Posts by kalmarr

    I don't think they "hacked" imscp itself. So then I think they got a password and than installed a script on your system. Purging postfix will not change anything, because the script is not included in postfix itself.
    For you it's easier to install a fresh system, because may you will not find every scripts or any backdoors (if exists).


    First I think, but I don't believe that had stolen my password from me.
    1. Only one website attacked, more site are correct, I didn't experienced change other sites.
    2. I think someone attacked for my server, because they placed the script through my site. This script continuously sends SPAM. I deleted this site, customer (I-MSCP) all data. Script is working!

    1. I don't know... I disabled root access my SSH.
    2. I updated regularly my server.
    3. Maybe... I have denyhost, fail2ban, Clamav and I configured my firewall.... (What should I do? What do you thing? Do you send a check list?)
    4. I didn't experience... I all use complicated password...


    I think, first attacked my Drupal site after attacked I-MSCP server/Debian server, because I deleted the site page and customer. Purge uninstall postfix and update IMSCP, but my server send the SPAM...

    Yes, my server is sending the SPAMs and very slow! Now I try update I-MSCP 1.2.2., but it very slow :(


    mail.log


    ---
    Apr 26 17:18:23 fqhn spamd[4413]: prefork: child states: IB
    Apr 26 17:18:23 fqhn postfix/cleanup[9932]: 672182C60C0: message-id=<20150426151823.672182C60C0@fqhn.server.info>
    Apr 26 17:18:23 fqhn postfix/bounce[9127]: EFDB52C5F35: sender non-delivery notification: 672182C60C0
    Apr 26 17:18:23 fqhn postfix/qmgr[4556]: 672182C60C0: from=<>, size=27958, nrcpt=1 (queue active)
    Apr 26 17:18:23 fqhn postfix/qmgr[4556]: EFDB52C5F35: removed
    Apr 26 17:18:23 fqhn postfix/smtp[9405]: 672182C60C0: to=<webmaster@server.hu>, relay=none, delay=0.04, delays=0.04/ 0/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=server.hu type=A: Host found but no data record of requested type)
    Apr 26 17:18:23 fqhn postfix/qmgr[4556]: 672182C60C0: removed
    Apr 26 17:18:23 fqhn spamd[10090]: spamd: clean message (2.0/5.0) for anandbhala007@yahoo.co.in:112 in 0.3 seconds, 25654 bytes.
    Apr 26 17:18:23 fqhn spamd[10090]: spamd: result: . 1 - ALL_TRUSTED,DATE_IN_PAST_03_06,DKIM_ADSP_NXDOMAIN,HTML_MESSAGE,MIME_HTML_ONL Y,URIBL_PH_SURBL,URI_GOOGLE_PROXY scantime=0.3,size=25654,user=anandbhala007@yahoo.co.in,uid=112,required_score=5.0,rhost=fqhn.matri xcbs-server.info.local,raddr=127.0.0.1,rport=39421,mid=<20150426151823.30EE42C6009@fqhn.server.info>,autolearn=no
    Apr 26 17:18:23 fqhn spamd[4413]: prefork: child states: II
    Apr 26 17:18:23 fqhn postfix/qmgr[4556]: 30EE42C6009: from=<webmaster@server.hu>, size=25497, nrcpt=1 (queue active)
    Apr 26 17:18:23 fqhn postfix/pickup[4555]: 9D5492C5BFE: uid=1017 from=<webmaster@server.hu>
    Apr 26 17:18:23 fqhn postfix/cleanup[9932]: 9D5492C5BFE: message-id=<20150426151823.9D5492C5BFE@fqhn.server.info>
    Apr 26 17:18:23 fqhn spamd[8519]: spamd: connection from fqhn.server.info.local [127.0.0.1] at port 39422
    Apr 26 17:18:23 fqhn spamd[8519]: config: failed to parse line, skipping, in "(no file)": use_dcc 0
    Apr 26 17:18:23 fqhn spamd[8519]: spamd: processing message <20150426151823.9D5492C5BFE@fqhn.server.info> for aeruh_dimala nta@yahoo.au:112
    Apr 26 17:18:23 fqhn postfix/smtp[9328]: E41552C4969: to=<ankit_cool_aquarious@yahoo.co.in>, relay=mx-apac.mail.gm0.yahoodns.net[106 .10.166.54]:25, delay=19443, delays=19440/0/3/0.2, dsn=4.7.0, status=deferred (host mx-apac.mail.gm0.yahoodns.net[106.10.166.54] sai d: 421 4.7.0 [TS01] Messages from 213.136.87.179 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yaho o.com/421-ts01.html (in reply to MAIL FROM command))
    Apr 26 17:18:23 fqhn spamd[8519]: spamd: clean message (2.0/5.0) for aeruh_dimalanta@yahoo.au:112 in 0.3 seconds, 25652 bytes.
    Apr 26 17:18:23 fqhn spamd[8519]: spamd: result: . 1 - ALL_TRUSTED,DATE_IN_PAST_03_06,DKIM_ADSP_NXDOMAIN,HTML_MESSAGE,MIME_HTML_ONLY ,URIBL_PH_SURBL,URI_GOOGLE_PROXY scantime=0.3,size=25652,user=aeruh_dimalanta@yahoo.au,uid=112,required_score=5.0,rhost=fqhn.matrixc bs-server.info.local,raddr=127.0.0.1,rport=39422,mid=<20150426151823.9D5492C5BFE@fqhn.server.info>,autolearn=no
    Apr 26 17:18:24 fqhn postfix/qmgr[4556]: 9D5492C5BFE: from=<webmaster@server.hu>, size=25496, nrcpt=1 (queue active)
    Apr 26 17:18:24 fqhn postfix/pickup[4555]: 000692C6000: uid=1017 from=<webmaster@server.hu>
    Apr 26 17:18:24 fqhn postfix/cleanup[9523]: 000692C6000: message-id=<20150426151824.000692C6000@fqhn.server.info>
    Apr 26 17:18:24 fqhn spamd[10090]: spamd: connection from fqhn.server.info.local [127.0.0.1] at port 39423
    Apr 26 17:18:24 fqhn postfix/smtp[9504]: 9D5492C5BFE: to=<aeruh_dimalanta@yahoo.au>, relay=none, delay=19423, delays=19423/0/0/0, ds n=5.4.4, status=bounced (Host or domain name not found. Name service error for name=yahoo.au type=A: Host not found)
    Apr 26 17:18:24 fqhn postfix/cleanup[9932]: 032EC2C60EC: message-id=<20150426151824.032EC2C60EC@fqhn.server.info>
    Apr 26 17:18:24 fqhn spamd[10090]: config: failed to parse line, skipping, in "(no file)": use_dcc 0
    Apr 26 17:18:24 fqhn spamd[10090]: spamd: processing message <20150426151824.000692C6000@fqhn.server.info> for alvinaraza@
    ---

