Re: need help with PHP open source class
Hi, Eventually they released a new version of PHPwhois, and I used it to upgrade Speedy Whois and released a new version. The bugs are fixed, I checked many domain names and it works fine. Thanks, Uri Even-Chen Mobile Phone: +972-50-9007559 E-mail: u...@speedy.net Blog: http://www.speedy.net/uri/blog/ On Tue, Dec 29, 2009 at 3:45 AM, Uri Even-Chen u...@speedy.net wrote: Hi, I am using the PHPwhois class ( https://sourceforge.net/projects/phpwhois/ ) on my Speedy Whois website ( http://www.speedywhois.net/ ). My version of the class is 4 years old. I checked and there are many bugs, some of them I reported ( https://sourceforge.net/tracker/?func=browsegroup_id=31207atid=401654 ), and they also didn't release PHPwhois for more than a year. I am now looking for someone to help me fix the bugs and release the PHPwhois class, and add it to my Speedy Whois release on sourceforge ( https://sourceforge.net/projects/speedywhois/ ). The code has to be rewritten, for example to avoid notices and warnings when using undefined variables etc. If one of you has some time, it would help if you can download the files from the CVS on PHPwhois (they don't release new tar.gz files), then check which bugs are not fixed and fix them. Then release PHPwhois - if they don't accept the release we can fork the project. And then release Speedy Whois with the bugs fixed. My estimate of the work is up to 3 days, maybe even one day of work if you're very good in programming. I can help test and generate bugs, but I'm not that good in object oriented programming. I also don't know how to download the files from CVS, if you let me know it can help (I use Windows XP). If you can help, please contact me. by the way, there is also a problem with domain names registered at godaddy - they don't return full whois results to my IP address. Do you have an idea how to overcome this? Thanks, Uri Even-Chen Mobile Phone: +972-50-9007559 E-mail: u...@speedy.net Blog: http://www.speedy.net/uri/blog/ ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Innova USB DVB-T stick?
Has anyone tried using the Innova USB DVB-T tuner that is now on sale at Home Depot for 99 NIS? Last week when I was there, the one I was at only had the APEX, so I assume this is new (to them). The APEX does not work with Linux, but is this a different unit, or the same one under another name? Thanks, Geoff. -- geoffrey mendelson N3OWJ/4X1GM Jerusalem Israel geoffreymendel...@gmail.com New word I coined 12/13/09, Sub-Wikipedia adj, describing knowledge or understanding, as in he has a sub-wikipedia understanding of the situation. i.e possessing less facts or information than can be found in the Wikipedia. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
SIP provider questions.
Does anyone know if: 1. There is a SIP (or IAX) provider selling Israeli DIDs? I need them to be in Israel and accept Israel only credit cards. Cheap is more important than providing customer support, or good service. 2. Is there a pay-as-you go SIP (or IAX) provider that works with the Israeli system besides SKYPE? I'm looking for something someone can set up and not have to worry about either a hacker (or a teenager) running up hundreds of shequels in calls to cell phones. Thanks in advance, Geoff. -- geoffrey mendelson N3OWJ/4X1GM Jerusalem Israel geoffreymendel...@gmail.com New word I coined 12/13/09, Sub-Wikipedia adj, describing knowledge or understanding, as in he has a sub-wikipedia understanding of the situation. i.e possessing less facts or information than can be found in the Wikipedia. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: SIP provider questions.
geoffrey mendelson wrote: 1. There is a SIP (or IAX) provider selling Israeli DIDs? I need them to be in Israel and accept Israel only credit cards. Cheap is more important than providing customer support, or good service. didww.com; They are cheap ($3/month for an Israeli DID, flat -- some providers charge per incoming minute). They don't always have Israeli numbers on stock, though. Also, they are an Israeli company so they'll probably be able to accommodate your payment. 2. Is there a pay-as-you go SIP (or IAX) provider that works with the Israeli system besides SKYPE? grnvoip.com / ezcall is reasonable everywhere if you use their premium routes (which is still cheap), and specifically in Israel their regular routes are just as good and cheaper still (8c/minute mobile, 1c/minute landline). I'm looking for something someone can set up and not have to worry about either a hacker (or a teenager) running up hundreds of shequels in calls to cell phones. Prepay is the way to go for that. grnvoip will only accept calls coming in from an IP you give them in advance (up to 3, IIRC). I've heard good things about voipjet as well, but they stopped accepting individuals; if you can do this from within your company, they would also be an option. Not affiliated with either of these companies, but I have been using their services for a year, and am very satisfied with their price, and reasonably satisfied with the quality of their service. See also: http://www.mail-archive.com/linux-il@cs.huji.ac.il/msg53910.html a thread you already participated in; most of it is still up to date, surprisingly. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
What to do with a constant flow of attempts to login to my compuet?
