Hi Andy,
Another query about availability. I could do with another slice buit see
that there's none available. Any word on when/if?
Chris...
*Chris Keegan* | Managing Director
EVANS & FINCH LIMITED <http://www.evansfinch.co.uk>
t: +44117 328 1487 | m:+447733 102395
Bush House, 72 Prince Street, Bristol, BS1 4QD
Check Out Our Latest Project: Children of Herne
<http://www.childrenofherne.com>
Follow us on Twitter: www.twitter.com/evansfinch
<http://www.twitter.com/evansfinch>
This email was independently scanned for viruses by McAfee anti-virus software and none were found
Hi,
There was a short network outage on kwak starting around
1445Z and lasting about 4 minutes.
I was investigating some anomalous traffic with tcpdump,
accidentally caused too much output and broke networking as a
result. Customers on kwak, please accept my apologies for this
disruption. :(
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
Since about 0800Z some connectivity to Jump (BitFolk's upstream) has
been flapping. They are investigating.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
You dont have to be illiterate to use the Internet, but it help's.
-- Mike Bristow
Hi all,
I read recently that the EU passed a law requiring user consent to
use cookies (more from http://www.out-law.com/page-10510). The law
doesn't come into effect until April 2011, and by then the
enforcement practices may be specified to make it almost void, but it
does raise an interesting question for me.
I'm located in the US, but due to the specifics of how my site came
into my possession, it's registered and hosted in the UK. Whose laws
apply to a site like mine, owned and hosted from different sides of
the pond? and assuming I'm not subject to British laws, to what
extent might Bitfolk or my registrar be exposed to legal action?
Best,
Mike
Hello,
If local user privilege escalation and/or DoS is an issue for you
then you may wish to ensure your kernel is not vulnerable to:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547
"Multiple race conditions in fs/pipe.c in the Linux kernel
before 2.6.32-rc6 allow local users to cause a denial of
service (NULL pointer dereference and system crash) or gain
privileges by attempting to open an anonymous pipe via a
/proc/*/fd/ pathname."
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3621
"net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier
allows local users to cause a denial of service (system
hang) by creating an abstract-namespace AF_UNIX listening
socket, performing a shutdown operation on this socket, and
then performing a series of connect operations to this
socket."
amongst others.
Updates were recently pushed out to Debian and I assume others.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
"What should one say after making love? ``Thank you'' seems too much.
``I'm sorry'' - somehow not enough." -- The League Against Tedium
Hi,
In a few days I'm going to be adding some additional monitoring
hosts. If you are currently punching holes in your firewalls for
212.13.194.71 to do checks, please could you also allow:
212.13.194.73
212.13.194.87
212.13.194.207
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
"Xandros's low-level support for the Eee mostly seemed to consist of a pile of
shell scripts made of cheese and failure." -- Matthew Garrett
Hi all.
I've just noticed that my VPS is now showing UTC rather than BST despite
still being in the "Europe/London" zone.
The following information has been given:
Britain (UK)
Therefore TZ='Europe/London' will be used.
Local time is now: Thu Oct 22 23:56:46 UTC 2009.
Universal Time is now: Thu Oct 22 23:56:46 UTC 2009.
I did a yum update earlier today, but I see no relevant changes in the
tzdata package.
Has anyone else (running CentOS) see this?
(Yes, I know it'll all be moot in a few days :)
--
Dee Earley (dee(a)earlsoft.co.uk)
irc: irc://irc.blitzed.org/
web: http://www.earlsoft.co.uk
phone: +44 (0)780 8369596
Hi folks,
At approximately 1741Z, host faustino appeared to undergo some sort
of lockup or memory starvation and ceased passing network packets.
I was able to see kernel errors scrolling by on the console, but
unable to get a login prompt.
By approximately 1751Z it spontaneously recovered, just as I was
half way through telling the masterswitch to power cycle it. (so I
stopped!)
I'm not sure exactly what happened yet and am not convinced it was
regular memory exhaustion so I am going to be keeping a close eye on
this server.
Apologies for the disruption.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
Hi all,
My VPS started to perform very slowly today. The only thing I can see
from a scan of the logs, is that both
/var/log/auth.log and /var/log/mail.debug are 3 times as large as normal
for the last 2 days.
Andy reports disk usage heavy.
Here is a section from the mail.debug log.
