Thank you very much for your work 
The solution works perfectly!
I don't know WHY that client used that stuff with .php extensions for mod_rewrite rule. But i guess he will be happy when we deploy that fix.
Best regards
Koren
Posts by Koren
-
-
Hi,
I noticed some of my clients complained about websites, that are not working properly, after the recent upgrade to the version 1.3.9 of I-MSCP.
We have a number of sites, that use mod_rewrite to modify url patterns on their wordpress based blogs. Some of them doesn't work anymore.If we rewrite URLs, that use .php at the end, they don't work anymore and throw an error 404:
Example:
Now we have the URL http://www.domain.tld//3-main-tipps.php which throw an error 404. (Previously, using I-MSCP 1.3.0 that website was able to load correctly).
I assume, it is becasue in the apache configuration the .php extension is now rewritten to the fcgi handler and overrides the .htaccess of the customer.Is there a workarround for this ?
Best regards
Koren
-
-
Now it breaks, because the variable $data is not set in imscp_common_methods.pl for the decode_base64:
-
It looks to me, like the imscp-sw-mngr still calls the old setup_db_vars function in imscp_common_methods.pl and there it tries to decrypt the database pw using the old blowfish encryption.
I was successfully able to finish the upgrade by simply skipping the software-manager parts of the i-mscp setzp, but I think there is actually a bug.Best regards
Koren
-
Hi!,
I tried the Upgrade from 1.3.0 to 1.3.9 today and at the end it fails with the error:
FATAL: Could not to load database parameters at /var/www/imscp/engine/imscp_common_code.pl line 66.
I saw, it fails during the decrytion of the MySQL database params. The imscp-db-keys in /etc/imscp/ is there and has current time.
Full Error Message: [ERROR] main::setupDbTasks: FATAL: Could not to load database parameters at /var/www/imscp/engine/imscp_common_code.pl line 66.
Compilation failed in require at /var/www/imscp/engine/imscp-sw-mngr line 27. at /usr/local/src/imscp-1.3.9/engine/PerlLib/iMSCP/DbTasksProcessor.pm line 330.Environment:
- Debian 8.6
- Apache 2.4 with php-fpmLatest I-MSCP (1.3.9.zip) downloaded today from the official repo.
Can someone help here ?
-
Could you give me an access to that server for checking?
Yes. That would be super great, if you could take look at this. I added your SSH key to the server and sent you the server-data via private forum message.
-
Heres another E-Mail header of an e-mail that is not a mailer-daemon one:
Code- regular_text: ------------=_57CCA388.6BD51A33regular_text: Content-Type: message/rfc822; x-spam-type=original regular_text: Content-Description: original message before SpamAssassinregular_text: Content-Disposition: attachmentregular_text: Content-Transfer-Encoding: 8bitregular_text:regular_text: X-Envelope-From: <abbeyalimio@hmspermedion.com>regular_text: X-Envelope-To: <isiah1216.lj@gmail.commail.com>regular_text: Received: from srv08.[our-hostname].de (srv08.[our-hostname].de [our-ipv4-address])regular_text: by srv08.[our-hostname].de(Postfix 2.11.3/8.13.0) with SMTP id unknownregular_text: Mon, 05 Sep 2016 00:43:15 +0200regular_text: (envelope-from <abbeyalimio@hmspermedion.com>regular_text: Received: from abbeyalimio by srv08.[our-hostname].de with local (Exim 4.22)regular_text: id igx43g-tvBEtz-w1regular_text: for isiah1216.lj@gmail.commail.com; Mon, 05 Sep 2016 10:02:37 +0200 regular_text: To: "isiah1216.lj" <isiah1216.lj@gmail.commail.com>regular_text: Subject: A meeting with a married girl, 717-895-0158 how about that!regular_text: Message-Id: <igx43g-tvBEtz-w1@srv08.[our-hostname].de>regular_text: From: "Bella Ramos" <abbeyalimio@hmspermedion.com>regular_text: Date: Mon, 05 Sep 2016 10:02:37 +0200regular_text: Mime-Version: 1.0regular_text: Content-Type: text/html; charset=us-ascii regular_text: Content-Transfer-Encoding: quoted-printableregular_text:*** HEADER EXTRACTED deferred/2/223E865D4F7 ***
It says, the e-mail would be coming from some "exim" on the local machine. But there clearly is no exim installed and/or running. Also checked the machine. There are no exim files. So I guess, that information is fake.
