It's unlikely that the bot would relay outbound spam through your MTA -
that would be inconvenient, slow and raise some suspicion. If the
provider is right, you most likely have a bit of code running on the
server that is directly connecting to external mail servers. There
could be reasons
I have been having this happen a few times per week for the past few
weeks. I believe it is caused by someone attacking proftpd. I noticed
today that there is an updated version - 1.3.3c that fixes a
vulnerability that they may have been trying to exploit.
When I looked at the process list,
There is a nice web app called OWL that does essentially this (plus a
bunch more): http://sourceforge.net/projects/owl/
It needs php, mysql and apache to run, but it does work well on FreeBSD.
Regards,
Jerry
On 10/18/2010 4:04 PM, Chuck Swiger wrote:
On Oct 18, 2010, at 12:45 PM, Andrea
I believe you need to use AHCI. I recently moved a test system over
to AHCI and this is what I see at boot time for my hard drive:
ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0: ST31000528AS CC34 ATA-8 SATA 2.x device
ada0: 300.000MB/s transfers (SATA 2.x, UDMA6, PIO 8192bytes)
ada0:
I am running 8.1 BETA. My server started getting hammered with brute
force ssh login attacks recently. One thing I have noticed is that I
see lots of these:
Jun 18 23:26:47 www3 sshd[33171]: error: ssh_msg_send: write
Jun 18 23:26:47 www3 sshd[33169]: error: ssh_msg_send: write
Jun 18
Yes, twice.
On 6/18/2010 4:52 AM, Matthias Gamsjager wrote:
Have you changed the cable?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
On 6/18/2010 8:23 AM, Dino Vliet wrote:
2) are there other things I could do?
Brgds
Dino
Look at ports/security/sshguard and ports/security/bruteblock.
I use sshguard with ipfilter, but it works with pf and ipfw as well. It
is very simple to set up and gets the job done.
Jerry
I am having all sorts of problems with drives in a new server.
I have a 450G sata drive that hold my root partition, works great, no
issues.
I have a second, 1TB drive that has been all sorts of trouble. When
writing to this disk, I occasionally see errors like this:
Jun 17 07:40:36 www3
Hello,
I am have a fresh install of FreeBSD 8.0 i386 and need to install an amd64
kernel.
I have copied /usr/src/sys/amd64/conf/GENERIC to
/usr/src/sys/amd64/conf/JERRY
Then, I run make buildkernel KERNCONF=JERRY in /usr/src and get the
following error:
ERROR: Missing kernel configuration
You need to be in the wheel group to be able to SU to root, but that won't
give you permission to run shutdown. Only root can do that, I believe.
Hi All,
I've just installed FreeBSD 6.1 and listed myself as a member of the wheel
group during the add users portion of the installation. For
When I disabled hyperthreading (labelled logical processors in BIOS),
the system started booting. Strange that HT would cause the system to
hang at boot. The correct number of processors shows and the amount of
CPU time being used is properly represented.
Jerry
I just got a PE 2950 and I'm
I just got a PE 2950 and I'm having some problems.
I installed 6.2PRE and it went well. The first thing I noticed is that
immediate as BSD start to load, a bold/highlighted message says 768xxx
bytes above 4G ignore or something like that (don't recall what xxx was.
Next thing I noticed whilest
The default kernel doesn't support SMP. You have to recompile with the
SMP config and it'll start getting your other processor.
Regards,
Jerry
http://www.bsdsec.com
Paul Schmehl wrote:
When you do a default install of 6.0-RELEASE, does the kernel have
support for SMP? Or do you have to
I had a drive dying and it showed up just like this - it turned out to
be the daily scripts that scan for file changes, etc, and my backup
script were tickling a back sector of the disk. Have you run the
smartctl -t long /dev/ad0 command to have it perform a full self test?
You normally have
Path MTU problem?
That would be my vote also.
Ted
I've done some more troubleshooting and some strange things have
appeared. First, the colo says there is NO proxy, and NO firewall in
front of this server.