I just noticed someone bombarding my machine trying to login via ssh. From auth.log Jan 3 06:31:48 s6 sshd[22774]: Failed password for invalid user amavisd from 202.138.142.216 port 35172 ssh2 Jan 3 06:31:48 s6 sshd[22773]: Failed password for invalid user clamav from 202.138.142.216 port 39941 ssh2 Jan 3 06:31:49 s6 sshd[22780]: Invalid user clamav from 202.138.142.216 Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): check pass; user unknown Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216 Jan 3 06:31:49 s6 sshd[22781]: Invalid user appserver from 202.138.142.216 Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): check pass; user unknown Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216 Jan 3 06:31:52 s6 sshd[22780]: Failed password for invalid user clamav from 202.138.142.216 port 35699 ssh2 Jan 3 06:31:52 s6 sshd[22781]: Failed password for invalid user appserver from 202.138.142.216 port 40470 ssh2 So what is your suggestion. What to do with it? Gabor ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
RE: What to do with a constant flow of attempts to login to my compuet?
Hi Gabor, Moving sshd off port 22 to any non-standard port worked fine for me. Most attacks are too lazy to do a full portscan, so if they don't find the default port open, they just move to the next host. Of course, this is assuming that the attack chose you at random. If it's a targeted attack, this won't help very much... Cheers, Rony -Original Message- From: linux-il-boun...@cs.huji.ac.il [mailto:linux-il-boun...@cs.huji.ac.il] On Behalf Of Gabor Szabo Sent: Sunday, January 03, 2010 4:34 PM To: linux-il Subject: What to do with a constant flow of attempts to login to my compuet? I just noticed someone bombarding my machine trying to login via ssh. From auth.log Jan 3 06:31:48 s6 sshd[22774]: Failed password for invalid user amavisd from 202.138.142.216 port 35172 ssh2 Jan 3 06:31:48 s6 sshd[22773]: Failed password for invalid user clamav from 202.138.142.216 port 39941 ssh2 Jan 3 06:31:49 s6 sshd[22780]: Invalid user clamav from 202.138.142.216 Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): check pass; user unknown Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216 Jan 3 06:31:49 s6 sshd[22781]: Invalid user appserver from 202.138.142.216 Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): check pass; user unknown Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216 Jan 3 06:31:52 s6 sshd[22780]: Failed password for invalid user clamav from 202.138.142.216 port 35699 ssh2 Jan 3 06:31:52 s6 sshd[22781]: Failed password for invalid user appserver from 202.138.142.216 port 40470 ssh2 So what is your suggestion. What to do with it? Gabor ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: What to do with a constant flow of attempts to login to my compuet?
This is so common these days I heard years ago people filtering out such messages. Just check your machine carefully - I once had a break-in that was caused from a stupid chain of mistakes: i switched sshd to listen on its default port (22) for some time (instead of some arbitrary port as it was used to be) + router forwarded 22 connections to the linux machine (as needed for SSH to work) + yes, there was a little issue of a test user I once created, named test with password test... . Violla! a robot sounded the bingo! alarm somewhere... . I had to reinstall my machine (which wasn't that bad, but still...). Lesson? carefully check your machine's entry points and as much as you can - try not to assume things to be in certain status before checking that (like, I don't have stupid test users on machines - check your configured users) as that can fail you. In other words - don't presume anything. Check it, to evaluate your status. Boaz. On Sun, 3 Jan 2010 16:34:29 +0200, Gabor Szabo szab...@gmail.com wrote: I just noticed someone bombarding my machine trying to login via ssh. From auth.log Jan 3 06:31:48 s6 sshd[22774]: Failed password for invalid user amavisd from 202.138.142.216 port 35172 ssh2 Jan 3 06:31:48 s6 sshd[22773]: Failed password for invalid user clamav from 202.138.142.216 port 39941 ssh2 Jan 3 06:31:49 s6 sshd[22780]: Invalid user clamav from 202.138.142.216 Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): check pass; user unknown Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216 Jan 3 06:31:49 s6 sshd[22781]: Invalid user appserver from 202.138.142.216 Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): check pass; user unknown Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216 Jan 3 06:31:52 s6 sshd[22780]: Failed password for invalid user clamav from 202.138.142.216 port 35699 ssh2 Jan 3 06:31:52 s6 sshd[22781]: Failed password for invalid user appserver from 202.138.142.216 port 40470 ssh2 So what is your suggestion. What to do with it? Gabor ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: What to do with a constant flow of attempts to login to my compuet?