    Hello,


    First upgrade my Debian 7.8 server and delete all domain directory (IMSCP delete customer), but my server is sending SPAM. I think hack my all Debian server and IMSCP and not only Drupal Site.
    If I stop postfix my server don't send more letter, but reboot server is restarted sending...

    Hello!


    I don't exactly what happened. My site attack "GASTON DIABLO" team. First I signal I got more "Paypal e-mail" with my domain name. After I try login my server that is very slow. I check my domain I see the attach picture.
    This site run Drupal 7 CMS.


    I would like to ask this attack concerned to IMSCP? Now server is very slow, I check root directory and I see there are all web site dircector in root.


    I check my server HTOP I don't find extreme loads, but Server is slow....


    What do you thinks about? What should be done?


    Kalmi

    If the domain.com and domain.hu different users (webspaces), then you can do your redirect in the /etc/apache2/imscp/ folder. Theer you will find for every domain, alais-domain and sub an extra conf-file

    Code
    1. Redirect / http://domain.hu


    I would like to ask do you know use this method the new "i-MSCP 1.2.1" or have a better solution?

    Hello,


    I would like to ask do you success fix the error? If yes, what is the solution?
    ---
    Unknown Error:
    An unexpected error occurred:
    iMSCP::File::get: Unable to open /etc/dovecot/dovecot.conf: Nincs ilyen fájl vagy könyvtár
    Plugin::RoundcubePlugins::_modifyDovecotConfig: Unable to read /etc/dovecot/dovecot.conf
    ---
    I check the "/etc/dovecot/" path, but I don't find file...


    RoundcubePlugins - Version 0.0.9
    i-MSCP 1.1.20 - Debian 7

    Kess: Yes I think, because I don't know why can I use it simple...


    Ninos: I hope this is the information - https://eupalyazat.info/php.php

    I check it: apache php fpm -> If I dont change the install, then It will install.


    Other question what is the different apache php fpm; apache itk and apache fcgid?

    Hello!


    I don't understand the "open_basedir" settings. I would like to use Drupal 7, but this CMS is need the open_basedir setting. (open_basedir limit)


    I make two domain same settings one works is good and other doesn't work :@ .


    I try found php.ini, but I don't found how I write the "open_basedir =".


    find / -name php.ini


    All files
    ---
    /etc/imscp/fcgi/parts/master/php5/php.ini
    /etc/imscp/fcgi/parts/php5/php.ini
    /etc/imscp/php-fpm/working/php.ini
    /etc/php5/fpm/php.ini
    /etc/php5/cli/php.ini
    ---
    Where is the /var/www/fcgi/domain.hu/php5/php.ini ?


    How can I fix the the "open_basedir" problem? Which file needs to be changed?


    Thx


    KALMI