Re: mod_php vs fastcgi/php speed
On Fri, 2004-03-19 at 08:11, Arkadiusz Miskiewicz wrote: The interesting thing is that no one works on fixing perchild MPM in apache2 that would allow to use standard mod_php in secure way :/ It would be great if someone get paid to fix that once for all. Hi, I wonder if you could fill me in on the details or point me to the right web pages. I am interested in two issues * How difficult is it to do? (est Man hours would be useful too) * What are the benefits? Thanks and best wishes, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: mod_php vs fastcgi/php speed
On Fri, 2004-03-19 at 08:11, Arkadiusz Miskiewicz wrote: The interesting thing is that no one works on fixing perchild MPM in apache2 that would allow to use standard mod_php in secure way :/ It would be great if someone get paid to fix that once for all. Hi, I wonder if you could fill me in on the details or point me to the right web pages. I am interested in two issues * How difficult is it to do? (est Man hours would be useful too) * What are the benefits? Thanks and best wishes, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED]
configuring postfix to reject messages to non-existing user account
Hi, I have a postfix installation and it accepts all email to specified domains regardless of the user part. This seems to pose a security hole in sending spam / viruses. Say someone sends an email to the server with the from of [EMAIL PROTECTED] and the to of [EMAIL PROTECTED], postfix accepts this email although there is not local account for [EMAIL PROTECTED] It then tries to bounce the message back including the full message and any attachments. Postfix is configured with virtual domains retrieved from an sql database. Can anyone point me in the right direction for getting postfix to reject messages for non-existent local accounts instead of just bouncing it? Thanks and best wishes, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
configuring postfix to reject messages to non-existing user account
Hi, I have a postfix installation and it accepts all email to specified domains regardless of the user part. This seems to pose a security hole in sending spam / viruses. Say someone sends an email to the server with the from of [EMAIL PROTECTED] and the to of [EMAIL PROTECTED], postfix accepts this email although there is not local account for [EMAIL PROTECTED] It then tries to bounce the message back including the full message and any attachments. Postfix is configured with virtual domains retrieved from an sql database. Can anyone point me in the right direction for getting postfix to reject messages for non-existent local accounts instead of just bouncing it? Thanks and best wishes, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: SSHD trouble
On Mon, 2003-10-20 at 20:51, Frank Stefan Sundberg Solli wrote: I tryed to run ssh with debuging, but nothing pertucular showed up. Where does it pause? same place as when you are connecting with an internet connection? Also, try adding more v's(i.e. ssh -vvv) to see if that gives more info. HTH, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: SSHD trouble
On Mon, 2003-10-20 at 20:51, Frank Stefan Sundberg Solli wrote: I tryed to run ssh with debuging, but nothing pertucular showed up. Where does it pause? same place as when you are connecting with an internet connection? Also, try adding more v's(i.e. ssh -vvv) to see if that gives more info. HTH, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
RE: Apache clustering w/ load balancing and failover
On Sun, 2003-09-21 at 15:05, Thomas Lamy wrote: You're wrong. round robin dns isn't HA, isn't load balancing, it's just request spreading. You can't control how many (DNS-)clients cache one of the RR IP's, therefore you won't get even load on your RR'ed servers. Plus you _have_ to use a tool like lb-named to keep your round robin dns from giving out the IP of a failed server. It really comes down to using LVS+(keepalived|heartbeat|...) or pen. Thanks for all the feedback. What about mod_proxy + wackamole ? anybody have experience with this combination ? Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: Apache clustering w/ load balancing and failover
On Wed, 2003-09-17 at 08:50, Markus Oswald wrote: Personally I would suggest LVS / keepalived - IMHO it's the most robust and powerful solution you can currently get. Definitely worth a look... It's not as hard to setup as you think - you need a little bit of experience for planing your cluster setup, but the software installation and configuration is probably the easier part. I installed/run multiple clusters, some with quite a lot of traffic (well, that's what load-balancing is good for) some just needed the HA features. No serious problems with keepalived and no problems at all with LVS. Looking at the documentation for LVS, it mentions that it needs two nodes, a primary node and a backup node which then feeds into n real servers. Does this mean that I will need two additional machines to be able to do LVS or would I be able to double up a couple of the webservers as the nodes ? Thanks for the feedback, Best wishes, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: Debian-based hosting needed