Few suggestions: 1. after 3 unsuccesful logins knock the user out (no matter who is the user). 2. ban the ip in iptables. you can see it's the same ip all the time. this ip is from the Philippines http://www.dnsstuff.com/tools/ipall/?tool_id=67token=toolhandler_redirect=0ip=202.138.142.216 3. check if you happen to have root login via ssh and disable it, in case this options appears. check in ssh.conf options 4. move to other port other than 22 is a good practice, but in this case, they scan your ports, so it won't help. On Sun, Jan 3, 2010 at 4:34 PM, Gabor Szabo szab...@gmail.com wrote: I just noticed someone bombarding my machine trying to login via ssh. From auth.log Jan 3 06:31:48 s6 sshd[22774]: Failed password for invalid user amavisd from 202.138.142.216 port 35172 ssh2 Jan 3 06:31:48 s6 sshd[22773]: Failed password for invalid user clamav from 202.138.142.216 port 39941 ssh2 Jan 3 06:31:49 s6 sshd[22780]: Invalid user clamav from 202.138.142.216 Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): check pass; user unknown Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216 Jan 3 06:31:49 s6 sshd[22781]: Invalid user appserver from 202.138.142.216 Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): check pass; user unknown Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216 Jan 3 06:31:52 s6 sshd[22780]: Failed password for invalid user clamav from 202.138.142.216 port 35699 ssh2 Jan 3 06:31:52 s6 sshd[22781]: Failed password for invalid user appserver from 202.138.142.216 port 40470 ssh2 So what is your suggestion. What to do with it? Gabor ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: What to do with a constant flow of attempts to login to my compuet?
To add my list: * verify there are as least as possible users on the machine. Unused user? either purge or disable (login shell set to /bin/false or the like; home dir set to /not/here). * verify users on machine not have easy to guess password. * indeed move sshd to listen to its NON default port * shutdown and remove any unneeded software/services including and specifically any web applications that are not used. * keep your installed applications updated and keep an eye on software updates. I once had an unsuccessful break-in attempt that was trying to exploit some bug in a webmail application that was not used. The bug was two weeks old at the time. Both of the break in cases I described were of my 24/7 home machine I had running for years (but not anymore), not some high traffic IP address so this is rather common these days. Boaz. On Sun, 03 Jan 2010 09:51:05 -0500, Boaz Rymland b...@rymland.com wrote: This is so common these days I heard years ago people filtering out such messages. Just check your machine carefully - I once had a break-in that was caused from a stupid chain of mistakes: i switched sshd to listen on its default port (22) for some time (instead of some arbitrary port as it was used to be) + router forwarded 22 connections to the linux machine (as needed for SSH to work) + yes, there was a little issue of a test user I once created, named test with password test... . Violla! a robot sounded the bingo! alarm somewhere... . I had to reinstall my machine (which wasn't that bad, but still...). Lesson? carefully check your machine's entry points and as much as you can - try not to assume things to be in certain status before checking that (like, I don't have stupid test users on machines - check your configured users) as that can fail you. In other words - don't presume anything. Check it, to evaluate your status. Boaz. On Sun, 3 Jan 2010 16:34:29 +0200, Gabor Szabo szab...