1.14.0
- Sendmail 8.15.2
- Dovecot 2.2.36
- MariaDB 10.3.10
- OpenSSL 1.1.1
- OpenSSH 7.8p1
- Systemd 239-8
- Python 2.7.15 plus Python 3.6.6
- RPM 4.14.2
- Glibc 2.28
- Glib2 2.56
- Java 1.8.0

As for the impact on BlueOnyx? I had already set the model number 5210R
aside for it and had done some preliminary checks of what would be
needed to port the GUI to any newer version of PHP.

Right now the core of the GUI (base-alpine) uses CodeIgniter v2.2.6
(which is EOL) and for 5210R we certainly want to use a newer version.
Such as the stable v3.1.9, which also supports PHP-7.1 and PHP-7.2 out
of the box.

But the fun starts right there:

Every GUI page is a CodeIgniter PHP class. PHP class names must start
with a capitalized character. Example: "TestClass" is fine, but
"testClass" is not. We already honored this religiously throughout the GUI.

Since CodeIgniter 3.0.0 the file names for these classes also *must*
have their leading character capitalized. Which we have not. A handfull
of Classes under /usr/sausalito/ui/ci/application/libraries/ and *all*
classes under /usr/sausalito/ui/ci/application/modules/ don't follow the
new mandatory naming conventions.

That means all of these must be renamed (and the CI routing tables must
be updated) and it must be checked that filename and classname are
identical both in name and capitalization.

That's around 250-300 PHP classes that need fixing right off the bat.

Plus there will be several things that changed behavior between PHP
versions and we're moving right from PHP-5.4.16 to PHP-7.2.11. That's
the biggest PHP version gap BlueOnyx *ever* had to bridge: We're moving
five *major* versions of PHP ahead in one go.

It's not *that* bad (I hope), as a lot of the heavy lifting of the GUI
is done by CodeIgniter itself or had been externalized into shared
libraries and PHP Classes that are re-used throughout the GUI. Still: I
expect to run into some unexpected glitches that need a fixing.

The next couple of challenges are adjusting the GUI to the updated
services. Like from Apache 2.4 to 2.8. Nginx is no surprise and we've
already go the same version on 5209R that RedHat brings in RHEL8.
Sendmail? Trivial changes. Dovecot? Good to go w/o changes. FTP? We
bring our own, so no surprises either. Making these adjustments should
be fairly quick, with the new Apache being the only real complication.

We'll drop Apache Tomcat in 5210R, though. It already doesn't work right
in 5209R and dragging that dead carcass over to 5210R makes no sense.

I think that by the end of this year or more probably in January 2019
I'll have a draft of 5210R ready that can quickly be adjusted to
whatever slightly modified realities we'll find once CentOS 8 is
officially out.

I'll get it covered.

FWIW: By that time I also hope to have "EasyMigrate" ready, so moving
from 5207R/5208R/5209R to 5210R should be easier and more comfortable
than doing it with CMU.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22495] Re: AFP ISSUE

[Fungal Style]

As an interim measure, whitelist your IP address.

Then it will be a matter of working out what it is blocking, for me it was an 
email account being checked and after x number of times it was blocked.

Regards
Brian



From: Blueonyx  on behalf of Harm van Houten 

Sent: Thursday, November 15, 2018 8:07:21 PM
To: Blue Onyx
Subject: [BlueOnyx:22494] AFP ISSUE


Hi all,

I run the afp package on my bo box but suddenly as of this evening after a 
while I can't get in or out of the box any more and the only thing I can think 
of as to what the reason might be is the afp defense.

I get on screen a few firewall messages but nothing that would tell me why it 
is blocking. How can I temporarily turn of the defense when this happens?

PS after a reboot its gone for about 45 minutes

Kind regards Harm van Houten

Verzonden vanaf mijn Xperia™ van Sony-smartphone
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22412] Re: web redirect issue

[Fungal Style]

Sorry, ignore this as I see Michael replied after this (I was looking at older 
emails first), my bad.

On 21/9/18, 7:18 am, "Brian Carter"  wrote:

Neal,

This may seem like a silly question, but why use cname and not just an A 
record, an alias and selecting to redirect aliases?

Regards
Brian

On 21/9/18, 12:22 am, "Blueonyx on behalf of neal pressman" 
 wrote:

working on 5209 and seeing behavior i do not expect

i have a vsite xyz.com
DNS A record for xyz.com
a CNAME for www -> xyz.com

going to http://xyz.com gives expected result
going to http://www.xyz.com gets redirected to http://www.xyz.com:444 
and the login screen 
going to http://www.xyz.com/index.html http://xyz.com/index.html as 
expected

--
Open WebMail Project (http://openwebmail.org)

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx





___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22411] Re: web redirect issue

[Fungal Style]

Neal,

This may seem like a silly question, but why use cname and not just an A 
record, an alias and selecting to redirect aliases?

Regards
Brian

On 21/9/18, 12:22 am, "Blueonyx on behalf of neal pressman" 
 wrote:

working on 5209 and seeing behavior i do not expect

i have a vsite xyz.com
DNS A record for xyz.com
a CNAME for www -> xyz.com

going to http://xyz.com gives expected result
going to http://www.xyz.com gets redirected to http://www.xyz.com:444 and 
the login screen 
going to http://www.xyz.com/index.html http://xyz.com/index.html as expected

--
Open WebMail Project (http://openwebmail.org)

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22354] Third Party software - naming DB

[Fungal Style]

Hi all,

As many are aware there are a lot of applications in the “ALL PRODUCTS BUNDLE” 
and some have limited descriptions. I was wanting to do one of a few things…


  *   Edit the file where the descriptions are stored so I can add my own 
descriptions and save me Google-ing the file name
  *   Submit the descriptions to be included (not just the name of the add-on 
but a description of what it is to make it easier and more accessible for 
newbies)
  *   Or any combination of the above and add a web address of the original 
program in case we need help on the product itself (usage help and not install 
help)

What prompted this was I was looking at the list and saw “WHAM Module – 
mantisbt” with a description of “WebHoist Application Module” and though “WTF 
is that” and Google tells me it is Mantis bug tracker.

I know Greg and Michael (and most likely others) work very hard and this would 
be one way to also help out and give back.

Regards
Brian
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22302] Re: site redirection unchecked, still redirecting.

[Fungal Style]

Ken,

Interesting, it did not cross my mind to do a private browsing session, 
although I did try with FF, Edge and Chrome on computers that had not got to 
the vsite since the redirection was put in place and then removed.

Will give it a try.

Regards
Brian

From: Blueonyx  on behalf of Ken Hohhof 

Reply-To: BlueOnyx General Mailing List 
Date: Monday, 30 July 2018 at 8:40 am
To: 
Subject: [BlueOnyx:22301] Re: site redirection unchecked, still redirecting.

Some browsers permanently cache 301 redirects but you say this is a 302.

I remember having to visit the page with private browsing to clear the cache.

 Original Message 
From: "Fungal Style"
Sent: 7/29/2018 5:14:41 PM
To: "BlueOnyx General Mailing List"
Subject: [BlueOnyx:22300] site redirection unchecked, still redirecting.


Hi all,

I am having a problem at the moment where I set a vsite to redirect by enabling 
“Redirect Website“, with a 302, then once I disabled the redirection, it is 
still redirecting.

Any thoughts on where I can look?

I have tried a few things already including:

  1.  Different computers and browsers
  2.  Dumping browser cache
  3.  Flushing dns cache

Regards
Brian
___ Blueonyx mailing list 
Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22300] site redirection unchecked, still redirecting.

[Fungal Style]

Hi all,

I am having a problem at the moment where I set a vsite to redirect by enabling 
“Redirect Website“, with a 302, then once I disabled the redirection, it is 
still redirecting.

Any thoughts on where I can look?

I have tried a few things already including:

  *   Different computers and browsers
  *   Dumping browser cache
  *   Flushing dns cache

Regards
Brian
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22187] Re: Jungle_Sec Ransomware

[Fungal Style]

Chris,

Thank you for the update, I still have a few questions, although maybe not as 
important now, but...

Do we know if the system files were encrypted? 

What was the indication there was a problem? 
Was it that something on the site was not working and then someone realized 
file extension were added to say PHP files as an example?

As to vulnerable sites, that is easy, an exploit to allow a single file to be 
dropped into a folder can give them all the access they need... 
One of my favourites (and not a hacker tool, as I have seen some what can even 
touch files so the date is not the real date it was added/changed and some 
which try and get root access, even to the point they modify the rewrite in the 
.htaccess file):
https://sourceforge.net/projects/extplorer/?source=typ_redirect

So yes I have seen many exploited/defaced and otherwise compromised sites from 
owners not wanting to spend a little time or money in maintenance and updating 
(and it costs them more in the end when I have to come in and clean up their 
site), including shopping carts that were SSL routing CC info elsewhere. 
But my limits with Ransomware is to the Windows environments and I am sorry I 
cannot in clear conscience offer my services for Linux Ransomware as although I 
do have enough knowledge to be dangerous with the Ransomware working the same 
or in a similar way, I do not have the Linux experience. By all means feel free 
to bounce a question off me and I will tell you if I don't know... ( and who 
knows maybe I know someone who may know.

Regards
Brian

PS so we can take this offlist now as it is not a BO issue specific I can 
be reached on the following email address if you need to ask a question and 
want to get a reply from me saying I have no idea... (
wa...@hotmail.com

On 27/6/18, 11:11 pm, "Blueonyx on behalf of Chris Gebhardt - VIRTBIZ 
Internet"  wrote:

Hi all,
I'll take a brief moment to give response to the questions that were 
posed last night:

On 6/26/2018 10:52 PM, Ken Hohhof wrote:
 > Can you expand on "vulnerable websites"?

This site in particular is mainly WordPress.  I say mainly because there 
are some other CMS modules stitched in as well.  It's a fairly 
specialized one-off site.

