Hi all.
I've just noticed that my VPS is now showing UTC rather than BST despite
still being in the "Europe/London" zone.
The following information has been given:
Britain (UK)
Therefore TZ='Europe/London' will be used.
Local time is now: Thu Oct 22 23:56:46 UTC 2009.
Universal Time is now: Thu Oct 22 23:56:46 UTC 2009.
I did a yum update earlier today, but I see no relevant changes in the
tzdata package.
Has anyone else (running CentOS) see this?
(Yes, I know it'll all be moot in a few days :)
--
Dee Earley (dee(a)earlsoft.co.uk)
irc: irc://irc.blitzed.org/
web: http://www.earlsoft.co.uk
phone: +44 (0)780 8369596
Hi folks,
At approximately 1741Z, host faustino appeared to undergo some sort
of lockup or memory starvation and ceased passing network packets.
I was able to see kernel errors scrolling by on the console, but
unable to get a login prompt.
By approximately 1751Z it spontaneously recovered, just as I was
half way through telling the masterswitch to power cycle it. (so I
stopped!)
I'm not sure exactly what happened yet and am not convinced it was
regular memory exhaustion so I am going to be keeping a close eye on
this server.
Apologies for the disruption.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
Hi all,
My VPS started to perform very slowly today. The only thing I can see
from a scan of the logs, is that both
/var/log/auth.log and /var/log/mail.debug are 3 times as large as normal
for the last 2 days.
Andy reports disk usage heavy.
Here is a section from the mail.debug log.
Oct 14 13:49:46 ianhobson postfix/anvil[27480]: statistics: max
connection rate 1/60s for (smtp:113.161.128.172) at Oct 14 13:46:23
Oct 14 13:49:46 ianhobson postfix/anvil[27480]: statistics: max
connection count 1 for (smtp:113.161.128.172) at Oct 14 13:46:23
Oct 14 13:49:46 ianhobson postfix/anvil[27480]: statistics: max cache
size 1 at Oct 14 13:46:23
Oct 14 13:57:59 ianhobson postfix/smtpd[27488]: connect from
unknown[200.172.96.11]
Oct 14 13:58:36 ianhobson postfix/smtpd[27488]: NOQUEUE: reject_warning:
RCPT from unknown[200.172.96.11]: 504 5.5.2 <NCAQBNZS>: Helo command
rejected: need fully-qualified hostname;
from=<suspiciouslyo0(a)reulsport.com> to=<vargassales(a)ianhobson.com>
proto=ESMTP helo=<NCAQBNZS>
Oct 14 13:58:36 ianhobson postfix/smtpd[27488]: warning: restriction
`smtpd_data_restrictions' after `permit' is ignored
Oct 14 13:58:37 ianhobson postfix/smtpd[27488]: E6E76680D6:
client=unknown[200.172.96.11]
Oct 14 13:58:41 ianhobson postfix/cleanup[27491]: E6E76680D6:
message-id=<000d01ca4ccd$f4594c20$6400a8c0@suspiciouslyo0>
Oct 14 13:58:41 ianhobson postfix/qmgr[6059]: E6E76680D6:
from=<suspiciouslyo0(a)reulsport.com>, size=2525, nrcpt=1 (queue active)
Oct 14 13:58:41 ianhobson postfix/virtual[27492]: E6E76680D6:
to=<vargassales(a)ianhobson.com>, relay=virtual, delay=4.9,
delays=4.7/0.01/0/0.13, dsn=5.1.1, status=bounced (unknown user:
"vargassales(a)ianhobson.com")
Oct 14 13:58:41 ianhobson postfix/cleanup[27491]: 94CB36825A:
message-id=<20091014125841.94CB36825A(a)smtp.ianhobson.com>
Oct 14 13:58:41 ianhobson postfix/qmgr[6059]: 94CB36825A: from=<>,
size=4350, nrcpt=1 (queue active)
Oct 14 13:58:41 ianhobson postfix/bounce[27493]: E6E76680D6: sender
non-delivery notification: 94CB36825A
Oct 14 13:58:41 ianhobson postfix/qmgr[6059]: E6E76680D6: removed
Oct 14 13:58:41 ianhobson postfix/smtp[27494]: certificate verification
failed for mail.reulsport.com[80.93.82.54]:25: self-signed certificate
Oct 14 13:58:42 ianhobson postfix/smtpd[27488]: disconnect from
unknown[200.172.96.11]
Looks to me as if many people are trying to relay and/or spam me - and
failing.