On Wed, 2003-09-17 at 12:30, Antony Gelberg wrote: I need to move my email and web server to somewhere that's not behind my ADSL connection. Obviously I am a big Debian fan, however all the server hosting companies I can find are using RedHat or that Sun sh*t. ;) Can anyone recommend a company? Hardware requirements are pretty basic, and once the server is installed, we will manage it ourselves. All we need from this company will be connectivity and the box itself. Backup would be something we'd think about if the price was right. Oh yeah, price is important as well. We are a UK based company that afford very affordable debian hosting. Here are out bottom two pricing plans for anyone who is interested. Basic Solution - £5/month + £10 Setup 40Mb web space 1 Domain name 1Gb transfer per month Unlimited email accounts (additional £5 per month) Upgrade to IMAP mail access (additional £10 per month + £10 Setup) SFTP / SSL-FTP Access (additional £10/month for VPN-Network drive access) Web mail (additional £5/month + £10 Setup) Filter Junk Mail (Additional £15/month + £10 Setup) Filter Email Viruses (Additional £15/month + £10 Setup) PHP + MySQL (Additional £10/month + £15 setup) PHP + PostgreSQL (Additional £15/month + £15 setup) Subdomains (Setup charge of £5) Standard Solution - £15/month + £10 setup 300MB Webspace (£1/MB additional) unlimited email accounts 1 Domain name 2GB data transfer per month Upgrade to IMAP mail access (additional £10/Month + £10 Setup) SFTP / SSL-FTP Access (additional £10/month for VPN-Network drive access) Web mail (additional £5/month + £10 Setup) Filter Junk Mail (Additional £15/month + £10 Setup) Filter Email Viruses (Additional £15/month + £10 Setup) PHP + MySQL (Additional £10/month + £15 setup) PHP + PostgreSQL (Additional £15/month + £15 setup) Subdomains Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: Apache clustering w/ load balancing and failover
On Wed, 2003-09-17 at 18:46, Markus Oswald wrote: On Wed, 2003-09-17 at 15:00, Shri Shrikumar wrote: Looking at the documentation for LVS, it mentions that it needs two nodes, a primary node and a backup node which then feeds into n real servers. Actually I never saw this mentioned in the documentation - I haven't looked at it for quite some time now, tough. LVS definitely works with ONE machine which acts as the loadbalancer. You can use a second machine for failover if you need the redundancy, but as far as I know, LVS can't handle this by itself so you would have to use keepalived or heartbeat for that. Hi, Thanks for the response. Let me just clarify. If I have two boxes, I can configure both of them to be webservers and one of them to be the lvs node. I dont need a third machine to be a dedicated node. Is this correct ? Thanks, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Apache clustering w/ load balancing and failover
Hi, I am looking to implement an Apache cluster with Load Balancing and failover and after going through several options, the only one that is not too complex and does everything that I need seems to be pen http://siag.nu/pen/ I am curious about other peoples experience with this / other clustering software. I have already looked at software like lvs / heartbeat but it feels like using a sledgehammer to crack a nut. I also looked at mod_proxy but that doesnt seem to take care of fail-over. Also, its quite important that the cluster would recognize hung / crashed apache as well. It will start off with three nodes and might get more added on later. Any info / opinions / tips / links appreciated. Best wishes, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: chmod in SFTP
On Mon, 2003-08-18 at 10:39, Clement Hermann wrote: SFTP is nothing but ssh... I don't think there is a way with plain ssh to limit users such a way. By the way, if you allow sftp login, users will be able to log in to a shell. Unless you set the shell to scponly in which case, they get only sftp. you will of course also have to install the scponly package Best wishes, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
postfix delivery prob
Hi All, I seem to have a problem with postfix not delivering email from machines that it cannot reverse and identify. Basically, I get log messages to the effect of postfix/smtpd[10023]: warning: xxx.xxx.xxx.xxx: hostname hostname.com verification failed: Host not found I think that a few messages might have been lost because of this - any ideas on how to get postfix to deliver the messages even if it cant identify the host or am I barking up the wrong tree and is the log message with regards to something different ? Thanks, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: Default Apache 404 for all sites
On Sun, 2003-07-13 at 19:53, Jason Lim wrote: In Apache, I know you can set ErrorDocument 404 /404.html or similar in a per-site context, but do you know if a standard one can be used to replace the Apache one? I havent actually done this so its a guess - why dont you try sticking it outside the virtual host definition; that way it will be the default unless you specify a different on in the virtual host. HTH, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: Server hacked - next...?