But that's a bit beyond the point.  A "vulnerable" site is just that. 
Something that's vulnerable to attack.   I'm not going to paint all 
WordPress sites with a (false) broad brush.  However, there are a lot of 
WordPress admins doing terrible work to properly secure their sites. How 
many times have you seen this? "Something doesn't work right?  Aw, well, 
let's chmod it 777.  Yup that works! Problem solved!"

Basically, I'm just raising the call to keep an eye on what's running on 
your server.  Do some security auditing now and again.  Something look 
strange or out of place?  Shut it down or fix it.   Don't just let 
    something go unchecked because it's been fine in the past.


On 6/26/2018 11:04 PM, Fungal Style wrote:

> Was this the only site on the server? If not was it only the vsite 
affected?
> (If it is just the vSite, then it was contained that is not so bad and we 
can sleep *a little* tonight...)

There's only one site on the server.

> Although I am assuming it is a blueonyx server, would I be correct?

No, this is a CentOS 6 LAMP box.  As much as I lobbied the customer to 
put BlueOnyx on it when we fired it up as a replacement for an outgoing 
box, there are simply too many customizations.   Could it have been a BX 
box?  Yes.  But it wasn't worth the fight.   The customer liked my 
ideas, but is bound by the comfort & capabilities of an offshore 
development team.   I'm unable to interface directly with the dev team 
due to a language barrier.   I can only speak enough Italian to order 
dinner.

> Do we know how they got in, as in was it a file uploaded via an exploit 
in the site (or FTP, etc)?

We do not.   It's being looked into, but forensic crypto security isn't 
something that I'd put on my CV.  My current theory is it may have been 
delivered via FTP to the server.   There are hundreds of FTP accounts. 
The question remains as to how it may have been executed.

My staff here is good at many things, but this isn't something we've 
specialized in.  Not a lot is known about Jungle_Sec and it is 
apparently pretty good at covering its tracks.   It's ultimately up to 
the customer to decide if they would like to hand it over to an 
investigator.

Our task is to assist the customer with bringing the site online and 
securing it.  That means determining if the backups are safe, or will 
the same thin

[BlueOnyx:22184] Re: Jungle_Sec Ransomware

[Fungal Style]

I was just about to add questions as well...

Chris,

Was this the only site on the server? If not was it only the vsite affected?
(If it is just the vSite, then it was contained that is not so bad and we can 
sleep *a little* tonight...)

Although I am assuming it is a blueonyx server, would I be correct?

Do we know how they got in, as in was it a file uploaded via an exploit in the 
site (or FTP, etc)?

Regards
Brian

On 27/6/18, 2:01 pm, "Blueonyx on behalf of Ken Hohhof" 
 wrote:

Can you expand on "vulnerable websites"?

-Original Message-
From: Blueonyx  On Behalf Of Chris
Gebhardt - VIRTBIZ Internet
Sent: Tuesday, June 26, 2018 10:34 PM
To: Blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:22182] Jungle_Sec Ransomware

Just thought I'd post a quick note.  Make sure you've got backups, your
backups are stored off-server, and you are enforcing strong passwords 
and cracking down on vulnerable websites.   We're working with a 
customer that has been infected by the new Jungle_Sec ransomware 
variant.   It's not just Windows machines that are vulnerable anymore.

And if you happen to know of someone expert in these matters (or you,
yourself may be) then hit me up offline.  I don't pretend to have all the
answers and have directed the customer to reach out to someone with
experience in this sort of thing.  We think there are clean backups, but 
it's a roughly 20TB site that got hit.   Yeah... it's big.  (To answer 
the obvious, I've already recommended against paying the .4 bitcoin
ransom.)

-- 
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22180] Re: 5209R GUI login page loops

[Fungal Style]

Well, that was going to be a suggestion, but sounded too cliché, ala The IT 
Crowd "Have you tried turning it off and back on again?"

I am certain there would have been some form of CCED or service that could have 
been restarted to give the same result, but sometimes it is easier and quicker 
to restart (

Regadrs
B
On 27/6/18, 1:16 am, "Blueonyx on behalf of Larry Smith" 
 wrote:

Appreciate the response.
Multiple browsers give same result.
IP:81 does not work at all with http, with https gives same
result as the :444 (login page just loops and comes back up).

Rebooted server and it started working



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22178] Re: 5209R GUI login page loops

[Fungal Style]

Couple of simple things to check...

1. a different browser as it may be a cache issue
2. try :444 or :81 to see if there is a difference

With point 2, don’t put https as the prefix, let the browser do it if it feels 
it needs to.

On 27/6/18, 12:47 am, "Blueonyx on behalf of Larry Smith" 
 wrote:

Recall seeing this topic before but cannot find it today.
Have a 5209R that when trying to login (admin), the
login page just loops (says waiting on server, then login page
re-appears).  Does this for standard and https login attempts.
No error messages in logs.

Suggestions?

-- 
Larry Smith
lesm...@ecsis.net
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22174] Re: 1 vsite does not work by name

[Fungal Style]

Lewis,

So the one site that does not work by name, when pinging, are you doing from 
the local machine or from a separate machine? 

If you ping from the local host, does it respond with a timeout or a different 
message?

Or when you say " Pinging each name gives the same IP address." The vsite name 
is responding?

Regards
Brian

On 26/6/18, 2:41 am, "Blueonyx on behalf of Lewis Gardner" 
 wrote:


5209R server with 5 sites. All can be accessed by name except one. 
Pinging each name gives the same IP address.

Any ideas?

TIA!
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21776] Re: save the values of select box of "show 10 entries" after changed.

[Fungal Style]

Michael,

Thank you as always great work

I tested quickly and it appears to work as expected, it was just one of those 
little things that was just an annoyance like a dripping tap.

Regards
Brian

On 18/2/18, 4:06 am, "Blueonyx on behalf of Michael Stauber" 
 wrote:

Hi Brian,

> Mind you in my previous searching I did come across the following, 
> maybe if we could change the default with a manual "hack" to show
> the desired number of entries by default?

I was considering something like that, but the actual solution was
easier. See: [BlueOnyx:21774]

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it

https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.blueonyx.it%2Fmailman%2Flistinfo%2Fblueonyx&data=02%7C01%7C%7Cac6493f9d98e446f680b08d576287234%7C84df9e7fe9f640afb435%7C1%7C0%7C636544839660416513&sdata=rUWr5VD4C2Af63gck%2FIwy8Ho7xc1jV1IZiNqZYVrz3c%3D&reserved=0




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21771] Re: save the values of select box of "show 10 entries" after changed.

[Fungal Style]

Michael,

Well it is listed there and in the DNS setting example, the save does not seem 
to do anything anyway was a little puzzled...

Mind you in my previous searching I did come across the following, maybe if we 
could change the default with a manual "hack" to show the desired number of 
entries by default?

https://stackoverflow.com/questions/10630853/change-values-of-select-box-of-show-10-entries-of-jquery-datatable

It is using Jquery so my be helpful, I don't know as it is more above my pay 
grade...

Regards
Brian

On 16/2/18, 1:54 pm, "Blueonyx on behalf of Michael Stauber" 
 wrote:

Hi Brian,

> Not sure if anyone has noticed but it has been a pet peeve of mine for a
> while, as I skip between screens, for example, in Stie Management I can
> change the “Show [10] entries” to 50 and there is no way to save it that
> I can see… as when I go back to the site management tab, it reverts to 10.

Phew ... this is a good suggestion, but I'm myself wondering how to pull
that one off. Sure, we could set a cookie that recalls if this was
changed and what value it was set to.

The trouble is: The GUI element where this is used is called
"ScrollList" and it uses a jQuery element called dataTables. The
whopping beauty of it is that it's sort of a black box. You feed it some
appearance parameters like ...

- Pagination enabled?
- search field enabled?
- sort order and sort-ability by column?
- # of columns and column width?

... and feed it an array that contains the data you want to display.
Boom, finished.

There is some flexibility to appearance and functionality via
parameters, but I'll have to go back and dig out the docs for that to
see how and if I can fiddle this in.

I'll look into this.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it

https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.blueonyx.it%2Fmailman%2Flistinfo%2Fblueonyx&data=02%7C01%7C%7Cbfae55c41a91434a543a08d574e89a8b%7C84df9e7fe9f640afb435%7C1%7C0%7C636543464722518078&sdata=%2F%2F77R4yjyX%2Fn3ZMHLDh7BCxQd2KkAM3%2FvuJdHmkH2b0%3D&reserved=0




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21769] save the values of select box of "show 10 entries" after changed.

[Fungal Style]

Not sure if anyone has noticed but it has been a pet peeve of mine for a while, 
as I skip between screens, for example, in Stie Management I can change the 
“Show [10] entries” to 50 and there is no way to save it that I can see… as 
when I go back to the site management tab, it reverts to 10.

The same if I go to Sever Management>Network Services>DNS, click on edit 
primary services, as many people have lots of DNS entries if they use sub 
domains, etc… select 50, click save down the bottom (as I have no idea what 
else it would be for) and it reverts immediately to 10 again.

I know this is not a system stopping bug, but it is something that I am finding 
more frustrating the more domains I have hosted.

I could not see any previous entries for this either, for a work around type of 
hack…

Regards
Brian

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21685] Re: mailserver; possible security issue?

[Fungal Style]

Dirk,

Good to see I am not the only one thinking SPF.

I note that your test, if I read it right, you are logging in via telnet as if 
you were a mail client, you are authenticating to start with.

So you are saying, as an example….

The fake user is logging in as u...@company.com and then saying the sender 
email address is c...@company.com ? 

Also you are saying is you have selected to enable “Enable SMTP Auth” in the 
basic tab of “Email”? If so my understanding would be the user would need to 
authenticate in order to be able to send an email which they could say have an 
email client to log in with the credentials for the username of (to use the 
above example):
user

Entering the password etc, but configure the email client to say the email is 
from c...@company.com and not u...@company.com (which was used to authenticate 
for sending email), is this what you mean?