@gmail.com wrote: I just noticed someone bombarding my machine trying to login via ssh. From auth.log Jan 3 06:31:48 s6 sshd[22774]: Failed password for invalid user amavisd from 202.138.142.216 port 35172 ssh2 Jan 3 06:31:48 s6 sshd[22773]: Failed password for invalid user clamav from 202.138.142.216 port 39941 ssh2 Jan 3 06:31:49 s6 sshd[22780]: Invalid user clamav from 202.138.142.216 Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): check pass; user unknown Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216 Jan 3 06:31:49 s6 sshd[22781]: Invalid user appserver from 202.138.142.216 Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): check pass; user unknown Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216 Jan 3 06:31:52 s6 sshd[22780]: Failed password for invalid user clamav from 202.138.142.216 port 35699 ssh2 Jan 3 06:31:52 s6 sshd[22781]: Failed password for invalid user appserver from 202.138.142.216 port 40470 ssh2 So what is your suggestion. What to do with it? Gabor ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Zombie processes
Hi all, I have one server that is constantly getting overrun by zombies! Nagios alerts me that ** NAGIOS ALERT ** PROBLEM with Zombie Processes on Hardware *** (***.***.***.***). Service is CRITICAL as of Sun Jan 3 15:17:10 UTC 2010. The additional information available is: PROCS CRITICAL: 23 processes with STATE = Z ps shows me it's mostly one process this time, other times it's others 19279 ?Z 0:00 [playrecording.p] defunct 19283 ?Z 0:00 [playrecording.p] defunct 19293 ?Z 0:00 [playrecording.p] defunct 19295 ?Z 0:00 [playrecording.p] defunct 19648 ?Z 0:00 [playrecording.p] defunct 19767 ?Z 0:00 [playrecording.p] defunct 19778 ?Z 0:00 [playrecording.p] defunct 19779 ?Z 0:00 [playrecording.p] defunct 19782 ?Z 0:00 [playrecording.p] defunct 19786 ?Z 0:00 [playrecording.p] defunct 19851 ?Z 0:00 [playrecording.p] defunct 19857 ?Z 0:00 [playrecording.p] defunct 19859 ?Z 0:00 [playrecording.p] defunct 19861 ?Z 0:00 [playrecording.p] defunct 19938 ?Z 0:00 [playrecording.p] defunct 19940 ?Z 0:00 [playrecording.p] defunct 19944 ?Z 0:00 [playrecording.p] defunct 20191 ?Z 0:00 [callingcard.php] defunct 20195 ?Z 0:00 [playrecording.p] defunct 20291 ?Z 0:00 [playrecording.p] defunct 20302 ?Z 0:00 [playrecording.p] defunct 20304 ?Z 0:00 [playrecording.p] defunct 20315 ?Z 0:00 [playrecording.p] defunct 20433 ?Z 0:00 [playrecording.p] defunct 20444 ?Z 0:00 [playrecording.p] defunct Thoughts? Thanks! --sambo ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: What to do with a constant flow of attempts to login to my compuet?
Hi, simple answer: apt-get install denyhosts Then setup the config file according to your needs and run this daemon. When someone will pass the threshold, it will be added to /etc/hosts.deny and will be blocked. You might want to complain about the abuser to this IP holder (Digitel Philippines), by sending an email to ne...@digitelone.com - They are in charge of the IP you're mentioning. Hetz On Sun, Jan 3, 2010 at 4:34 PM, Gabor Szabo szab...@gmail.com wrote: I just noticed someone bombarding my machine trying to login via ssh. From auth.log Jan 3 06:31:48 s6 sshd[22774]: Failed password for invalid user amavisd from 202.138.142.216 port 35172 ssh2 Jan 3 06:31:48 s6 sshd[22773]: Failed password for invalid user clamav from 202.138.142.216 port 39941 ssh2 Jan 3 06:31:49 s6 sshd[22780]: Invalid user clamav from 202.138.142.216 Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): check pass; user unknown Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216 Jan 3 06:31:49 s6 sshd[22781]: Invalid user appserver from 202.138.142.216 Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): check pass; user unknown Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216 Jan 3 06:31:52 s6 sshd[22780]: Failed password for invalid user clamav from 202.138.142.216 port 35699 ssh2 Jan 3 06:31:52 s6 sshd[22781]: Failed password for invalid user appserver from 202.138.142.216 port 40470 ssh2 So what is your suggestion. What to do with it? Gabor ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- my blog (hebrew): http://benhamo.org Skype: heunique MSN: hetz-b...@benhamo.org ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
RE: What to do with a constant flow of attempts to login to mycompuet?