On Fri, 2003-07-04 at 15:44, Thomas Lamy wrote: Shri Shrikumar: On Thu, 2003-07-03 at 22:30, Mario Lopez wrote: In any case if you have a lkm rootkit, your done, dosent matter if you upload static, dinamic or whatever, kernel root kits are hard to find, not even lsmod, rmmod can help you because it is quite easy to make a kernel module unloadable or even hiden, some of you may be thinking that they are safe to those kind of attacks because they have disabled kernel module support in theyr kernel, well they are wrong :), there is code, and nice white papers explaining how to insert kernel code through /proc/kmem, if I am not wrong Silvio Cesare developed this technique two or three years ago, although it hasent being exploited too much you must be aware of it's existance. I dont have module support and I dont have /proc/kmem. Am I missing something ? Running 2.4.20. I'm sure he meant /dev/kmem Ok, I have that file. Can anyone point me in the direction of something I can do to make it more difficult to exploit this. Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: Server hacked - next...?
On Fri, 2003-07-04 at 15:44, Thomas Lamy wrote: Shri Shrikumar: On Thu, 2003-07-03 at 22:30, Mario Lopez wrote: In any case if you have a lkm rootkit, your done, dosent matter if you upload static, dinamic or whatever, kernel root kits are hard to find, not even lsmod, rmmod can help you because it is quite easy to make a kernel module unloadable or even hiden, some of you may be thinking that they are safe to those kind of attacks because they have disabled kernel module support in theyr kernel, well they are wrong :), there is code, and nice white papers explaining how to insert kernel code through /proc/kmem, if I am not wrong Silvio Cesare developed this technique two or three years ago, although it hasent being exploited too much you must be aware of it's existance. I dont have module support and I dont have /proc/kmem. Am I missing something ? Running 2.4.20. I'm sure he meant /dev/kmem Ok, I have that file. Can anyone point me in the direction of something I can do to make it more difficult to exploit this. Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: Server hacked - next...?
On Thu, 2003-07-03 at 22:30, Mario Lopez wrote: In any case if you have a lkm rootkit, your done, dosent matter if you upload static, dinamic or whatever, kernel root kits are hard to find, not even lsmod, rmmod can help you because it is quite easy to make a kernel module unloadable or even hiden, some of you may be thinking that they are safe to those kind of attacks because they have disabled kernel module support in theyr kernel, well they are wrong :), there is code, and nice white papers explaining how to insert kernel code through /proc/kmem, if I am not wrong Silvio Cesare developed this technique two or three years ago, although it hasent being exploited too much you must be aware of it's existance. I dont have module support and I dont have /proc/kmem. Am I missing something ? Running 2.4.20. Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Thank You (Was: Re: running two database on the same box. )
On Wed, 2003-07-02 at 22:09, Shri Shrikumar wrote: I just wanted to check if there were any problems running mysql and postgresql together in a production environment. Thank you all for your responses. Which summarises to As long as you take care of basics like make sure that they both run on different ports, there should be no problems. Thank you again for your time, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Thank You (Was: Re: running two database on the same box. )
On Wed, 2003-07-02 at 22:09, Shri Shrikumar wrote: I just wanted to check if there were any problems running mysql and postgresql together in a production environment. Thank you all for your responses. Which summarises to As long as you take care of basics like make sure that they both run on different ports, there should be no problems. Thank you again for your time, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: closing exims open relay - something to do with the percenthack
On Wed, 2003-07-02 at 01:42, Donovan Baarda wrote: On Wed, 2003-07-02 at 01:09, Shri Shrikumar wrote: Hi, I just did an open relay test on one of my servers and to my surprise found that it in an open relay. In particular, it accepts emails to the form of [EMAIL PROTECTED] where here.com is a local domain within exim. Check the bug reports on exim. There is a case where a stock standard Debian install of exim (and possibly postfix) can turn out to be an open relay. What happens is the the satellite email server blindly forwards email to the smart-host, and the smart-host blindly trusts the satellite system because it's within the trusted domain. Between the two of them they become an open relay. There is only one exim installed and its setup as an internet site. It seems to work fine after changing the percent_hack to the following percent_hack_domains= Thanks for your time, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
running two database on the same box
Hi, I just wanted to check if there were any problems running mysql and postgresql together in a production environment. I tried googling with no luck. Any pointers appreciated. Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
running two database on the same box
Hi, I just wanted to check if there were any problems running mysql and postgresql together in a production environment. I tried googling with no luck. Any pointers appreciated. Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: Server hacked - next...?