The question would be then if the above is true then as to if the email 
originated from your (in this case, your customer’s) mail server, and if so 
they may have a compromised email account as you needed to log in to send 
email. 

Hope that makes as much sense as I think it does as it is nearly 1:#0am here… ☺

Regards
Brian


On 26/1/18, 1:06 am, "Blueonyx on behalf of Ken Hohhof" 
 wrote:

Dirk, I am not understanding the issue.  Mailservers will generally accept 
messages from anyone for a local mailbox, that is their purpose.

Is the issue that the mailserver is accepting external mail from a sender 
address at a domain local to the mailserver?  Maybe you are wanting something 
like SPF to specify the official mailserver for that domain and force all 
senders to authenticate and relay via the official mailserver?

Or is the issue that the CEO was fired and his/her email address deleted, 
yet the mailserver accepted messages from a sender address at a local domain 
that it should have known was an invalid user at that domain?  If I handle mail 
for a domain, and I receive a message purporting to be from a user at that 
domain, yet there is no such user (or alias) at that domain, maybe the SMTP 
session should fail as soon as I receive the sender data.


-Original Message-
From: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] On Behalf Of Dirk 
Estenfeld
Sent: Thursday, January 25, 2018 7:19 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:21683] Re: mailserver; possible security issue?

Hello Brian,

thank you for your email.
Yes, I am aware of this. But in this case some of your suggestions are not 
applicable.
For example for an official mailserver it makes no sense to limit the ip 
address for port 25.
Yes smtp_auth is enabled at the server of course. But you can try. It is 
not working if you use an email address which is existing at the server and the 
recipient address also.

I did also try with an exchange server and this was working. Also with a 
sendmail at freebsd. So it seems to be a more  or less general "feature" which 
in my opinion is a security issue in our days.

Best regards
Dirk


---

blackpoint GmbH – Friedberger Straße 106b – 61118 Bad Vilbel

Tel.: +49 6101 65788 20
Fax: +49 6101 65788 99
eMail: dirk.estenf...@blackpoint.de

Vertretungsberechtigt Dirk Estenfeld und Mario Di Rienzo HRB 50093 
Frankfurt am Main USt.-IdNr. de210106871

CRM on Demand – eine gute Idee

Besuchen Sie uns im Internet unter 
https://eur01.safelinks.protection.outlook.com/?url=www.blackpoint.de&data=02%7C01%7C%7C36366dc2b29c42658b1008d563fcc589%7C84df9e7fe9f640afb435%7C1%7C0%7C636524859652034695&sdata=bWIlht1JFRmSyh6wn%2FkIkGqRKVCQK1pnRXIUtBt21Ms%3D&reserved=0
 Problemlos Domains registrieren: 
https://eur01.safelinks.protection.outlook.com/?url=www.edns.de&data=02%7C01%7C%7C36366dc2b29c42658b1008d563fcc589%7C84df9e7fe9f640afb435%7C1%7C0%7C636524859652034695&sdata=4Efqsh0RIXt0N2WfDz07Snpn%2F6ER5J6bDvvEoeszuIo%3D&reserved=0
 Einfach und günstig Daten sichern: 
https://eur01.safelinks.protection.outlook.com/?url=www.back2web.de&data=02%7C01%7C%7C36366dc2b29c42658b1008d563fcc589%7C84df9e7fe9f640afb435%7C1%7C0%7C636524859652034695&sdata=vGRCVMYcBo7w52dupmwceIktkBKNYBV0bNe6lVEwZQY%3D&reserved=0
 Mitglied im:




Confidentiality Notice:
This e-mail message, including any attachments,is for the sole use of the 
intended recipient(s) and may contain confidential and privileged information. 
Any unauthorized review, use, disclosure or distribution is prohibited. If you 
are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message. 


-Ursprüngliche Nachricht-
Von: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] Im Auftrag von 
Fungal Style
Gesendet: Donnerstag

[BlueOnyx:21682] Re: mailserver; possible security issue?

[Fungal Style]

Hi Dirk,

Well, there are often a few things that can be done, although normally you need 
to also consider email is one of the (if not the) most insecure methods of 
communication.

Simple things which some you may have enabled already include:
- Limiting the IP ranges that can send email (of course can be spoofed, but it 
requires more work from the scammer side)
- Authenticated sending (to ensure they do not send via your server, if they do 
then look for the account being exploited)
- SPF records can help a little too I believe (have nto played too much with 
them)


Note: I am no expert myself but the above should get you pointed in the right 
direction to start with.

I am sure there are other ways to harden the security like with RBLs, SPAM 
filetering such as SPAM ASSASIN, etc. I suppose some geo blocking may also 
help, which would go more hand in hand with the initial comment on limiting the 
IP ranges.

As always, staff training on cyber threats in invaluable.

Hope this helps for the future.

I suspect someone with more knowledge will reply also soon enough, but thought 
this may provide a little light reading to start with.

Regards
Brian


On 25/1/18, 11:07 pm, "Blueonyx on behalf of Dirk Estenfeld" 
 
wrote:

Hello,

we have one customer who was victim of a CEO fraud.
Some of his employees got a message from the email address of the CEO with 
the order to send xx money to a specific bank account. He did :(

Now we found out that it is possible to send email with sendmail at 
centos/blueonyx (also other distributions) from an existing email address to an 
existing email address.

Example:
telnet 208.77.xx.xx 25
Trying 208.77.xx.xx...
Connected to 208.77.xx.xx
Escape character is '^]'.
220 sol ESMTP Sendmail Ready; Thu, 25 Jan 2018 06:37:59 -0500
EHLO blackpoint.de
250-sol.xxx Hello ns3.xxx [xx.xx.xx.xx], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
MAIL FROM:mst...@solxxx.net
250 2.1.0 mst...@solxxx.net... Sender ok
RCPT TO: mst...@solxxx.net
451 4.7.1 Greylisting in action, please come back later
RCPT TO: mst...@solxxx.net
250 2.1.5 mst...@solxxx.net... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
Some content for example send money to yx
.
250 2.0.0 w0PBbxN1026335 Message accepted for delivery
QUIT
221 2.0.0 sol.xxx closing connection
Connection closed by foreign host.

Unfortunately it is not only possible from the same to the same user. It is 
also possible from an (at the server existing) email address to an (at the 
server existing) email address.

Does someone else did see something similar.
In my opinion in days with CEO fraud it is a security issue.
Do someone know how to change settings in sendmail to prevent this 
behaviour?

Best regards,
Dirk Estenfeld


---

blackpoint GmbH - Friedberger Straße 106b - 61118 Bad Vilbel


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it

https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.blueonyx.it%2Fmailman%2Flistinfo%2Fblueonyx&data=02%7C01%7C%7C56e10a12e452489a42a508d563ec26b1%7C84df9e7fe9f640afb435%7C1%7C0%7C636524788260239525&sdata=tl8seiVBMOO9wh%2FP4m26lvJXDYDddKjSdZI9UsY29DE%3D&reserved=0




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21602] Re: DNS settings for multiple virtual sites on different servers.

[Fungal Style]

Jeff,

Thanks for the confirmation, as this is the way I started to do it and it seems 
to be working better, as the other way I was fudging it was working for many 
years, now just recently sites were losing IPs when performing a domain 
dossier, no pattern, just suddenly the site was not found so that is what 
sparked the idea of doing it the way I described (and I have not found much in 
the way of best practice guides, that could be me just missing it though).

To clarify, yes, used non-routable as examples although I have IPs on 3 ranges, 
which leads to my next questions (to a degree), just wanted to get the 
foundations right first.

Yes BO all the way with the servers.


Now the last part is somewhere I have probably been making it too hard for 
myself… the zone file transfer… I need to probably read up more on the BO notes 
on it to make sure I am getting it right.

Now ns1 and ns2 would be pri and sec DNS (respectively), If I had a third IP, 
say 10.2.1.1 (I know not a routable IP as an example again) and set up a BO 
server there, it would be a matter of say setup the domain (def.com for 
example) first on ns1 pointing to the IP address of 10.2.1.1 and add a 
secondary entry to NS2, then set up the virtual site 
www.def.com<http://www.def.com> on 10.2.1.1, right?

Add to that I could technically set up the third IP (10.2.1.1) as a DNS server, 
say ns3 and add secondary entries for xyz.com and abc.com and set up any other 
additional domains set up as virtual sites on 10.2.1.1 (aka ns3), keeping ns1 
for the primary setting up the virtual sites pointing to 10.2.1.1 (or 
192.168.1.2, whichever I want to set the virtual site on) etc, etc… same 
process as before… unless there is an easier way so that I do not have to add 
secondary entries for all the domains on each of the secondary name servers 
(like a zone transfer or something allowing them to be copied, unless I 
misunderstand)? (this is one area I think I am making it hard for myself).

Regards
Brian




From: Blueonyx  on behalf of Jeff Folk 

Reply-To: BlueOnyx General Mailing List 
Date: Friday, 22 December 2017 at 11:48 pm
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:21599] Re: DNS settings for multiple virtual sites on 
different servers.

Hi Brian,


On Dec 21, 2017, at 7:43 PM, Fungal Style 
mailto:wa...@hotmail.com>> wrote:


Hi all,

This may be a “no brainer” and I may have been doing this wrong for some time, 
with it working due to extra work done….

Example
I have:
- 2 domains 
“xyz.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fxyz.com%2F&data=02%7C01%7C%7C68d6ae20f029419742ef08d5493a49d5%7C84df9e7fe9f640afb435%7C1%7C0%7C636495437055298755&sdata=ZX3YtiDhAPWhCht8hPm%2F2IqiqcVIuIwhpapVNJEoy54%3D&reserved=0>”
 and 
“abc.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fabc.com%2F&data=02%7C01%7C%7C68d6ae20f029419742ef08d5493a49d5%7C84df9e7fe9f640afb435%7C1%7C0%7C636495437055298755&sdata=hcB3BXkexZclEQb1Pj5hSW1aLBipcPwKOo8vvtsmE7U%3D&reserved=0>”
- 2 (or more) servers
- each server capable of dns with glue DNS records for primary and secondary

Sounds good.