I captured a misfire on both the server and on my freebsd gateway. The
PROTECTED] Behalf Of Charles Swiger
Sent: Monday, February 13, 2006 11:41 AM
To: Jerry Bell
Cc: freebsd-questions@freebsd.org
Subject: Re: Help with strange web server problem
On Feb 13, 2006, at 7:58 AM, Jerry Bell wrote:
It's hit or miss, but the first time someone visits the web site,
they get
It's hit or miss, but the first time someone visits the web site, they get
a server not found page. On hitting refresh, they get the page - no
problems. If I wait a while and try again, I get the same problem.
The problem appears to be something in the initial communication with the
web server.
It's certainly possible. This is a Dell PE 750, and I didn't do anything
in bios or in FreeBSD to enable that, so I'm thinking it might not be
that, but I'll investigate it.
Thanks!
Jerry
I think Ive seen this before too...
Is it possible that FreeBSD spins down the hard drive after
I didn't want to spam the link out, but it's www.musiclodge.com. I will
gather the capture data from working and non working sessions and send it
out.
Thanks!
On Feb 13, 2006, at 7:58 AM, Jerry Bell wrote:
It's hit or miss, but the first time someone visits the web site,
they get
a server
So ACPI is disabled?
I'm assuming it's enabled. Can that be a problem?
Aug 29 12:04:46 www syslogd: kernel boot file is /boot/kernel/kernel
Aug 29 12:04:46 www kernel: Copyright (c) 1992-2005 The FreeBSD Project.
Aug 29 12:04:46 www kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988,
1989,
on your boot menu), or disable ACPI
within your BIOS for a while to see if this helps.. certainly can't
hurt to try.
On Feb 13, 2006, at 3:15 PM, Jerry Bell wrote:
So ACPI is disabled?
I'm assuming it's enabled. Can that be a problem?
Aug 29 12:04:46 www syslogd: kernel boot file is /boot
a small
script that creates a file and deletes a file every minute, and since
that's been running, I've not seeing the issue repeat - but then this is
not a very repeatable problem.
Thanks again for your great assistance.
Jerry
Charles Swiger wrote:
On Feb 13, 2006, at 3:12 PM, Jerry Bell
Looks like it's still an issue, so I'd say the firewall issue is still
in play. If there is not a firewall/proxy in place, are there any known
issues with IPFW (or anything else with FBSD) that could cause this
behavior?
Jerry Bell wrote:
Charles - thank you for your excellent investigation
I'd recommend using rsyslog (www.rsyslog.com). The integration with
mysql is much cleaner, IMO, than syslog-ng.
Jerry
http://www.syslog.org
Bill Schmitt (SW) wrote:
I'm looking for a recommendation for capturing syslogs from my small
network. Specifically, initially I'd like to capture the
Turk has been replaced with eaccelerator, which is in the ports tree now.
Jerry
http://www.syslog.org
Hi,
I am wondering why turck-mmcache-2.4.6 disappeared from the ports tree
in 5.4, and later on I found out that it disppeared in 5.3 as well.
Will it make its way back to the ports tree?
I believe the problem you are going to run into is with outbound routing.
You're only able to have one default route, which will point you out one
dsl router or the other. If the ISP that is your default dies, then your
traffic isn't going anywhere. Depending on what problems the ISP's are
These attacks are almost exclusively automated, looking to install a
script to launch spam runs from. They're essentially trying common
username and weak password combinations - blank password, passwords the
same as the user name, abc123, etc. There are four things you can do to
improve the
web script. The sender was specified as [EMAIL PROTECTED] according to the
complaint email. I use phpBB, vBulletin and Awstats.
Most likely the attacker used a flaw in phpBB or awstats. Are you running
the latest versions of those? Otherwise, it is possible they found a
vulnerability in
Typically this is caused by a kernel and utilities (like ps and w) being
out of sync. It sounds like you don't think that is the case, though. I
suppose it could be a problem with your procfs, but I'm not sure that
would cause this kind of symptom. My suspicion is still on
inconsistencies
These are signs of a kernel that is out of sync with the rest of world.
You said you didn't run a makeworld recently, but what about rebuilding
the kernel?
# netstat -rn
#
netstat: kvm not available
Routing tables
rt_tables: symbol not in namelist
Jerry
http://www.syslog.org
Sorry about that - I was having a little bit of fun on April Fool's day.
This is definitely not true. Hopefully the opposite will happen and more
people will pay more attention to their logs messages.
Saying that Linux and BSD variants are going to remove syslog in the next
months.