On Tue, 2003-07-01 at 03:07, Jason Lim wrote: What would the advantage of mounting /tmp with noexec be?? You wont be able to execute anything that is in /tmp. This would of have prevented your attach altogether since the file was being executed from /tmp. Definitely looking into running a hardend kernel now... especially after all this crap. Only thing that's been holding me back is the amount of work it would entail. The first thing I did for the server is to remove module support. This renders quite a few of the exploits useless. It might be a stopgap solution until you get the hardened kernels deployed. HTH, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
closing exims open relay - something to do with the percent hack
Hi, I just did an open relay test on one of my servers and to my surprise found that it in an open relay. In particular, it accepts emails to the form of [EMAIL PROTECTED] where here.com is a local domain within exim. I have tried setting percent_hack_domains= but that has not helped. I have also tried adding the line no_relay_match_host_or_sender as recommended in the docs but I dont actually know what it doesn. Any help in resolving this appreciated. Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: Server hacked - next...?
On Tue, 2003-07-01 at 03:07, Jason Lim wrote: What would the advantage of mounting /tmp with noexec be?? You wont be able to execute anything that is in /tmp. This would of have prevented your attach altogether since the file was being executed from /tmp. Definitely looking into running a hardend kernel now... especially after all this crap. Only thing that's been holding me back is the amount of work it would entail. The first thing I did for the server is to remove module support. This renders quite a few of the exploits useless. It might be a stopgap solution until you get the hardened kernels deployed. HTH, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
closing exims open relay - something to do with the percent hack
Hi, I just did an open relay test on one of my servers and to my surprise found that it in an open relay. In particular, it accepts emails to the form of [EMAIL PROTECTED] where here.com is a local domain within exim. I have tried setting percent_hack_domains= but that has not helped. I have also tried adding the line no_relay_match_host_or_sender as recommended in the docs but I dont actually know what it doesn. Any help in resolving this appreciated. Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
RE: Bill Gates' ludicrous ideas to block spam
On Mon, 2003-06-30 at 04:07, Jones, Steven wrote: It would just be a matter of time before your email address was sold by Gates to a spammer I bet. Too late. Have you tried opening a hotmail account and just leaving it for a few weeks. You will get spam in there even if you dont use that adress *anywhere* Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: Server hacked - next...?
On Sun, 2003-06-29 at 06:00, Jason Lim wrote: Hi all, Well... bad day for me. One of our servers was hacked (woody)... badly, from what I can see. A whole bunch of binaries have been modified, and strange processes are running on the server. The hack date appears to be jun 6. Is there a document somewhere, or procedure, to recover after this? This is a working and running system, so somehow need to be able to recover from this with minimal impact to end-users. I know how you feel. I almost got compromised too on the same date funnily enough. They had a program running called bd which opened port 5000 which was luckily blocked by the iptables firewall which proabably helped. There were also some php scripts which gave access to the machine in the web root. The lesson that I learnt. *do not give www-data write access* even in the web root. I shoulda thought of this earlier but the setup kinda required it. I have now reworked the setup and it looks better. I used debsums to check that the binaries themselves are not compromised. I also have tiger, snort and logcheck installed to try and detect something like this. Although, neither snort nor logcheck detected anything and I installed tiger after the attack. Fingers crossed. Hope this helps, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
RE: Bill Gates' ludicrous ideas to block spam
On Mon, 2003-06-30 at 04:07, Jones, Steven wrote: It would just be a matter of time before your email address was sold by Gates to a spammer I bet. Too late. Have you tried opening a hotmail account and just leaving it for a few weeks. You will get spam in there even if you dont use that adress *anywhere* Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: Server hacked - next...?