So lets say I set up the following glue records:
Ns1.abc.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fns1.abc.com%2F&data=02%7C01%7C%7C68d6ae20f029419742ef08d5493a49d5%7C84df9e7fe9f640afb435%7C1%7C0%7C636495437055298755&sdata=SZcsW7cr9HADV5o0A1K%2B1QFFwpGD%2Ffmd536nZawx1p0%3D&reserved=0>
 10.0.0.1
Ns2.abc.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fns2.abc.com%2F&data=02%7C01%7C%7C68d6ae20f029419742ef08d5493a49d5%7C84df9e7fe9f640afb435%7C1%7C0%7C636495437055298755&sdata=AlFl9DC8sP7kXg0C7%2B4Cr35lnhNnQtnHb9Th8JERHlc%3D&reserved=0>
 192.168.1.2

I assume you are using non-routable private addresses as an example?


Now the next step I would need to do to get 
www.abc.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.abc.com%2F&data=02%7C01%7C%7C68d6ae20f029419742ef08d5493a49d5%7C84df9e7fe9f640afb435%7C1%7C0%7C636495437055298755&sdata=oYEsDYFPSgmF5tKSQ5MUHBIcoiEmKYiX77R%2FfwtCoPo%3D&reserved=0>
 to be a functional site on 10.0.0.1 would be to add the site under the “site 
management” tab for the virtual site of 
www.abc.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.abc.com%2F&data=02%7C01%7C%7C68d6ae20f029419742ef08d5493a49d5%7C84df9e7fe9f640afb435%7C1%7C0%7C636495437055298755&sdata=oYEsDYFPSgmF5tKSQ5MUHBIcoiEmKYiX77R%2FfwtCoPo%3D&reserved=0>
 and config mail, users, etc…. Then add the domain as a secondary for DNS on 
192.168.1.2

Next if I wanted to set up 
www.xyz.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.xyz.com%2F&data=02%7C01%7C%7C68d6ae20f029419742ef08d5493a49d5%7C84df9e7fe9f640afb435%7C1

[BlueOnyx:21597] DNS settings for multiple virtual sites on different servers.

[Fungal Style]

Hi all,

This may be a “no brainer” and I may have been doing this wrong for some time, 
with it working due to extra work done….

Example
I have:
- 2 domains “xyz.com” and “abc.com”
- 2 (or more) servers
- each server capable of dns with glue DNS records for primary and secondary

So lets say I set up the following glue records:
Ns1.abc.com 10.0.0.1
Ns2.abc.com 192.168.1.2

Now the next step I would need to do to get www.abc.com to 
be a functional site on 10.0.0.1 would be to add the site under the “site 
management” tab for the virtual site of www.abc.com and 
config mail, users, etc…. Then add the domain as a secondary for DNS on 
192.168.1.2

Next if I wanted to set up www.xyz.com on 192.168.1.2 I 
would set up the virtual site on 10.0.0.1 as I did for 
www.abc.com except put in the ip address of 192.168.1.2 
under “basic settings” and set up a virtual site on 192.168.1.2 for the 
website, instead of entering a secondary dns entry.

Would that be the most correct way to do this?

I may have a follow up question on this depending on the answer, as I want to 
keep it as simple as possible first then expand to virtual sites to other IP 
addresses.

Regards
Brian
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21565] Re: Attack by a botnet.

[Fungal Style]

Michael,

Thanks for the tips, in hind sight I should have set it up a little better, 
even if it is just a testing site I was working on…. I noticed they disappeared 
for a bit and have returned even though I have the domain pointing to Google 
now with the files not present, maybe for this round I need to wait for them 
just to give up, or just delete the dns records, see what they do then… (

The .htaccess as a basic security measure is something I did not think about 
and that would prevent a bot from just searching.

Thanks again.

Will have a read to see if I can get any further ideas, though 2fa and such 
won’t stop them from trying, as not finding them now is not working either….

I can probably write it off to experience… and put a drupal, magento or joomla 
site on the domain… ( as WP is not my first choice, was just a test/dev site.


Regards
Brian


On 5/12/17, 2:19 pm, "Blueonyx on behalf of Michael Stauber" 
 wrote:

Hi Brian,

> It is a form of brute force attack from what I can tell and it is low
> bandwidth as they are requesting part of a file (possibly to go
> undetected as it is 2/10’s of bugger all data).
> 
> As I am only using the domain for testing currently I placed a 301 on it
> and renamed the files it is requesting, but they are still going.

Yeah, it's a botnet trying a brute force login to your WordPress
backend. I'd either rename the wp-admin directory to something else
and/or would throw an additional password protection of that folder in
(via .htaccess) or would install a WordPress plugin that requires
additional steps for logins than just username and password.

Like the Google Authenticator:


https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwordpress.org%2Fplugins%2Ftags%2F2-factor-authentication%2F&data=02%7C01%7C%7Cc1e20b603eab4fc5442608d53b8ef986%7C84df9e7fe9f640afb435%7C1%7C0%7C636480407626571911&sdata=PER3XiYofzI1PDcqVcdrUxddN4etAA2EJWmzvE77uY8%3D&reserved=0

From that list this one seems to be pretty complete:


https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwordpress.org%2Fplugins%2Floginizer%2F&data=02%7C01%7C%7Cc1e20b603eab4fc5442608d53b8ef986%7C84df9e7fe9f640afb435%7C1%7C0%7C636480407626571911&sdata=FK5K9Z8bBa%2FmZAO%2BktOeaTs%2Be3pfNzC0vqu8q8f07n8%3D&reserved=0

There are also a couple of other WordPress plugins around that offer
additional protection. Without any endorsement this URL shows some of them:


https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwordpress.org%2Fplugins%2Fsearch%2Fsecure%2Blogin%2F&data=02%7C01%7C%7Cc1e20b603eab4fc5442608d53b8ef986%7C84df9e7fe9f640afb435%7C1%7C0%7C636480407626571911&sdata=fbNrObhIqC7uRDke6g%2Be41tyk1UlL8EAp3RAv0ALhTI%3D&reserved=0

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it

https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.blueonyx.it%2Fmailman%2Flistinfo%2Fblueonyx&data=02%7C01%7C%7Cc1e20b603eab4fc5442608d53b8ef986%7C84df9e7fe9f640afb435%7C1%7C0%7C636480407626571911&sdata=Z%2Fj6PrvIRAQ6FIn7KYunoPqtNgVTQ1RboROl%2B9V1N2Q%3D&reserved=0




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21560] Attack by a botnet.

[Fungal Style]

Hi all,

Just want to get some ideas on anything I can do as they are quite literally 
filling up log files with spam entries of hits from an IP then rotating to a 
new IP.

It is a form of brute force attack from what I can tell and it is low bandwidth 
as they are requesting part of a file (possibly to go undetected as it is 
2/10’s of bugger all data).

As I am only using the domain for testing currently I placed a 301 on it and 
renamed the files it is requesting, but they are still going.

Here is some of the apache log:
www.it-malls.com 112.202.163.181 - - [05/Dec/2017:07:38:58 +1100] "GET 
/wp-login.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; 
rv:40.0) Gecko/20100101 Firefox/40.1"
www.it-malls.com 112.202.163.181 - - [05/Dec/2017:07:39:05 +1100] "POST 
/wp-login.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; 
rv:40.0) Gecko/20100101 Firefox/40.1"
www.it-malls.com 66.249.79.70 - - [05/Dec/2017:07:39:09 +1100] "GET 
/ukgb4/trne.php?recipe-for-homemade-window-cleaner HTTP/1.1" 301 265 "-" 
"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
www.it-malls.com 182.181.141.253 - - [05/Dec/2017:07:39:12 +1100] "POST 
/xmlrpc.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) 
Gecko/20100101 Firefox/40.1"
www.it-malls.com 89.64.36.121 - - [05/Dec/2017:07:39:32 +1100] "POST 
/xmlrpc.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) 
Gecko/20100101 Firefox/40.1"
www.it-malls.com 89.64.36.121 - - [05/Dec/2017:07:39:33 +1100] "GET 
/wp-login.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; 
rv:40.0) Gecko/20100101 Firefox/40.1"
www.it-malls.com 89.64.36.121 - - [05/Dec/2017:07:39:33 +1100] "POST 
/wp-login.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; 
rv:40.0) Gecko/20100101 Firefox/40.1"
www.it-malls.com 66.249.79.72 - - [05/Dec/2017:07:39:34 +1100] "GET 
/ukgb4/trne.php?famous-sun-valley-id-trout-recipes HTTP/1.1" 301 265 "-" 
"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
www.it-malls.com 182.181.141.253 - - [05/Dec/2017:07:39:43 +1100] "GET 
/wp-login.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; 
rv:40.0) Gecko/20100101 Firefox/40.1"
www.it-malls.com 88.230.246.176 - - [05/Dec/2017:07:39:44 +1100] "POST 
/xmlrpc.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) 
Gecko/20100101 Firefox/40.1"
www.it-malls.com 176.240.142.162 - - [05/Dec/2017:07:39:45 +1100] "POST 
/xmlrpc.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) 
Gecko/20100101 Firefox/40.1"
www.it-malls.com 88.230.246.176 - - [05/Dec/2017:07:39:46 +1100] "GET 
/wp-login.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; 
rv:40.0) Gecko/20100101 Firefox/40.1"
www.it-malls.com 88.230.246.176 - - [05/Dec/2017:07:39:47 +1100] "POST 
/wp-login.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; 
rv:40.0) Gecko/20100101 Firefox/40.1"
www.it-malls.com 176.240.142.162 - - [05/Dec/2017:07:39:47 +1100] "GET 
/wp-login.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; 
rv:40.0) Gecko/20100101 Firefox/40.1"
www.it-malls.com 176.240.142.162 - - [05/Dec/2017:07:39:48 +1100] "POST 
/wp-login.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; 
rv:40.0) Gecko/20100101 Firefox/40.1"
www.it-malls.com 182.181.141.253 - - [05/Dec/2017:07:39:52 +1100] "POST 
/wp-login.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; 
rv:40.0) Gecko/20100101 Firefox/40.1"
www.it-malls.com 212.237.119.209 - - [05/Dec/2017:07:39:59 +1100] "POST 
/xmlrpc.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) 
Gecko/20100101 Firefox/40.1"
www.it-malls.com 66.249.79.72 - - [05/Dec/2017:07:40:00 +1100] "GET 
/vvbni5/td.php?bed-and-breakfast-weston-super-mare HTTP/1.1" 301 266 "-" 
"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
www.it-malls.com 220.245.195.62 - - [05/Dec/2017:07:40:01 +1100] "POST 
/xmlrpc.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) 
Gecko/20100101 Firefox/40.1"
www.it-malls.com 220.245.195.62 - - [05/Dec/2017:07:40:03 +1100] "GET 
/wp-login.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; 
rv:40.0) Gecko/20100101 Firefox/40.1"
www.it-malls.com 220.245.195.62 - - [05/Dec/2017:07:40:04 +1100] "POST 
/wp-login.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; 
rv:40.0) Gecko/20100101 Firefox/40.1"
www.it-malls.com 212.237.119.209 - - [05/Dec/2017:07:40:05 +1100] "GET 
/wp-login.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; 
rv:40.0) Gecko/20100101 Firefox/40.1"
www.it-malls.com 212.237.119.209 - - [05/Dec/2017:07:40:06 +1100] "POST 
/wp-login.php HTTP/1.1" 301 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; 
rv:40.0) Gecko/20100101 Firefox/40.1"
www.it-malls.com 66.249.79.70 - - [05/Dec/2017:07:40:26 +1100] "GET 
/ukgb4/trne.php?diablo-2-lod-horadric-cube-recipes HTTP/1.1" 301 265 "-" 
"Moz