Fail2ban scans log files and bans IP addresses that make too many password failures. It updates firewall rules to reject the IP address. See: http://www.fail2ban.org/wiki/index.php/Main_Page Aaron -Original Message- From: Boaz Rymland [mailto:b...@rymland.com] Sent: Sunday, January 03, 2010 5:09 PM To: linux-il Subject: Re: What to do with a constant flow of attempts to login to mycompuet? To add my list: * verify there are as least as possible users on the machine. Unused user? either purge or disable (login shell set to /bin/false or the like; home dir set to /not/here). * verify users on machine not have easy to guess password. * indeed move sshd to listen to its NON default port * shutdown and remove any unneeded software/services including and specifically any web applications that are not used. * keep your installed applications updated and keep an eye on software updates. I once had an unsuccessful break-in attempt that was trying to exploit some bug in a webmail application that was not used. The bug was two weeks old at the time. Both of the break in cases I described were of my 24/7 home machine I had running for years (but not anymore), not some high traffic IP address so this is rather common these days. Boaz. On Sun, 03 Jan 2010 09:51:05 -0500, Boaz Rymland b...@rymland.com wrote: This is so common these days I heard years ago people filtering out such messages. Just check your machine carefully - I once had a break-in that was caused from a stupid chain of mistakes: i switched sshd to listen on its default port (22) for some time (instead of some arbitrary port as it was used to be) + router forwarded 22 connections to the linux machine (as needed for SSH to work) + yes, there was a little issue of a test user I once created, named test with password test... . Violla! a robot sounded the bingo! alarm somewhere... . I had to reinstall my machine (which wasn't that bad, but still...). Lesson? carefully check your machine's entry points and as much as you can - try not to assume things to be in certain status before checking that (like, I don't have stupid test users on machines - check your configured users) as that can fail you. In other words - don't presume anything. Check it, to evaluate your status. Boaz. On Sun, 3 Jan 2010 16:34:29 +0200, Gabor Szabo szab...@gmail.com wrote: I just noticed someone bombarding my machine trying to login via ssh. From auth.log Jan 3 06:31:48 s6 sshd[22774]: Failed password for invalid user amavisd from 202.138.142.216 port 35172 ssh2 Jan 3 06:31:48 s6 sshd[22773]: Failed password for invalid user clamav from 202.138.142.216 port 39941 ssh2 Jan 3 06:31:49 s6 sshd[22780]: Invalid user clamav from 202.138.142.216 Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): check pass; user unknown Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216 Jan 3 06:31:49 s6 sshd[22781]: Invalid user appserver from 202.138.142.216 Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): check pass; user unknown Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216 Jan 3 06:31:52 s6 sshd[22780]: Failed password for invalid user clamav from 202.138.142.216 port 35699 ssh2 Jan 3 06:31:52 s6 sshd[22781]: Failed password for invalid user appserver from 202.138.142.216 port 40470 ssh2 So what is your suggestion. What to do with it? Gabor ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
The *route* saga continues, weirder...
Hi, Last time I asked about routing issue on a wifi connected machine. Today I have noticed that this happens also on my *wired* machine. My resolv.conf file is 2 lines to the router: nameserver 192.168.1.1 and to Netvision (194.90.1.5) My routing is very simple one: $ /sbin/route Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.1.0 * 255.255.255.0 U 0 00 eth0 169.254.0.0 * 255.255.0.0 U 0 00 eth0 default 192.168.1.1 0.0.0.0 UG0 00 eth0 The weird part? running the route (without any parameters) shows me the routing correctly if I run the route command 6-7 times over, but in the 8th time (more or less) I see the IP's, then it wait 2-4 seconds and then it shows the default line. I really don't have any explanation for it. I even tried to remove the resolv.conf, and it had no impact at all. Suggestions? Thanks, Hetz -- my blog (hebrew): http://benhamo.org Skype: heunique MSN: hetz-b...@benhamo.org ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: The *route* saga continues, weirder...