On Sun, 2003-06-29 at 06:00, Jason Lim wrote: Hi all, Well... bad day for me. One of our servers was hacked (woody)... badly, from what I can see. A whole bunch of binaries have been modified, and strange processes are running on the server. The hack date appears to be jun 6. Is there a document somewhere, or procedure, to recover after this? This is a working and running system, so somehow need to be able to recover from this with minimal impact to end-users. I know how you feel. I almost got compromised too on the same date funnily enough. They had a program running called bd which opened port 5000 which was luckily blocked by the iptables firewall which proabably helped. There were also some php scripts which gave access to the machine in the web root. The lesson that I learnt. *do not give www-data write access* even in the web root. I shoulda thought of this earlier but the setup kinda required it. I have now reworked the setup and it looks better. I used debsums to check that the binaries themselves are not compromised. I also have tiger, snort and logcheck installed to try and detect something like this. Although, neither snort nor logcheck detected anything and I installed tiger after the attack. Fingers crossed. Hope this helps, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: Remotely editing files
On Wed, 2003-06-11 at 09:45, Greg Wright wrote: All I need to do, is find a way to securely connect to the Debian system (from a windows server at this stage, the programmer isn't confident to work in a deb environment) and load, modify and save the dhcp.conf file. Better is be able to restart DHCP afterwards. Can anyone point me in the right direction for how I might go about achieving this? What about webmin-dhcpd ? Havent used it myself but webmin is certainly very useful. Oh, You will have install webmin from the testing branch since there seems to be some problems with webmin in stable. HTH, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: Remotely editing files
On Wed, 2003-06-11 at 09:45, Greg Wright wrote: All I need to do, is find a way to securely connect to the Debian system (from a windows server at this stage, the programmer isn't confident to work in a deb environment) and load, modify and save the dhcp.conf file. Better is be able to restart DHCP afterwards. Can anyone point me in the right direction for how I might go about achieving this? What about webmin-dhcpd ? Havent used it myself but webmin is certainly very useful. Oh, You will have install webmin from the testing branch since there seems to be some problems with webmin in stable. HTH, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: sshd owns mysql?
On Sat, 2003-05-31 at 18:25, Alex wrote: Mysql is not too important a service for me though, thats why im not too saavy in it. If you guys could check for similar behaviour in your boxes id be indebted (its a manner of speech! ;) For what its worth three of my boxes that run mysql show root as the owner in top. You might want to do some investigation on that. HTH, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: sshd owns mysql?
On Sat, 2003-05-31 at 18:25, Alex wrote: Mysql is not too important a service for me though, thats why im not too saavy in it. If you guys could check for similar behaviour in your boxes id be indebted (its a manner of speech! ;) For what its worth three of my boxes that run mysql show root as the owner in top. You might want to do some investigation on that. HTH, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Re: PPTP and Firewalls
On Sun, 2003-05-11 at 11:00, [EMAIL PROTECTED] wrote: Does the PPTP server have a real IP address, or is there some sort of NAT/DNAT/SNAT being done by the firewall? The PPTP server doesn't have a real IP, part of the problem for me is trying to get the DNAT/SNAT rules working properly. As I understand it, I need to DNAT all GRE traffic to the PPTP server and SNAT it back again, but I can't quite figure out the rules. You do not have to SNAT it back. have you tried testing the PPTP server from inside the network to make sure that there is no problem with the PPTP server ? HTH, Shri -- Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745 I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499 Web: www.urbyte.com Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Some advice setting up a server with for multiple virtual domains with email
Hi All, I am configuring a server to be used to host several domains with several email accounts for each. The way I have been thinking about doing this is as follows. One user who is responsible for a set of domain names with email accounts in the following structure /home user1 domain1.com mail account1 account2 www database domain2.com mail account1 account2 www database etc. I am thinking about sticking with Exim-tls for the MTA, courier-pop-ssl for pop3 and courier-imap-ssl for imap. Does this sound like a sensible setup. Also, would I be able to set quotas per domain directory ? The other option I thought of was the following format /var www domain1.com domain2.com mail domain1.com account1 account2 domain2.com account1 database domain1.com domain2.com /home user There is obviously the higher amount of maintenance here with the domain names being created under multiple directories The other question I had was whether it was possible to setup mysql / postgresql to create a database within a particular location (e.g. /home/user/domain1.com/database/ ? Another question I had was, what would be the best way to manage the mail accounts ? LDAP ? I have been scouring the web for a little while to see if there were some form of howto or something that covered this but did not find any of the sort - does anyone here have any good web links. Any help, advice, pointers etc in this greatly appreciated. Best Wishes, Shri -- Shri Shrikumar U R Byte Solutions I.T. ConsultantEdinburgh, Scotland Tel: 0845 644 4745 Email: [EMAIL PROTECTED] Web: www.urbyte.com signature.asc Description: This is a digitally signed message part