[BlueOnyx:21554] Re: Setting up a subdomain on a different machine.

[Fungal Style]

Ok, thanks, I think that is what I was trying to say anyway… just maybe 
terminology not 100% correct…

Brian

On 3/12/17, 1:59 am, "Blueonyx on behalf of Michael Stauber" 
 wrote:

Hi Brian,

> Just a quick question, I just wanted to setup a sub domain for dev and
> testing, how would I do that?
> 
> For example:
> 
> Machine 1 – 1.1.1.1
> 
> Machine 2 – 1.1.1.2


It's stimple, really. Just create two virtual sites:

Server #1: 
https://nam04.safelinks.protection.outlook.com/?url=www.domain.com&data=02%7C01%7Cwayin%40hotmail.com%7Cc49b31d2afaf4e31a04908d539953c4e%7C84df9e7fe9f640afb435%7C1%7C0%7C636478235480996212&sdata=Xiu8x4sPv6YMCoWGvhkwxs8mCc6C%2BFCuv1Jmmc1V59k%3D&reserved=0
   (IP: 1.1.1.1)
Server #2: dev.domain.com   (IP: 1.1.1.2)

Then make sure you have DNS records for both and you should be good.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it

https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.blueonyx.it%2Fmailman%2Flistinfo%2Fblueonyx&data=02%7C01%7Cwayin%40hotmail.com%7Cc49b31d2afaf4e31a04908d539953c4e%7C84df9e7fe9f640afb435%7C1%7C0%7C636478235480996212&sdata=DBl9fy5%2BD%2FLJ6yl6O%2BRNctw678YiBVof4bD3ZQJw0ak%3D&reserved=0




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21552] Setting up a subdomain on a different machine.

[Fungal Style]

Hi all.

Just a quick question, I just wanted to setup a sub domain for dev and testing, 
how would I do that?

For example:
Machine 1 – 1.1.1.1
Machine 2 – 1.1.1.2

Both machines are on BlueOnyx

Machine 1 has the dns for www.example.com.au
And machine 2 is to host test.example.com.au

Do I just need to setup a new account with the prefix of test for the domain 
instead of www on 1.1.1.2? And of course add dns entries on 1.1.1.1 to point to 
1.1.1.2 for test.example.com.au and in theory it should work?

Regards
Brian

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21534] Re: Upgrading PHP releases.

[Fungal Style]

Michael,

I have actually purchased 2x of the complete packages (I have also known Greg K 
for many years), this was for a one off test and I did not want to uninstall 
from my other servers, I may have to look at another way to do it then with a 
different distro then test in the live environment at a later date… just a bit 
more work than I wanted to do.

Regards
Brian

On 19/11/17, 12:20 pm, "Blueonyx on behalf of Michael Stauber" 
 wrote:

Hi Brian,

> As per 
https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fphp.net%2Fsupported-versions.php&data=02%7C01%7Cwayin%40hotmail.com%7C0e114336c54641069fc908d52eebbbc3%7C84df9e7fe9f640afb435%7C1%7C0%7C636466512376301795&sdata=n7YRINM8hg%2BFT8pN8Q7Z6HzOq9jJUDn%2BPndmrLYUbYE%3D&reserved=0
 anything prior to PHP 5.6
> has not been supported for some time, I was wanting to quickly set up a
> box to test out an application without deploying to my live servers
> prior to testing for bugs and vulnerabilities, the app requires PHP 5.6
> as a minimum as most do these days…

We do offer maintained and current versions of PHP as an add-on for
BlueOnyx:


https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fshop.blueonyx.it%2Fblueonyx%2Fsystem%2Fphp.html&data=02%7C01%7Cwayin%40hotmail.com%7C0e114336c54641069fc908d52eebbbc3%7C84df9e7fe9f640afb435%7C1%7C0%7C636466512376301795&sdata=k9G7DeWRcNtUbjGb58NiAnO2jwGa%2B%2BB1noyC6GX5EYc%3D&reserved=0

Purchase of that item will give you access to PHP Packages designed to
work with BlueOnyx. That includes:

Latest PHP-5.3
Latest PHP-5.4
Latest PHP-5.5
Latest PHP-5.6
Latest PHP-7.0
Latest PHP-7.1

On BlueOnyx 5209R you can even install all of these at the same time and
can decide to run Vsites on selected versions of PHP via either suPHP or
PHP-FPM.

If you purchase that package with support, you will also get all updated
PHP versions that are released by us during your ongoing support period.

> I believe the thread mentioned things breaking in the web portal side of
> things if a later release was used

The BlueOnyx GUI is compiled with a PHP Zend module named "CCE", which
interfaces between the GUI's PHP pages and our CODB database backend.
This module is compiled against the OS provided PHP version. On BlueOnyx
5209R (CentOS 7) this is of course PHP-5.4.16. Replacing the onboard PHP
with an updated version will break the connectivity of the CCE module,
as it will no longer be compatible with the PHP version you're then using.

However: BlueOnyx 5207R, 5208R and 5209R do have a fallback mechanism.
If the CCE Zend module is no longer working, then the GUI will
automatically switch to use a native PHP class instead for the
connectivity to CODB. This fallback is about 6-7 times slower than the
CCE module, though. So your GUI will continue to work, but you might
notice a loss of agility.

If you feel adventurous you can of course compile your own PHP into a
separate directory and simply not replace the onboard PHP. You can then
still use the "stock" PHP for the GUI and the manually compiled PHP for
your websites. But then you'll have the troubles that roughly every 1-3
months a new version of PHP is released and eventually you need to
recompile yours again, because it's getting too old and too vulnerable.

If you look at it that way then the package in the shop is quite a
bargain, as it offloads that work to us and you constantly have access
to the latest PHP versions whenever they're released. And you get
something that works out of the box.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it

https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.blueonyx.it%2Fmailman%2Flistinfo%2Fblueonyx&data=02%7C01%7Cwayin%40hotmail.com%7C0e114336c54641069fc908d52eebbbc3%7C84df9e7fe9f640afb435%7C1%7C0%7C636466512376301795&sdata=4WINVdgO2Mv4M89NGkex%2Bdi%2BaspNG3xCThDHX3VljSU%3D&reserved=0




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21532] Upgrading PHP releases.

[Fungal Style]

Hi all,

I believe I have seen this raised once before but I am buggered if I can locate 
the thread.

As per http://php.net/supported-versions.php anything prior to PHP 5.6 has not 
been supported for some time, I was wanting to quickly set up a box to test out 
an application without deploying to my live servers prior to testing for bugs 
and vulnerabilities, the app requires PHP 5.6 as a minimum as most do these 
days…

I believe the thread mentioned things breaking in the web portal side of things 
if a later release was used, can anyone confirm this as I am thinking of just 
trying it as it is only a scratch box and I can always spend 15-30 mins getting 
everything back to where it was.

Anyway… look forward to some ideas.

Regards
Brian
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21248] Re: Fail2ban and/or dfix2 or something else is blocking me?

[Fungal Style]

Maurice,

Thanks, I suppose the most frustrating part was partly my own doing, not 
knowing exactly what packages I installed from Compass, it was more like… wow 
that sounds neat, let’s try that… after I bought a couple of licences for the 
complete package.

Also not knowing where to initially look was a little daunting from the CLI. I 
did stumble on the APF log as I thought I would look to /VAR/LOG to see if 
there were any system logs to show me errors etc… Years ago I would have just 
re-installed but now I am learning to take a closer look, even if it is for 
10-15 mins and see what I find.

I appreciate the tip on the developer mode, will need to look at this on the 
weekend I think, then maybe I can re-implement it if need be (as I turned it 
off in the GUI now also as well as via the shell)

Regards
Brian

On 9/8/17, 10:01 pm, "Blueonyx on behalf of Maurice de Laat" 
 wrote:

Hi Brian,

On 09-08-17 01:17, Fungal Style wrote:
> OK, I have the culprit, it is APF firewall, I stopped it and now I can 
> access the site again, the next steps now would be to find out what went 
> wrong and why it was blocking all traffic.