Also no suspicious processes are running. I can hardly find any viable information on this.mail.log lines of that e-mail:
Code- Sep 5 00:43:15 srv08 postfix/smtpd[994]: AF55765A6D8: client=srv08.[our-hostname].de[our-ipv4-address]
- Sep 5 00:43:15 srv08 postfix/cleanup[465]: AF55765A6D8: message-id=<igx43g-tvBEtz-w1@srv08.[our-hostname].de>
- Sep 5 00:43:21 srv08 postfix/qmgr[17569]: AF55765A6D8: from=<abbeyalimio@hmspermedion.com>, size=5624, nrcpt=1 (queue active)
- Sep 5 00:43:21 srv08 postfix/smtp[1061]: AF55765A6D8: to=<isiah1216.lj@gmail.commail.com>, relay=none, delay=5.3, delays=5.3/0/0/0, dsn=5.4.6, status=bounced (mail for gmail.commail.com l\
- oops back to myself)
- Sep 5 00:43:21 srv08 postfix/bounce[1038]: AF55765A6D8: sender non-delivery notification: 223E865D4F7
- Sep 5 00:43:21 srv08 postfix/qmgr[17569]: AF55765A6D8: removed
Anyone got an idea based on this ? -
Hi,
Understood. I try to provide you with all the information possible:
System:
- Debian GNU/Linux 8 (Jessie)
- I-MSCP 1.3.0 (Stable) with PHP5-FPM, ProFTPD, Postfix, Dovecot
- SpamAssassin Plugin Version 1.1.0 (From: 2016-06-25)The Problem is, that the server is sending lots and lots of e-mails, that clearly are spam and we cannot find any cause. There are multiple sites on that server, using php and cgi applications.
We log any mail, that is sent through the php "mail()" mechanism, but that mails are not appearing there. All mails are seen as coming from the local machine.One example out of mailq (that is from the bounce, since that is from the bounce:
Log-Lines related to that E-Mail:Code- Sep 7 20:00:27 srv08 postfix/smtpd[24039]: 62FAE65B268: client=srv08.[our-hostname].de[our-ipv4-addr]Sep 7 20:00:27 srv08 postfix/cleanup[23382]: 62FAE65B268: message-id=<20160907214712.29570.qmail@srv08.[our-hostname].de>Sep 7 20:00:29 srv08 postfix/qmgr[19408]: 62FAE65B268: from=<redacted@swc.math.arizona.edu>, size=990, nrcpt=1 (queue active)Sep 7 20:00:29 srv08 postfix/smtp[24620]: 62FAE65B268: to=<1254@hgf.fr>, relay=none, delay=1.6, delays=1.6/0/0/0, dsn=5.4.6, status=bounced (mail for hgf.fr loops back to myself)Sep 7 20:00:29 srv08 postfix/bounce[24621]: 62FAE65B268: sender non-delivery notification: 21A9865EDEDSep 7 20:00:29 srv08 postfix/qmgr[19408]: 62FAE65B268: removed
The recipient address and the target address does not belong to any of our domains/e-mail addresses. The mail headers of the e-mail doesnt contain any information. In the logfiles, we can only see, that it is originating from the local machine and delivered to the postfix daemon via smtp. (Baybe with cgi/php smtp client?)Example Mail-Headers:
Display MoreCode- regular_text: --62FAE65B268.1473271229/srv08.[our-hostname].de
- regular_text: Content-Type: message/rfc822
- regular_text: Content-Transfer-Encoding: 8bit
- regular_text:
- regular_text: Return-Path: <charlottmeavet@swc.math.arizona.edu>
- regular_text: Received: from srv08.[our-hostname].de (srv08.[our-hostname].de [our-ipv4-addr])
- regular_text: by srv08.[our-hostname].de (Postfix) with SMTP id 62FAE65B268
- regular_text: for <1254@hgf.fr>; Wed, 7 Sep 2016 20:00:27 +0200 (CEST)
- regular_text: Received: (qmail 29570 invoked by uid 49356); 07 Sep 2016 21:47:12 -0000
- regular_text: Date: 07 Sep 2016 21:47:12 -0000
- regular_text: Message-ID: <20160907214712.29570.qmail@srv08.[our-hostname].de>
- regular_text: From: "Redacted" <redacted@swc.math.arizona.edu>
- regular_text: To: "1254" <redacted@hgf.fr>
- regular_text: Subject: [REDACTED]
- regular_text: Mime-Version: 1.0
- regular_text: Content-Type: text/html
- regular_text: Content-Transfer-Encoding: 8bit
- regular_text: X-Spam-Status: No, score=3.8 required=5.0 tests=DATE_IN_FUTURE_03_06,
- regular_text: HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,URI_WPADMIN
- regular_text: autolearn=no autolearn_force=no version=3.4.0
- regular_text: X-Spam-Level: ***
- regular_text: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on srv08.[our-hostname].de
- regular_text:
- regular_text: --62FAE65B268.1473271229/srv08.[our-hostname].de--
- pointer_record: 0
- *** HEADER EXTRACTED deferred/2/21A9865EDED ***
-
Hi Everyone,
We currently have a larger spam issue on one of our servers. I think, that some customer hosted CMS is compromised and is sending spam e-mails out.
Unlike any other spam issue, i've ever seen, this time it is NOT sent via php's mail() feature. (I log that and there's nothing there).In the postfix log, I can see, the mails are delivered by the server's own ip address (and, of course allowing it, since the local ip is in mynetworks).
The header's of the spam examples, that got reported to me, gives absolutely no hint on the root cause. (e.g. which customer etc). Envelope data, from fields, recipients
are all unknown (not from our customers) and seem to be fake.Does anyone got an idea, on how to track this further ? Could it be a php script, delivering the mails via localhost:25 by having some smtp client implemented in php ? How would it
be possible to monitor that ?I would be very happy for any hint, that could help me to get more insight and solve that problem.
Best regards
C