Try to disable any daemons that might mess with interfaces/routing: dhclient NetworkManager etc, try see if the problem goes away when these daemons are down. 2010/1/3 Hetz Ben Hamo het...@gmail.com: Hi, Last time I asked about routing issue on a wifi connected machine. Today I have noticed that this happens also on my *wired* machine. My resolv.conf file is 2 lines to the router: nameserver 192.168.1.1 and to Netvision (194.90.1.5) My routing is very simple one: $ /sbin/route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth0 default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 The weird part? running the route (without any parameters) shows me the routing correctly if I run the route command 6-7 times over, but in the 8th time (more or less) I see the IP's, then it wait 2-4 seconds and then it shows the default line. I really don't have any explanation for it. I even tried to remove the resolv.conf, and it had no impact at all. Suggestions? Thanks, Hetz -- my blog (hebrew): http://benhamo.org Skype: heunique MSN: hetz-b...@benhamo.org ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- Stephen Leacock - I detest life-insurance agents: they always argue that I shall some day die, which is not so. - http://www.brainyquote.com/quotes/authors/s/stephen_leacock.html ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Zombie processes
sammy ominsky wrote: Hi all, I have one server that is constantly getting overrun by zombies! Nagios alerts me that ** NAGIOS ALERT ** PROBLEM with Zombie Processes on Hardware *** (***.***.***.***). Service is CRITICAL as of Sun Jan 3 15:17:10 UTC 2010. The additional information available is: PROCS CRITICAL: 23 processes with STATE = Z ps shows me it's mostly one process this time, other times it's others 19279 ?Z 0:00 [playrecording.p] defunct Use pstree and check who the zombies parent is. If it is the same process for almost all of them, this is likely a software bug in playrecording.p (or whatever the parent is). If it is process ID 1, then you have some other problem (probably in the kernel). Shachar -- Shachar Shemesh Lingnu Open Source Consulting Ltd. http://www.lingnu.com ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Zombie processes
look for open descriptors with lsof. 2010/1/3 Shachar Shemesh shac...@shemesh.biz: sammy ominsky wrote: Hi all, I have one server that is constantly getting overrun by zombies! Nagios alerts me that ** NAGIOS ALERT ** PROBLEM with Zombie Processes on Hardware *** (***.***.***.***). Service is CRITICAL as of Sun Jan 3 15:17:10 UTC 2010. The additional information available is: PROCS CRITICAL: 23 processes with STATE = Z ps shows me it's mostly one process this time, other times it's others 19279 ?Z 0:00 [playrecording.p] defunct Use pstree and check who the zombies parent is. If it is the same process for almost all of them, this is likely a software bug in playrecording.p (or whatever the parent is). If it is process ID 1, then you have some other problem (probably in the kernel). Shachar -- Shachar Shemesh Lingnu Open Source Consulting Ltd. http://www.lingnu.com ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Zombie processes
On 03/01/2010, at 18:22, Raz wrote: look for open descriptors with lsof. Thanks! I've pretty much got it pegged as a problem with playrecording.php, but I haven't found the reason yet. Going to assign it to one of my staff coders to investigate. The sysadmins were sadly clueless :) --sambo ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Announce: Hspell 1.1
On Fri, Jan 01, 2010, E L wrote about Re: Announce: Hspell 1.1: I think it should be done in the following order: - If hspell doesn't have it add for each word if it's a verb adjective and so on. Hspell already does this, and more. This is known as a morphological analyzer. It is explained on our site, and you can also find on our site a link to a live demo. - Grammatical analyzer - I saw a doc work that was released under GPL about it long ago. - Grammatical fixer (maybe better spelling suggestion based on grammar - Independent of that we need a list of words and their nikud (I also saw one in that doc work) - Nikud checker - Nakdan Eli, I think this discussion is starting to get a little too specific for this list and I think we should continue it elsewhere. I opened a new mailing list for Hspell, at hspell-de...@lists.sourceforge.net If you're interested, please join this list (via the web interface at https://lists.sourceforge.net/lists/listinfo/hspell-devel) and we can continue this discussion, and other hspell-related technical discussions, there. Everybody who is interested in contributing to Hspell - whether its current capabilities or completely new ones - is very welcome to subscribe to this list. Does anyone know where will be a good place to start getting word list with nikud? The mila (center of knowledge for processing Hebrew, http://www.mila.cs.technion.ac.il/) started something like this (word list with niqqud). They create a word list that was originally forked from Hspell's (and since grew independently), and later they started adding niqqud to the base words - but only did it for part of the lexicon. This is a far-cry, however, from knowing how to inflect these base-words with correct niqqud, and I don't believe they ever did that. Nadav. -- Nadav Har'El| Sunday, Jan 3 2010, 18 Tevet 5770 n...@math.technion.ac.il |- Phone +972-523-790466, ICQ 13349191 |I used to work in a pickle factory, until http://nadav.harel.org.il |I got canned. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Zombie processes
sammy ominsky wrote: On 03/01/2010, at 18:22, Raz wrote: look for open descriptors with lsof. Thanks! I've pretty much got it pegged as a problem with playrecording.php, but I haven't found the reason yet. Going to assign it to one of my staff coders to investigate. The sysadmins were sadly clueless :) sys admins who are not programmers have a very small chance of analyzing such a problem - because this is a software (bug) problem, not a system administration problem. don't blame them for not being able to do something that is completely not within their profession. application programmers often do not understand these kind of bugs, because they are not systems programmers - they understand the application, but not the small intricacies of the unix programming model. you need a systems programmer to analyze such bugs. --guy ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