Check apf's logfile, usually in /var/log/apf_log.

Furthermore, for testing purposes, apf has a developer mode that can be 
enabled in the configfile, usually /etc/apf/conf.apf:
# [Main]
##
# !!! Do not leave set to (1) !!!
# When set to enabled; 5 minute cronjob is set to stop the firewall. Set
# this off (0) when firewall is determined to be operating as desired.
DEVEL_MODE="0"

setting devel_mode to 1 forces apf to stop (and allow all connections) 
after 5 minutes.

Kind regards
Maurice
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21246] Re: Fail2ban and/or dfix2 or something else is blocking me?

[Fungal Style]

OK, I have the culprit, it is APF firewall, I stopped it and now I can access 
the site again, the next steps now would be to find out what went wrong and why 
it was blocking all traffic.

Any help would be appreciated, although this is now a very low priority as I 
have access again without the firewall running (although it is only a test 
server, I still want to work out what happened in case I get the same issue on  
a production server).

Regards
Brian

From: Blueonyx  on behalf of Fungal Style 

Reply-To: BlueOnyx General Mailing List 
Date: Wednesday, 9 August 2017 at 8:37 am
To: "Blueonyx@mail.blueonyx.it" 
Subject: [BlueOnyx:21245] Fail2ban and/or dfix2 or something else is blocking 
me?

Hi all,

Just had a bit of a late night and just as I was going to sleep I lost 
connectivity to the server.

I was doing some work on a content management system which may or may not be 
relevant, but it was likely to be intensive on the disk access as it was 
deleting around 50 photo images.

I did gen an email:
Active Monitor has detected recent changes in the state of your server 
appliance.
For more details, please see the Active Monitor section of the Server Desktop.

Summary of changes:

* Fail2ban is not running and could not be restarted. Please try to restart the 
service fail2ban manually.

* The AV-SPAM services are not working correctly. This might interfere with 
email delivery. Please restart the related services manually.
- The SpamAssassin services 'spamassassin' and/or 'spamass-milter' are not 
running and could not be restarted. Please restart this services manually.

So currently I cannot ping, log in via the web portal, access any site on the 
server from my normal IP address. I have tested from a remote IP and I believe 
I was able to access a web site for a few moments then I was getting time out 
messages in the browsers.

I tried a restart of the server (I was putting that off, but I only had console 
access) as it could ping out and nothing could ping in. When restarting, if I 
am pinging it from a remote server I get 5 ping responses during restart, prior 
to restart and after restart all pings are block, it would appear all inbound 
traffic is blocked.

I would like to know how to trouble shoot this further, possibly what logs to 
check? To see if I can find out if it is fail2ban or something else blocking me.

Server is running 5209R and I have not made any known changes in the last weeks.

Regards
Brian
___ Blueonyx mailing list 
Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21245] Fail2ban and/or dfix2 or something else is blocking me?

[Fungal Style]

Hi all,

Just had a bit of a late night and just as I was going to sleep I lost 
connectivity to the server.

I was doing some work on a content management system which may or may not be 
relevant, but it was likely to be intensive on the disk access as it was 
deleting around 50 photo images.

I did gen an email:
Active Monitor has detected recent changes in the state of your server 
appliance.
For more details, please see the Active Monitor section of the Server Desktop.

Summary of changes:

* Fail2ban is not running and could not be restarted. Please try to restart the 
service fail2ban manually.

* The AV-SPAM services are not working correctly. This might interfere with 
email delivery. Please restart the related services manually.
- The SpamAssassin services 'spamassassin' and/or 'spamass-milter' are not 
running and could not be restarted. Please restart this services manually.

So currently I cannot ping, log in via the web portal, access any site on the 
server from my normal IP address. I have tested from a remote IP and I believe 
I was able to access a web site for a few moments then I was getting time out 
messages in the browsers.

I tried a restart of the server (I was putting that off, but I only had console 
access) as it could ping out and nothing could ping in. When restarting, if I 
am pinging it from a remote server I get 5 ping responses during restart, prior 
to restart and after restart all pings are block, it would appear all inbound 
traffic is blocked.

I would like to know how to trouble shoot this further, possibly what logs to 
check? To see if I can find out if it is fail2ban or something else blocking me.

Server is running 5209R and I have not made any known changes in the last weeks.

Regards
Brian
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21121] Re: What to do?

[Fungal Style]

What do you see when you type in the IP address in a web browser (I am assuming 
you are using an IP address that is routable and assigned to your ESXI)?

Did the administrator log in appear previously? Or is this a fresh install and 
you have ran the network shell script to config the IP, etc?

Regards
Brian

On 18/6/17, 8:32 pm, "Blueonyx on behalf of Lewis Gardner" 
 wrote:


Everything looks normal but I can't connect.

I was adding vsites to a 5208R machine running on a ESXi 5.1 and all of 
a sudden I could not connect. No vsites, no web GUI login, no SSH, no 
pings returned.

Other machines on the ESXi 5.1 box work fine. If I connect using vSphere 
client I can open a console to the 5208R machine, log in and all looks 
normal. Plenty of disk space, memory and low CPU load. I can ping 
domains on the Internet so there is network connectivity.

I have restarted the 5208R machine from console and everything looks normal.

Any ideas on what to do?
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:20685] Re: Mail to Microsoft Customers

[Fungal Style]

Personally I have no issues, it does appear that you may be on some form of 
black list or sending too many emails too quickly to Yahoo Inc, ot Microsoft 
Inc domains… they are different companies.

Microsoft’s suggestion of :

Mail rejected by Outlook.com for policy reasons. Reasons for rejection may be 
related to content with spam-like characteristics or IP/domain reputation. If 
you are not an email/network admin please contact your Email/Internet Service 
Provider for help.


Would be a good start, maybe try searching for your IPs in a black list site, 
or just try a google search for something like:
abuse 

Where you would enter your IP address of the mail server… you may need to do 
what I had to with AOL and do all the reverse lookup SPX, etc (insert favourite 
jump through hoop step here).

HTH

Regards

Brian

From: Blueonyx  on behalf of Maillists 

Reply-To: BlueOnyx General Mailing List 
Date: Monday, 20 February 2017 at 10:49 pm
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:20684] Mail to Microsoft Customers


We have had problems in the past sending e-mails to Microsoft companies (yahoo, 
outlook, Hotmail etc) from our BO box.

The message we get back in the log is

Feb 20 13:54:01 centos7 postfix/smtp[549]: 0D4B13F28A49: 
to=, relay=mx2.hotmail.com[65.54.188.126]:25, delay=24, 
delays=23/0/0.14/0.04, dsn=5.0.0, status=bounced (host 
mx2.hotmail.com[65.54.188.126] said: 550 SC-001 (BAY004-MC4F21) Unfortunately, 
messages from 208.67.xxx.xxx weren't sent. Please contact your Internet service 
provider since part of their network is on our block list. You can also refer 
your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. (in 
reply to MAIL FROM command))

For the last few months we have been fortunate to have access to a machine that 
is allowed to deliver to Microsoft domains. But due to circumstances beyond our 
control, we are losing access to that machine next week.

I have spent a lot of time reading the nonsense document at mail.live.com and 
am no closer to understanding what we have to do.

How is everyone handling getting mail delivered to Microsoft customers?

___ Blueonyx mailing list 
Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:18084] Re: Mysterious /web ownership change

[Fungal Style]

I happened to read this email chaimn today and I experienced the same thing a 
few times. It appeared to happen around the time of updates being done to the 
server via yum.
 
In my scenario the pages would not translate the PHP code to create the page as 
expected and I had to switch between one of the PHP settings and then back 
again. This happened at least twice so I turned off auto updates and now 
perform the updates manually double checking a couple of key sites after the 
update has completed.
 
I had this issue a couple of months back so my memory of what happened and what 
I did are a little foggy.
 
Chris: Did you not do any yum updates for some time? as I was suspecting it to 
be a yum update causing it as it only happened 2-3 times on mornings when a yum 
update was done.
 
Regards
Brian
 
> To: blueonyx@mail.blueonyx.it
> From: cobaltfa...@virtbiz.com
> Date: Wed, 22 Jul 2015 21:25:43 -0500
> Subject: [BlueOnyx:18083] Re: Mysterious /web ownership change
> 
> Thanks Michael.
> 
> On 7/22/2015 9:07 PM, Michael Stauber wrote:
> 
> > I used this script to forcibly convert all Vsites from regular PHP to
> > suPHP when I was too lazy to do it via the GUI.
> 
> Yeah, I think we'll put that to work.  Thanks for the tip on that, as it 
> will greatly expedite things rather than paging through each Vsite in 
> the GUI.  CLI tools to the rescue!
> 
> Thanks again.  I sure do wish we could nail down a cause on this.  I'd 
> feel better about it.We may never know.   Some of these are 
> sites that go back to 2000, 2001 and came from BlueQuartz as a migration 
> of a migration of a migration (perhaps of a migration).
> 
> -- 
> Chris Gebhardt
> VIRTBIZ Internet Services
> Access, Web Hosting, Colocation, Dedicated
> www.virtbiz.com | toll-free (866) 4 VIRTBIZ
> ___
> Blueonyx mailing list
> Blueonyx@mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
  ___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:17464] Re: relaying denied

[Fungal Style]

Maybe you misread... "without the use of CNAMES"
I have had the same issues for a long time and seen forums and mailing list 
posts where people have gone to many lengths to get  it to work and the simple 
act of following the DNS entries on the link you provided and the steps I 
provided solved the issues I had with aliases as the email would only work if 
using @www.
I believe the page ( http://www.blueonyx.it/index.php?page=dns-for-email ) may 
have referred to my steps when stating:This assumes that "www.site.com" is the 
exact name of the site as shown in the virtual site list and that "site.com" 
has been set as "Email Server Alias" (and "Web Server Alias") for that site.
specifically:"site.com" has been set as "Email Server Alias"
If my steps of adding the email server alias is not correct I will need to 
setup another test box and check if the latest BO will work with just the 
instructions on the page (just setting the DNS entries listed in the tables) as 
last few times of setting up BO servers it would give me relay errors if I sent 
email to alias email addresses.
RegardsBrian