OT: Server side scripting languages comparison
Hi, Does anyone know where I could find a good and *fair(ish)* comparison of the different server side scripting languages on the web ? I would also be very interested in a similar comparison of databases. If anyone knows of a better place that I could post this message, please let me know. Thanks for your time, Shri -- Shri Shrikumar U R Byte Solutions I.T. Consultant26/3 Annandale Street Tel: (0131) 558 9990 Email: [EMAIL PROTECTED] Edinburgh EH7 4AN Web: www.urbyte.com
Setting up an SSL Server
Hi, How would one go about setting up an ssl server. Do I need to purchase a certificate for Verisign or anything ? What are the costs involved ? I've found OpenSSL - Is that adequate for an online shop ? Also, how difficult is it to set up SSL / Apache SSL. Thanks, Shri -- Shri Shrikumar U R Byte Solutions I.T. Consultant26/3 Annandale Street Tel: (0131) 558 9990 Email: [EMAIL PROTECTED] Edinburgh EH7 4AN Web: www.urbyte.com
Re: Apache/PHP/FTP and user rights
On Thu, 2002-08-01 at 18:38, Phillip Baker wrote: (oops, sent it directly to nicolas instead of the list - resent to the list for other people's benefit) I resigned myself to using cgi-php, mainly because I didn't want users scripts running as the webserver (somewhat of a security risk as then all files readable by the webserver become readable to users php scripts), but also to solve the problem of user's files not belonging to them. My install requires each user to have a copy of the interpreter in their own website's cgi-bin, under /www/their-site-url/cgi-bin - It does mean 2.4mb or so used by each user, but I just credit them the extra quota, and really, 2.4mb isnt so much these days. To change the path you're allowed to use suexec on (because I don't believe you actually use /var/www - do you?) simply recompile it with the different path, and drop it into apache's lib directory. Don't forget to back up your new suexec when you upgrade apache, because apache will overwrite it again! If you need more detailed directives on recompiling suexec for an alternative path let me know and I'll dig the info out. What is the performance hit for this (if any) ? and how much of a PITA is it ? Also, do you have any links ? I've never used suexec, are there any limits on the number of users or such ? Thanks for your time Shri
Re: Newbie: Is there a basic Debian-for-ISP HOWTO?
On Tue, 2002-07-30 at 03:35, Craig Sanders wrote: alternatively, just run postfix. it does everything that qmail does and more, with a lot less hassle. What about exim ? It is installed as standard by debian. I use exim. Is it worth switching ? Shri -- Shri Shrikumar U R Byte Solutions I.T. Consultant26/3 Annandale Street Tel: (0131) 558 9990 Email: [EMAIL PROTECTED] Edinburgh EH7 4AN Web: www.urbyte.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: New Kernel for Server
On Wed, 2002-07-24 at 20:11, Gene Grimm wrote: I just updated the packages on my Potato-based server after the Woody-based packages became stable over the weekend. The upgrade reported a possible linking problem with the 2.2.17 kernel that the server is currently running. I am looking at upgrading to the 2.4.18 kernel but this tells me I have to set up 'initrd' in LILO. So far, I can't see anything clearly outlining the steps for creating the initrd image file to loaded. Can anyone point me to a simple explanation for doing this? You *dont* have to use initrd. I dont. If you want to use initrd, you could check you www.linuxdoc.org HTH, Shri -- Shri Shrikumar Vital State Email: [EMAIL PROTECTED] Web: http://www.vitalstate.co.ukAn Open Source FPS Game -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: New Kernel for Server
On Wed, 2002-07-24 at 20:11, Gene Grimm wrote: I just updated the packages on my Potato-based server after the Woody-based packages became stable over the weekend. The upgrade reported a possible linking problem with the 2.2.17 kernel that the server is currently running. I am looking at upgrading to the 2.4.18 kernel but this tells me I have to set up 'initrd' in LILO. So far, I can't see anything clearly outlining the steps for creating the initrd image file to loaded. Can anyone point me to a simple explanation for doing this? You *dont* have to use initrd. I dont. If you want to use initrd, you could check you www.linuxdoc.org HTH, Shri -- Shri Shrikumar Vital State Email: [EMAIL PROTECTED] Web: http://www.vitalstate.co.ukAn Open Source FPS Game -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]