Auth.log contains a huge number of failures....
Oct 15 10:11:42 ianhobson sshd[30370]: pam_unix(sshd:auth): check pass;
user unknown
Oct 15 10:11:42 ianhobson sshd[30370]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=59.27.92.25
Oct 15 10:11:44 ianhobson sshd[30370]: Failed password for invalid user
info from 59.27.92.25 port 54696 ssh2
Oct 15 10:11:46 ianhobson sshd[30374]: Invalid user tony from 59.27.92.25
Oct 15 10:11:46 ianhobson sshd[30374]: pam_unix(sshd:auth): check pass;
user unknown
Oct 15 10:11:46 ianhobson sshd[30374]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=59.27.92.25
Oct 15 10:11:48 ianhobson sshd[30374]: Failed password for invalid user
tony from 59.27.92.25 port 54818 ssh2
Oct 15 10:11:50 ianhobson sshd[30378]: Invalid user core from 59.27.92.25
Oct 15 10:11:50 ianhobson sshd[30378]: pam_unix(sshd:auth): check pass;
user unknown
Oct 15 10:11:50 ianhobson sshd[30378]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=59.27.92.25
Oct 15 10:11:53 ianhobson sshd[30378]: Failed password for invalid user
core from 59.27.92.25 port 54938 ssh2
Oct 15 10:11:55 ianhobson sshd[30382]: Invalid user newsletter from
59.27.92.25
Oct 15 10:11:55 ianhobson sshd[30382]: pam_unix(sshd:auth): check pass;
user unknown
Oct 15 10:11:55 ianhobson sshd[30382]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=59.27.92.25
Oct 15 10:11:57 ianhobson sshd[30382]: Failed password for invalid user
newsletter from 59.27.92.25 port 55071 ssh2
Oct 15 10:11:59 ianhobson sshd[30386]: Invalid user named from 59.27.92.25
Oct 15 10:11:59 ianhobson sshd[30386]: pam_unix(sshd:auth): check pass;
user unknown
That found the door bolted, and gave up at 10:17
Only to be replaced by 222.109.206.50 at 10:30. he went on and on until
13:15!
Then 202.131.144.19 appears to run the same script from 13:21
And then 173.10.126.226 comes battering at the door.
Then 64.183.103.148 has a go. Same script. Slight variation on user
names (and presumably passwords).
So I guess, some script kiddie was trying to break in. And with pam
using MySQL for mail authentication, the disk load would be high.
Is there any way I can tar pit him/them?
I want to know if anything is going wrong, and what, if anything I can
do to regain the performance of the VPS?
Is there anything else I should check? Advice sought.
Regards
Ian
p.s Without wishing to temp providence, the PVS is back to normal now.
Hola all,
Any clues about using Bitfolk spamassasin servers with my postfix setup?
I'm assuming /etc/postfix/main.cf needs some magic...
I've found
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
to go in master.cf and other various tutorials for spamd running on the
local machine. I want to use bitfolk remote servers though...
Anyway I won't waffle on for those people on mobile devices ;)
Regards,
Paul
Hi,
At this point (9.15am) I'm unable to access my host on faustino or the
main bitfolk website (hence using this list to try contact Andy)
Websites are giving" Error 101 (net::ERR_CONNECTION_RESET): Unknown
error" (inc bitfolk.com) and pings to both my main URLs are timing
out.
Jennifer
Hi,
It seems that at approximately 0359Z today, the host dunkel was
power cycled. There is no evidence of a crash, and the reboot was
immediate. This was not scheduled work.
VPSes did not start up again automatically because they've been set
not to (in the middle of work or problems, having them all start
automatically tends to cause more difficulty). They were still
available to be started via xen shell console.
Unfortunately the mobile phone alerting mechanism didn't work, so I
was not aware of this, and only became aware when I checked in at
about 11am UK time. I have now started all VPSes on dunkel that
were not already running.
I'm now investigating what has happened here, particularly if there
was anyone working in the rack at the time of the power cycle.
In the event that your service is down and you don't know why or how
to get it started again, there are contact details including a phone
number at:
http://bitfolk.com/contact.html
The power cycle of dunkel itself was completely unexpected but I can
only apologise sincerely for my lack of awareness of this.
Regards,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