Oct 14 13:49:46 ianhobson postfix/anvil[27480]: statistics: max
connection rate 1/60s for (smtp:113.161.128.172) at Oct 14 13:46:23
Oct 14 13:49:46 ianhobson postfix/anvil[27480]: statistics: max
connection count 1 for (smtp:113.161.128.172) at Oct 14 13:46:23
Oct 14 13:49:46 ianhobson postfix/anvil[27480]: statistics: max cache
size 1 at Oct 14 13:46:23
Oct 14 13:57:59 ianhobson postfix/smtpd[27488]: connect from
unknown[200.172.96.11]
Oct 14 13:58:36 ianhobson postfix/smtpd[27488]: NOQUEUE: reject_warning:
RCPT from unknown[200.172.96.11]: 504 5.5.2 <NCAQBNZS>: Helo command
rejected: need fully-qualified hostname;
from=<suspiciouslyo0(a)reulsport.com> to=<vargassales(a)ianhobson.com>
proto=ESMTP helo=<NCAQBNZS>
Oct 14 13:58:36 ianhobson postfix/smtpd[27488]: warning: restriction
`smtpd_data_restrictions' after `permit' is ignored
Oct 14 13:58:37 ianhobson postfix/smtpd[27488]: E6E76680D6:
client=unknown[200.172.96.11]
Oct 14 13:58:41 ianhobson postfix/cleanup[27491]: E6E76680D6:
message-id=<000d01ca4ccd$f4594c20$6400a8c0@suspiciouslyo0>
Oct 14 13:58:41 ianhobson postfix/qmgr[6059]: E6E76680D6:
from=<suspiciouslyo0(a)reulsport.com>, size=2525, nrcpt=1 (queue active)
Oct 14 13:58:41 ianhobson postfix/virtual[27492]: E6E76680D6:
to=<vargassales(a)ianhobson.com>, relay=virtual, delay=4.9,
delays=4.7/0.01/0/0.13, dsn=5.1.1, status=bounced (unknown user:
"vargassales(a)ianhobson.com")
Oct 14 13:58:41 ianhobson postfix/cleanup[27491]: 94CB36825A:
message-id=<20091014125841.94CB36825A(a)smtp.ianhobson.com>
Oct 14 13:58:41 ianhobson postfix/qmgr[6059]: 94CB36825A: from=<>,
size=4350, nrcpt=1 (queue active)
Oct 14 13:58:41 ianhobson postfix/bounce[27493]: E6E76680D6: sender
non-delivery notification: 94CB36825A
Oct 14 13:58:41 ianhobson postfix/qmgr[6059]: E6E76680D6: removed
Oct 14 13:58:41 ianhobson postfix/smtp[27494]: certificate verification
failed for mail.reulsport.com[80.93.82.54]:25: self-signed certificate
Oct 14 13:58:42 ianhobson postfix/smtpd[27488]: disconnect from
unknown[200.172.96.11]
Looks to me as if many people are trying to relay and/or spam me - and
failing.
Auth.log contains a huge number of failures....
Oct 15 10:11:42 ianhobson sshd[30370]: pam_unix(sshd:auth): check pass;
user unknown
Oct 15 10:11:42 ianhobson sshd[30370]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=59.27.92.25
Oct 15 10:11:44 ianhobson sshd[30370]: Failed password for invalid user
info from 59.27.92.25 port 54696 ssh2
Oct 15 10:11:46 ianhobson sshd[30374]: Invalid user tony from 59.27.92.25
Oct 15 10:11:46 ianhobson sshd[30374]: pam_unix(sshd:auth): check pass;
user unknown
Oct 15 10:11:46 ianhobson sshd[30374]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=59.27.92.25
Oct 15 10:11:48 ianhobson sshd[30374]: Failed password for invalid user
tony from 59.27.92.25 port 54818 ssh2
Oct 15 10:11:50 ianhobson sshd[30378]: Invalid user core from 59.27.92.25
Oct 15 10:11:50 ianhobson sshd[30378]: pam_unix(sshd:auth): check pass;
user unknown
Oct 15 10:11:50 ianhobson sshd[30378]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=59.27.92.25
Oct 15 10:11:53 ianhobson sshd[30378]: Failed password for invalid user
core from 59.27.92.25 port 54938 ssh2
Oct 15 10:11:55 ianhobson sshd[30382]: Invalid user newsletter from
59.27.92.25
Oct 15 10:11:55 ianhobson sshd[30382]: pam_unix(sshd:auth): check pass;
user unknown
Oct 15 10:11:55 ianhobson sshd[30382]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=59.27.92.25
Oct 15 10:11:57 ianhobson sshd[30382]: Failed password for invalid user
newsletter from 59.27.92.25 port 55071 ssh2
Oct 15 10:11:59 ianhobson sshd[30386]: Invalid user named from 59.27.92.25
Oct 15 10:11:59 ianhobson sshd[30386]: pam_unix(sshd:auth): check pass;
user unknown
That found the door bolted, and gave up at 10:17
Only to be replaced by 222.109.206.50 at 10:30. he went on and on until
13:15!
Then 202.131.144.19 appears to run the same script from 13:21
And then 173.10.126.226 comes battering at the door.
Then 64.183.103.148 has a go. Same script. Slight variation on user
names (and presumably passwords).
So I guess, some script kiddie was trying to break in. And with pam
using MySQL for mail authentication, the disk load would be high.
Is there any way I can tar pit him/them?
I want to know if anything is going wrong, and what, if anything I can
do to regain the performance of the VPS?
Is there anything else I should check? Advice sought.
Regards
Ian
p.s Without wishing to temp providence, the PVS is back to normal now.
Hola all,
Any clues about using Bitfolk spamassasin servers with my postfix setup?
I'm assuming /etc/postfix/main.cf needs some magic...
I've found
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
to go in master.cf and other various tutorials for spamd running on the
local machine. I want to use bitfolk remote servers though...
Anyway I won't waffle on for those people on mobile devices ;)
Regards,
Paul