Regards,
The first thing I would check is that it's the BSD box that you are
actually pinging. I'd try unplugging it and trying the ping again from
the IIS box. Barring that, I would double and triple check the network
mask on the BSD box. Also, make sure you don't have some screwy firewall
rules on the
It doesn't appear to work on my FreeBSD box, either. What does work is this:
find /var/log -newerct '1 hour ago' -exec cat {} /var/tmp/filename \;
Jerry
http://www.syslog.org
I read the man page and didn't see that. It doesn't appear to work on the
box that I am ssh-ing to. Sorry, I should
No, the only way to find the error is to find someone who knows the
FreeBSD code and is competent and willing to discuss the problem,
instead of people who spend their time blowing smoke in order to avoid
admitting that they haven't a ghost of a clue as to what the problem is.
You're looking
I don't think Western Digital has one (?). If it does, where can I find
it?
Here is WDC's data lifeguard utility for DOS:
http://support.wdc.com/download/index.asp?cxml=npid=2swid=30
Also, you might want to try flashing the firmware for the
controller/motherboard with the lastest versions.
Count me in on the group that doesn't think that a web-based system is
adequate for the enterprise, but in the realm of web-based groupware
systems, I have taken a strong liking to group office. I've not used all
of these below, but I've been most impressed with group office's interface
and
One option is to use communigate. It allegedly works with the outlook
mapi client and should work on freebsd.
http://www.stalker.com/content/solutions.htm
I've heard from a lot of people that swear by it, particularly in the ISP
space.
Jerry
Thanks for all the replies. I will take a look at
I'll second that the calendar/email functionality has become a utility
service in many organizations. Exchange/outlook, for all their
shortcomings, have really changed the way companies work.
At my day job, we have 9 exchange servers around the world, with about
1500 mailboxes, so not a huge
.logwatch.org:81/), but it takes a good
amount of customizing to get it to where it's really useful.
Jerry
http://www.syslog.org
On 2005-03-14, Jerry Bell [EMAIL PROTECTED] wrote:
There are many tools that will send alerts to you, but very few that
will
work out of the box, without some level
Sergei,
As one of the other responses points out, it's possible that it would be
too late by the time a monitoring system was able to send an email to you.
One way to partly mitigate that risk is by having your logs forwarded to
another system, and having the analysis run from that machine. You
I have a very similar setup with bind run inside a chroot jail. I
experience a similar problem if I set up named to use /var/run/log. I
commected it out and put syslog daemon in its place and it works like a
champ. Sadly, I've not found the time to spend figuring out why it
doesn't work
Earlier today, I was trying to look at a session file created by
squirrelmail. I did a more filename. It put up one page of the file,
but when I tried to scroll down, it gave the error message:
more in malloc(): error: allocation failed
Abort (core dumped)
I logged in on a new session and
It's really pretty easy. I beat my head on the wall about a year ago, so I
don't recall where all the docs are, but this is what my configs look like:
/etc/ppp/ppp.conf:
pptp:
set timeout 0
set dial
set login
set ifaddr {IP address of internal interface} {IP address range
xxx.xxx.xxx.xxx -
crontab -e
then put in
*/2**** /usr/bin/perl /usr/scripts/my.pl
save and it should be good to go.
Jerry
http://www.syslog.org
- Original Message -
From: Denis [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, September 13, 2003 7:09 AM
Subject: HOW TO USE
msdosfs should work so long as it's fat or fat32.
Jerry
http://www.syslog.org
- Original Message -
From: Denis [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, September 13, 2003 7:11 AM
Subject: /etc/fstab explain me please.
Hi All!!!
I want to mount automatically my
As has been pointed out, this will make it run every 2 minutes, not every 30
seconds. I don't know of a way to go less than 1 minute.
Jerry
- Original Message -
From: Jerry Bell [EMAIL PROTECTED]
To: Denis [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Saturday, September 13, 2003 7:33 AM
snip
The problem with running an MTA on a dynamic IP is even a little more
difficult than just dealing with the dnsbls. A while back on the exim users
list:
http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030623/055733.html
and
It partially depends on how the 5 switches and one hub are connected to each
other. If they 5 of the devices all connect into one central device, you're
probably safe, but if one is connected to the other and on and on, you will
have problems.
The problem is propogation delays when the devices
48 matches
Mail list logo
