As I read the documentation, on Debian, if I have a
/etc/logwatch/conf/logwatch.conf
file, it gets read and the contents override the default options in
/usr/share/logwatch/dist.conf/logwatch.conf
which in turn overrides
/usr/share/logwatch/default.conf/logwatch.conf
?
At the moment, it doesn't look like the /etc.. file is being read. Or at
least, when I put something in it, it's ignored. Similarly with
/etc/logwatch/conf/override.conf
.. or is just MailTo in those ignored?
Ian
Andy,
Thanks for your reply. If they don't worry you then I certainly won't
worry about them
I have been converting the ipv6 addresses associated with it to ipv4's and
running them through checks to see if they are linked to any known rogues.
Problem is they are btinternet addresses so could be anyone of about a few
million in UK. But the addresses linked to the httpd hack attempts were
Tiscali so the two groups of incidents are probably not related. Then I
realised that I hadn't blocked ipv6 on that vps so have set up a ip6tables
rule dropping all connections, should be the end of it. It probably
explains why I have not noticed such things on my other vps, as ipv6 has
been blocked on there from when I first took it on
--
Keith Williams
Solo bike ride, John O'Groats to Land's End starting 29 August 2010, in
aid of Willen Hospice. Please make a donation at
http://justgiving.com/SimonsTrip
I have recently started receiving TCP Treason Uncloaked messages in my
daily logwatch reports from my vps on Urquell. They appear to be linked to
port 80.
OK, I understand what the message is about, the other host has suddenly
decided to reduce the size of the window during a transaction. Googling
for reasons and causes suggests it is something between and out and out
attack, a kernel or apache bug, a hiccup in TCP and is therefore extremely
serious/nothing to worry about and that I should ignore it/upgrade all
software/run round pulling out all my hair.
I am running the latest version of everything (that is available from the
lenny repository).
The httpd section of the logwatch report tells me that there have been a
number of attempts to use a known hack and it responded with a 501, but
they were reported with an ipv4 address and the treason reports had an
address that appeared to be ipv6 (though attempts to trace it failed)
There aren't many incidents in a day, but I wondered what advice/comments
users here might be able to give and, showing my ignorance here, could
this be related in some way - I've no idea how - to the recent urquell
problems?
Keith
--
Keith Williams
Solo bike ride, John O'Groats to Land's End starting 29 August 2010, in
aid of Willen Hospice. Please make a donation at
http://justgiving.com/SimonsTrip
Hello,
I was alerted that urquell was unresponsive. I connected to the
serial console and found no useful info, and no response, so had no
choice but to power cycle. There was nothing in the BIOS event log
either.
Obviously I'm concerned that there might be a hardware problem here,
especially since I added 12GiB of RAM only last Saturday, but I
don't want to cause more disruption by moving VPSes to spare
hardware just yet. I will keep a close eye on it for now.
Apologies for the disruption,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
Hello,
Apparently this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2240
is actually a local user to root bug, with live exploits out there
at the moment which are based around the X server.
While I imagine few of you are running X on your VPS, eventually
someone may come up with another exploit, so look out for kernel
upgrades for this from your OS vendors.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
Hello,
If you currently pay monthly by PayPal, would you be interested in
trying out a PayPal subscription?
The obvious advantage is that it automatically pays your bill every
30 days as long as you have the funds or means to get the funds
(added credit/debit cards or direct debit to your PayPal account).
If so, please drop an email to support(a)bitfolk.com and I'll sort it
out.
If you don't want to, that's fine. I'm not planning to do away with
manual PayPal or any of the other payment methods currently
supported.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
"It is I, Simon Quinlank. The chief conductor on the bus that is called
hobby." -- Simon Quinlank
Hello there guys,
There appears to be a bug in the current version of PHP that affects my
wordpress pages. When i am in the admincp for WordPress, Apache2 can go
crazy and eat up all of server resources meaning that I have to destroy the
server instance from Xen. Does anyone know why this happens, or if there is
a workaround/resolution for it?
The first time it happened i wasn't aware of it, and Google threw one of
from the search rankings...
Daniel
Hey,
Is it possible that we can get some kind of RSS feed for outages, etc,
preferably split up into the hosts (urquell, kwak, etc).
I know we can get info from twitter/users@ - but it's more likely that
I'll spot an RSS notification popup for an outage (assuming I've put it
in the right group!)
There is an upgrade available for PHP5
* php5 (5.2.6.dfsg.1-1+lenny9) stable-security; urgency=high*
* * Fix CVE-2010-1917: stack consumption on the fnmatch() function
* Fix CVE-2010-2225: use-after-free in the SplObjectStorage
unserializer
* Fix MOPS-2010-60: arbitrary session variables injection*
* -- Raphael Geissert <**geissert(a)debian.org* <geissert(a)debian.org>*> Tue,
03 Aug 2010 21:37:14 -040*
> > I had horrible problems with Apache eating all my RAM until I switched
> > from the stock Ubuntu 8.04 kernel to one Andy suggested from Debian.
> > Seems to have fixed it 100% so far.
>
> These days I would recommend upgrading to 10.04, it's much better.
> But there does seem to be this problem, which I do not think is Xen
> or kernel-related. I think it will turn out to be a bug in PHP or
> apache, possibly tickled by some new feature in Wordpress.
>
> Cheers,
> Andy
> URL: <
> http://lists.bitfolk.com/lurker/list/users.html/attachments/20100807/4a182e…
> >
>
Keith
> --
> Keith Williams
>
> John O'Groats to Lands End solo cycle ride in aid of Willen Hospice. 29th
> August to 12th September 2010. Sponsor us at
> http://justgiving.com/SimonsTrip
>
Hello all,
I'm new to VPS admin, and even more so to DNS, so I apologize in advance
if my questions are naive.
I currently have a Bitfolk VPS that rsyncs a zone file to Bitfolk's name
servers. Migrating to a new VPS running Ubuntu 10.04, I understand that
rsyncing is being discouraged in favor of setting up a DNS server of my
own. I'm under the impression that setting up a DNS server will
similarly carry the information in the zone file to Bitfolks servers,
but I'm unfamiliar with how this process works. I've look at the Ubuntu
documentation for bind9, but I'm not sure if I need a caching server, a
DNS primary, or a DNS secondary.
Can anyone who's done this give me some pointers?