> Date: Mon, 27 Apr 2015 06:55:14 -0500
> From: mstau...@blueonyx.it
> To: blueonyx@mail.blueonyx.it
> Subject: [BlueOnyx:17461] Re: relaying denied
> 
> Hi Brian,
> 
> > EASY SOLUTION without the use of CNAMES (which are evil) >:)
> > Go to site managementSelect your domainselect Serviceselect Email
> > Add the FQDN in the EMAIL SERVER ALIAS field, which is marked as 
> > optional
> > This corrected the problem for me, AFTER I had followed the instructions in 
> > the dns for email link.
> > Possibly something that could be added to the document?
> 
> I will NEVER recommend any CNAMEs based DNS. That's just asking for
> trouble. And adding the FQDN to the email server alias field is
> redundant and it will cause problems, too.
> 
> So you're causing two problems that somehow (under certain
> circumstances) happen to cancel themselves out.
> 
> Additionally it'll break as soon as you add a subdomain and want email
> for that as well.
> 
> Hence: Do it by the book and you'll have no issues. And forget that
> CNAMEs even exist.
> 
> -- 
> With best regards
> 
> Michael Stauber
> ___
> Blueonyx mailing list
> Blueonyx@mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
  ___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:17460] Re: relaying denied

[Fungal Style]

Yes, this one got me for a long time...
EASY SOLUTION without the use of CNAMES (which are evil) >:)
Go to site managementSelect your domainselect Serviceselect Email
Add the FQDN in the EMAIL SERVER ALIAS field, which is marked as optional
This corrected the problem for me, AFTER I had followed the instructions in the 
dns for email link.
Possibly something that could be added to the document?
RegardsBrian Carter


> Date: Sun, 26 Apr 2015 14:55:50 -0500
> From: mstau...@blueonyx.it
> To: blueonyx@mail.blueonyx.it
> Subject: [BlueOnyx:17459] Re: relaying denied
> 
> Hi Robert,
> 
> > One other thing, I would like to have sendmail remove
> > the machine name from the mail address when mail is
> > sent, IE  per...@blablabla.com instead of
> > per...@www.blablabla.com, Can this be easile accomplished?
> 
> A comprehensive guide answering these two questions can be found here:
> 
> http://www.blueonyx.it/index.php?page=dns-for-email
> 
> -- 
> With best regards
> 
> Michael Stauber
> ___
> Blueonyx mailing list
> Blueonyx@mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
  ___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:14137] Re: BlueOnyx Installation Issues

[Fungal Style]

Well an update from my post...

I tried in a vm... centos 6.3 bo works but 6.4 asked for the location of 
source. Now it i mount the 6.3 it will progress... so not likely a driver issue 
here... maybe image issue?

Will try from other location as i believe i grabbed from main US repository.

--- Original Message ---

From: "Michael Stauber" 
Sent: 19 December 2013 6:44 AM
To: "BlueOnyx General Mailing List" 
Cc: mdua...@sentex.net
Subject: [BlueOnyx:14123] Re: BlueOnyx Installation Issues

Hi Manuel,

> Just a quick question. I have tried installing BlueOnyx 5107R (CentOS) on two
> different machines unsuccessfully. The issue is that I can boot from the CD
> and progress successfully though several menus. However, I get to one point
> and the setup menu complains that it cannot find the distribution. I tried
> the installation on a Dell 17XX series blade and an IBM X232 (both SCSI based
> systems) with exactly the same problem. Any idea of what I could be doing
> wrong?

I replied to your earlier message with the response marked as
[BlueOnyx:14114]

The installer shouldn't ask you for keyboard and language. That happens
at a later time when the install has finished and you access the web
based GUI for the first time.

If you're asked for keyboard and language settings during the install,
then things already went wrong.

The typical reason for that is this:

The CD boots a mini Linux used for the install. That mini Linux uses a
Kernel that's supplied on the CD and that kernel uses the drivers
included on the CD to detect the hardware - such as CD ROMs.

It is most likely that this mini Linux doesn't have the drivers for the
CD ROM that you are using for the install.

Yes, I know. It is a bit paradox. It got that far on one kernel (the 1st
stage installer), but the kernel on the 2nd stage of the installer now
can't see the CD ROM.

You can use CTRL + ALT + the function keys F1-F12 to tab through various
shells. F1 shows the installer and F2 usually gives you a root shell. On
that shell you can use "fdisk -l" or "mount" or "dmesg" to check and
you'll see that the CD ROM didn't get initialized.

If you're using an external USB CD ROM, try to use another one or - at
the worst - open the server and temporarily connect an IDE or SATA CD
ROM just for the install.

Or sometimes it is sufficient to disconnect the USB CD-ROM as soon as
the blue background of the installer shows. Just disconnect it for 2-3
seconds and reconnect. This should happen before the message "Detecting
USB devices" (or similar) pops up.

You answered about the hardware in your most recent reply. What kind of
CD-ROMs are you using in that servers?

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:14115] Re: Problems installing 5107R

[Fungal Style]

Actually i just had the same experience... with the centos 6.4 release of 
blueonyx 64bit.

I am setting up on a vm for testing and have used BO on vms previously with 
little or no issues.

I will try a few thing as the install option i  chose was for single drive 
where normally i would select nomdraid or the 1st option... no too sure as i am 
not in front of the console for a bit.

Regards
Brian

--- Original Message ---

From: "Michael Stauber" 
Sent: 17 December 2013 9:12 AM
To: "BlueOnyx General Mailing List" 
Subject: [BlueOnyx:14114] Re: Problems installing 5107R

Hi Manuel,

> Not sure if anyone has experienced this problem. When installing BlueOnyx
> 5107R (32-bit) the machine bots from the CD fine but then after a few screens
> for language and keyboard it complains that it cannot find the installation
> CD! This would be the same CD as the server booted from I would think. I
> tried this on two machines with the same result. Anyone experience this
> before?

The installer shouldn't ask you for keyboard and language. That happens
at a later time when the install has finished and you access the web
based GUI for the first time.

If you're asked for keyboard and language settings during the install,
then things already went wrong.

The typical reason for that is this:

The CD boots a mini Linux used for the install. That mini Linux uses a
Kernel that's supplied on the CD and that kernel uses the drivers
included on the CD to detect the hardware - such as CD ROMs.

It is most likely that this mini Linux doesn't have the drivers for the
CD ROM that you are using for the install.

Yes, I know. It is a bit paradox. It got that far on one kernel (the 1st
stage installer), but the kernel on the 2nd stage of the installer now
can't see the CD ROM.

You can use CTRL + ALT + the function keys F1-F12 to tab through various
shells. F1 shows the installer and F2 usually gives you a root shell. On
that shell you can use "fdisk -l" or "mount" or "dmesg" to check and
you'll see that the CD ROM didn't get initialized.

If you're using an external USB CD ROM, try to use another one or - at
the worst - open the server and temporarily connect an IDE or SATA CD
ROM just for the install.

Or sometimes it is sufficient to disconnect the USB CD-ROM as soon as
the blue background of the installer shows. Just disconnect it for 2-3
seconds and reconnect. This should happen before the message "Detecting
USB devices" (or similar) pops up.

Out of curiosity: What hardware are you using and what type of CD ROM?

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:11948] Re: Blocking brute force SSH login attempts

[Fungal Style]

Kev,
 
I see you have found the ever unanswerable question... how many attempts is too 
many security vs usability it is a trade off...
 

> Date: Wed, 9 Jan 2013 07:24:47 -0700
> From: kander...@digital-adrenaline.com
> To: ja...@slor.net
> CC: blueo...@blueonyx.it
> Subject: [BlueOnyx:11945] Re: Blocking brute force SSH login attempts
> 
> I use Fail2Ban. It works excellent, except when a client locks the self out. 
> :)
> 
> Kev
> 
> On Jan 9, 2013, at 7:08 AM, "James"  wrote:
> 
> > Is there a simple way in BlueOnyx to auto-block hosts that fail to login via
> > SSH too many times? Something similar to the Failed Logins settings for the
> > BlueOnyx login page but for SSH?
> > 
> > 
> > 
> > thanks
> > 
> 
> ___
> Blueonyx mailing list
> Blueonyx@mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
  ___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:11944] Re: Blocking brute force SSH login attempts

[Fungal Style]

Jeff, yes have read up on it and yes fail2ban sounds good and I would like to 
implement it or similar at some point.. but it seems dog chasing tail explains 
my life right now :)
 
Brian
 

> From: jf...@qzoneinc.com
> Date: Wed, 9 Jan 2013 08:12:35 -0600
> To: blueonyx@mail.blueonyx.it
> Subject: [BlueOnyx:11941] Re: Blocking brute force SSH login attempts
> 
> On Jan 9, 2013, at 8:07 AM, James wrote:
> 
> > Is there a simple way in BlueOnyx to auto-block hosts that fail to login 
> > via SSH too many times? Something similar to the Failed Logins settings for 
> > the BlueOnyx login page but for SSH?
> 
> I use Fail2ban
> 
> Regards;
> Jeff
> 
> 
> ___
> Blueonyx mailing list
> Blueonyx@mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
  ___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:11942] Re: Blocking brute force SSH login attempts

[Fungal Style]

As far as I know... yes and no
 
BO will block accounts and IPs that are attempted to be brute forced, but the 
account needs to exist, well that has been my experience
 
I tend to use the iptables and block /32 or if it is from China or other known 
hacking countries then a /24 is a minimum... 
 
I have been thinking of routing everything through a firewall or sorts so that 
the hackers will usually hit it first then get the IP blocked (as all other 
servers would be on a virtual LAN)... or something like that but it needs 
more thought at this stage and I just dont have the time to look too far into 
it.
 
If anyone has a good solution (preferrably free) then I am open to suggestions 
too (much like most on this list I would assume).
 
HTH
 
Brian
 



From: ja...@slor.net
To: blueo...@blueonyx.it
Date: Wed, 9 Jan 2013 09:07:31 -0500
Subject: [BlueOnyx:11940] Blocking brute force SSH login attempts





Is there a simple way in BlueOnyx to auto-block hosts that fail to login via 
SSH too many times?  Something similar to the Failed Logins settings for the 
BlueOnyx login page but for SSH?
 
thanks
___ Blueonyx mailing list 
Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx 
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:11904] Re: Need to remove a rejected IP

[Fungal Style]

Hi all...
 
I suspect this would not be an issue for a production machine, but iptables 
rules are removed if the server is restarted, correct?
 
Brian
 

> Date: Thu, 3 Jan 2013 19:06:26 -0500
> From: tigerw...@tigerden.com
> To: blueonyx@mail.blueonyx.it
> Subject: [BlueOnyx:11896] Re: Need to remove a rejected IP
> 
> On Thu, 3 Jan 2013, Richard Barker wrote:
> 
> > I used this command to block an attacker
> > route add -net x.x.x.x netmask 255.255.255.255 reject
> >
> > if I do a netstat -nrl I get this
> > x.x.x.x - 255.255.255.255 !H - - - -
> >
> > How do I get it removed ?
> 
> I've found different versions of route are terribly picky about syntax,
> in particular, some demand the netmask portion, and some don't.
> 
> Try:
> 
> route del -net x.x.x.x netmask 255.255.255.255
> 
> and
> 
> route add -net x.x.x.x
> 
> Your particuar 'man route' man page may provide some clues.
> 
> If you don't want to reboot, you could take the interface down and bring
> it back up, though clearly you *DON'T* want to do this unless you have a
> console or alternate method of getting into and controlling the box as
> you could get locked out if things don't behave as they should.
> 
> Try:
> 
> service network restart
> 
> That should restart the network with the box's 'default' network settings
> and any manually entered, but otherwise unsaved routes should go away.
> 
> In general, iptables should be used to block attacks rather than adding
> null routes:
> 
> iptables -A INPUT -s  
> iptables -D INPUT -s  
> Check man iptables for help on that.
> 
> =^_^= Tigerwolf
> ___
> Blueonyx mailing list
> Blueonyx@mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
  ___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:11903] Re: new sites redirecting to default site

[Fungal Style]

Roy,
 
The second part where other FQDN redirect to the root domain name of the 
server, it would indicate that DNS was not running... is it happening for ALL 
domains on that server?
 
Regards
Brian
 

> Date: Wed, 2 Jan 2013 14:02:14 -0500
> From: rur...@usa.net
> To: blueonyx@mail.blueonyx.it
> Subject: [BlueOnyx:11882] Re: new sites redirecting to default site
> 
> 1: Yes, all sites share the same IP. This is the same config I run on 
> several other BX boxes.
> 2: All aliases are correct as far as I can tell. To clarify my first 
> message, the root site of the server is www.domain1.NET (with an alias 
> of domain1.net). The other sites are typically from our production 
> domain1.COM. domain, and in some cases other FQDNs entirely.
> 3: I have gone so far as to not only reboot the server entirely, but to 
> delete and recreate the site.
> 
> 
> On 1/2/2013 11:12 AM, Dirk Estenfeld wrote:
> > Roy,
> >
> > three suggestions from my site.
> >
> > 1. Did you enter the correct ip address the domain is pointing to?
> > 2. Maybe you only used www.domain.de and did not add the domain alias 
> > domain.de in web
> > 3. Maybe apache webserver did not restart. Go to shell (as root) and do a 
> > service httpd stop (check if apache fpr the websites is stoped) and do a 
> > service httpd start
> >
> > Regards,
> > Dirk
> >
> >
> > ---
> > Black Point Arts Internet Solutions GmbH - Hanauer Landstrasse 423a - 60314 
> > Frankfurt
> >
> >
> >
> >
> > -Ursprüngliche Nachricht-
> > Von: blueonyx-boun...@mail.blueonyx.it 
> > [mailto:blueonyx-boun...@mail.blueonyx.it] Im Auftrag von Roy Urick
> > Gesendet: Mittwoch, 2. Januar 2013 17:04
> > An: blueonyx@mail.blueonyx.it
> > Betreff: [BlueOnyx:11878] new sites redirecting to default site
> >
> > when we create a new site in the gui, the server is not properly directing 
> > the traffic to the correct web directory, and instead drops you in the 
> > default first site web directory.
> >
> > Any suggestions as to what to check first?
> >
> > For example we created the server with the default site of www.site1.com. 
> > If we create a new site with the hostname of transfer.site1.com (sharing 
> > the same IP address) and save it, when we surf to transfer.site1.com we are 
> > redirected to www.site1.com.
> >
> > Comparing it to my other server(s) I see nothing different.
> > ___
> > Blueonyx mailing list
> > Blueonyx@mail.blueonyx.it
> > http://mail.blueonyx.it/mailman/listinfo/blueonyx
> >
> > ___
> > Blueonyx mailing list
> > Blueonyx@mail.blueonyx.it
> > http://mail.blueonyx.it/mailman/listinfo/blueonyx
> 
> ___
> Blueonyx mailing list
> Blueonyx@mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
  ___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:11902] Re: new sites redirecting to default site

[Fungal Style]

Hi Roy,
 
Just had a quick read but you may want to confirm the tick is out of 'Web Alias 
Redirects' as this will mean all subdomains will redirect to the main domain... 
in your case transfer.site1.com will redirect to www.site1.com
 
Hope this helps...
 
Regards
Brian
 

> From: dirk.estenf...@bpanet.de
> To: blueonyx@mail.blueonyx.it
> Date: Wed, 2 Jan 2013 16:12:32 +
> Subject: [BlueOnyx:11879] Re: new sites redirecting to default site
> 
> Roy,
> 
> three suggestions from my site.
> 
> 1. Did you enter the correct ip address the domain is pointing to?
> 2. Maybe you only used www.domain.de and did not add the domain alias 
> domain.de in web
> 3. Maybe apache webserver did not restart. Go to shell (as root) and do a 
> service httpd stop (check if apache fpr the websites is stoped) and do a 
> service httpd start
> 
> Regards,
> Dirk
> 
> 
> ---
> Black Point Arts Internet Solutions GmbH - Hanauer Landstrasse 423a - 60314 
> Frankfurt
> 
> 
> 
> 
> -Ursprüngliche Nachricht-
> Von: blueonyx-boun...@mail.blueonyx.it 
> [mailto:blueonyx-boun...@mail.blueonyx.it] Im Auftrag von Roy Urick
> Gesendet: Mittwoch, 2. Januar 2013 17:04
> An: blueonyx@mail.blueonyx.it
> Betreff: [BlueOnyx:11878] new sites redirecting to default site
> 
> when we create a new site in the gui, the server is not properly directing 
> the traffic to the correct web directory, and instead drops you in the 
> default first site web directory.
> 
> Any suggestions as to what to check first?
> 
> For example we created the server with the default site of www.site1.com. If 
> we create a new site with the hostname of transfer.site1.com (sharing the 
> same IP address) and save it, when we surf to transfer.site1.com we are 
> redirected to www.site1.com.
> 
> Comparing it to my other server(s) I see nothing different.
> ___
> Blueonyx mailing list
> Blueonyx@mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
> 
> ___
> Blueonyx mailing list
> Blueonyx@mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
  ___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:11846] Re: apache sender shows localhost.localdomain

[Fungal Style]

sorry to interrupt, I was just clearing my hotmail inbox wen I saw this
 
I had a a similar issue when setting up my primary name server, in the log 
files of SSH attacks (yes even as I was setting up someone in Cjina was trying 
to hack into me, true story) it showed localhost as the host name and not NS1 
like I had told it to in the web settings...
 
Also my web site was displaying the login, and not the templated holding page I 
was expecting...
 
I noticed that *SILLY ME* I forgot to change the settings in my SOA under DNS, 
I am not certain but it may be the same issue here also.
 
Let us know how you go :)
 
Regards
Brian
 

> From: dirk.estenf...@bpanet.de
> To: blueonyx@mail.blueonyx.it
> Date: Fri, 7 Dec 2012 09:12:31 +
> Subject: [BlueOnyx:11770] Re: apache sender shows localhost.localdomain
> 
> Ken,
> 
> what did you enter in System Settings -> TCP/IP -> Host and Domainname?
> If there is also localhost localdomain enter the correct hostname and 
> domainname and save the settings.
> After this the emails should be sent as @.
> 
> Regards,
> Dirk
> 
> 
> ---
> Black Point Arts Internet Solutions GmbH - Hanauer Landstrasse 423a - 60314 
> Frankfurt
> 
> 
> 
> -Ursprüngliche Nachricht-
> Von: blueonyx-boun...@mail.blueonyx.it 
> [mailto:blueonyx-boun...@mail.blueonyx.it] Im Auftrag von Ken - Precision Web 
> Hosting, Inc
> Gesendet: Donnerstag, 6. Dezember 2012 23:30
> An: BlueOnyx General Mailing List
> Betreff: [BlueOnyx:11766] apache sender shows localhost.localdomain
> 
> Hi All
> 
> I have one blueonyx server that is sending php email as
> 
> ctladdr=
> The others are fine. 
> 
> Any idea where is this set on the BlueOnyx servers?
> 
> Or, where does the 
> /usr/sausalito/configs/php/set_php_headers.php
> get it's value for 
> putenv("_HTTP_HOST=".@$_SERVER["HTTP_HOST"]);\
> 
> 
> 
> 
> 
> Ken Marcus
> 
> 
> ___
> Blueonyx mailing list
> Blueonyx@mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
> 
> ___
> Blueonyx mailing list
> Blueonyx@mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
  ___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx