Posts by kalmarr

    I want to solve the problem, because I will study the debugging. :)



    https://www.google.hu/search?q=libpthread-2.13.so[7fc3a3a31000%2B17000]&ie=utf-8&oe=utf-8&gws_rd=cr&ei=J70TVpegDeSaygOUxKyQAg


    #dmesg




    I would like to ask a little help where I should seek? :)

    I hope this is #php -m
    PHP: syntax error, unexpected BOOL_TRUE in /etc/php5/cli/conf.d/20-apc.ini on line 7
    PHP Warning: Module 'apc' already loaded in Unknown on line 0
    [PHP Modules]
    apc
    apcu
    bcmath
    bz2
    calendar
    Core
    ctype
    curl
    date
    dba
    dom
    ereg
    exif
    fileinfo
    filter
    ftp
    gd
    geoip
    gettext
    hash
    iconv
    imap
    intl
    json
    libxml
    mbstring
    mcrypt
    memcached
    mhash
    mysql
    mysqli
    mysqlnd
    openssl
    pcntl
    pcre
    PDO
    pdo_mysql
    Phar
    posix
    Reflection
    session
    shmop
    SimpleXML
    soap
    sockets
    SPL
    standard
    sysvmsg
    sysvsem
    sysvshm
    tokenizer
    uploadprogress
    wddx
    xml
    xmlreader
    xmlwriter
    zip
    zlib



    [Zend Modules]



    # nano /etc/php5/cli/conf.d/20-apc.ini


    extension=apc.so
    apc.shm_segments=1
    apc.shm_size=1000M
    apc.ttl=86400
    apc.gc_ttl=3600
    apc.enable_cli=1
    apc.enabled => On => On
    apc.stat=1
    apc.max_file_size=1M
    apc.mmap_file_mask=/var/tmp/apc/apc.XXXXXX
    apc.num_files_hint=15360
    apc.user_entries_hint=15360
    apc.user_ttl=86400
    apc.optimization=0
    apc.slam_defense=0
    apc.localcache=1
    apc.localcache.size=256
    apc.lazy_functions=1
    apc.lazy_classes=1

    :(
    I rebooted my system, now all web page is down......


    I have a VPS.


    >free
    ---
    total used free shared buffers cached
    Mem: 6131000 1515892 4615108 0 38136 672360
    -/+ buffers/cache: 805396 5325604
    Swap: 0 0 0
    ---


    >df -h
    Fájlrendszer Méret Fogl. Szab. Fo.% Csatol. pont
    rootfs 493G 94G 374G 21% /
    udev 10M 0 10M 0% /dev
    tmpfs 599M 2,3M 597M 1% /run
    /dev/disk/by-uuid/ee496802-7beb-42aa-a751-80ab16020540 493G 94G 374G 21% /
    tmpfs 5,0M 0 5,0M 0% /run/lock
    tmpfs 1,2G 0 1,2G 0% /run/shm
    tmpfs 1000M 0 1000M 0% /var/tmp/apc



    I see and I don't understand, what's happend the my swap file?

    Hello!


    I would like to ask for your helps.


    Only I updated the RoundcubePlugins 1.2.2 to RoundcubePlugins 1.2.3.


    The IMSCP freeze and I have got a error message "502 Bad Gateway - nginx" - about the site.


    I tried restart imscp - 'service imscp_panel restart"


    I have got a error message:


    [FAIL] Restarting i-MSCP frontEnd PHP FCGI processes: imscp_panel failed!


    Syslog - >
    fqhn kernel: [10192484.477220] php5-cgi[32096]: segfault at f ip 00007fbe61bb6ac4 sp 00007ffe125af110 error 6 in libpthread-2.13.so[7fbe61bae000+17000]


    I tried disabled all plugin.


    Error 1.2.2 -> 1.2.8


    and reinstall or disabled the ssl, this is still a problem :(


    I check my web page that are workings.


    What is the problem? What I should do it?


    My system:
    System: Linux fqhn 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u1 x86_64 GNU/Linux


    No LSB modules are available.
    Distributor ID: Debian
    Description: Debian GNU/Linux 7.9 (wheezy)
    Release: 7.9
    Codename: wheezy


    Imscp 1.2.9


    Thx



    Robert

    I don't think they "hacked" imscp itself. So then I think they got a password and than installed a script on your system. Purging postfix will not change anything, because the script is not included in postfix itself.
    For you it's easier to install a fresh system, because may you will not find every scripts or any backdoors (if exists).


    First I think, but I don't believe that had stolen my password from me.
    1. Only one website attacked, more site are correct, I didn't experienced change other sites.
    2. I think someone attacked for my server, because they placed the script through my site. This script continuously sends SPAM. I deleted this site, customer (I-MSCP) all data. Script is working!

    1. I don't know... I disabled root access my SSH.
    2. I updated regularly my server.
    3. Maybe... I have denyhost, fail2ban, Clamav and I configured my firewall.... (What should I do? What do you thing? Do you send a check list?)
    4. I didn't experience... I all use complicated password...


    I think, first attacked my Drupal site after attacked I-MSCP server/Debian server, because I deleted the site page and customer. Purge uninstall postfix and update IMSCP, but my server send the SPAM...

    Yes, my server is sending the SPAMs and very slow! Now I try update I-MSCP 1.2.2., but it very slow :(


    mail.log


    ---
    Apr 26 17:18:23 fqhn spamd[4413]: prefork: child states: IB
    Apr 26 17:18:23 fqhn postfix/cleanup[9932]: 672182C60C0: message-id=<[email protected]>
    Apr 26 17:18:23 fqhn postfix/bounce[9127]: EFDB52C5F35: sender non-delivery notification: 672182C60C0
    Apr 26 17:18:23 fqhn postfix/qmgr[4556]: 672182C60C0: from=<>, size=27958, nrcpt=1 (queue active)
    Apr 26 17:18:23 fqhn postfix/qmgr[4556]: EFDB52C5F35: removed
    Apr 26 17:18:23 fqhn postfix/smtp[9405]: 672182C60C0: to=<[email protected]>, relay=none, delay=0.04, delays=0.04/ 0/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=server.hu type=A: Host found but no data record of requested type)
    Apr 26 17:18:23 fqhn postfix/qmgr[4556]: 672182C60C0: removed
    Apr 26 17:18:23 fqhn spamd[10090]: spamd: clean message (2.0/5.0) for [email protected]:112 in 0.3 seconds, 25654 bytes.
    Apr 26 17:18:23 fqhn spamd[10090]: spamd: result: . 1 - ALL_TRUSTED,DATE_IN_PAST_03_06,DKIM_ADSP_NXDOMAIN,HTML_MESSAGE,MIME_HTML_ONL Y,URIBL_PH_SURBL,URI_GOOGLE_PROXY scantime=0.3,size=25654,[email protected],uid=112,required_score=5.0,rhost=fqhn.matri xcbs-server.info.local,raddr=127.0.0.1,rport=39421,mid=<[email protected]>,autolearn=no
    Apr 26 17:18:23 fqhn spamd[4413]: prefork: child states: II
    Apr 26 17:18:23 fqhn postfix/qmgr[4556]: 30EE42C6009: from=<[email protected]>, size=25497, nrcpt=1 (queue active)
    Apr 26 17:18:23 fqhn postfix/pickup[4555]: 9D5492C5BFE: uid=1017 from=<[email protected]>
    Apr 26 17:18:23 fqhn postfix/cleanup[9932]: 9D5492C5BFE: message-id=<[email protected]>
    Apr 26 17:18:23 fqhn spamd[8519]: spamd: connection from fqhn.server.info.local [127.0.0.1] at port 39422
    Apr 26 17:18:23 fqhn spamd[8519]: config: failed to parse line, skipping, in "(no file)": use_dcc 0
    Apr 26 17:18:23 fqhn spamd[8519]: spamd: processing message <[email protected]> for aeruh_dimala [email protected]:112
    Apr 26 17:18:23 fqhn postfix/smtp[9328]: E41552C4969: to=<[email protected]>, relay=mx-apac.mail.gm0.yahoodns.net[106 .10.166.54]:25, delay=19443, delays=19440/0/3/0.2, dsn=4.7.0, status=deferred (host mx-apac.mail.gm0.yahoodns.net[106.10.166.54] sai d: 421 4.7.0 [TS01] Messages from 213.136.87.179 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yaho o.com/421-ts01.html (in reply to MAIL FROM command))
    Apr 26 17:18:23 fqhn spamd[8519]: spamd: clean message (2.0/5.0) for [email protected]:112 in 0.3 seconds, 25652 bytes.
    Apr 26 17:18:23 fqhn spamd[8519]: spamd: result: . 1 - ALL_TRUSTED,DATE_IN_PAST_03_06,DKIM_ADSP_NXDOMAIN,HTML_MESSAGE,MIME_HTML_ONLY ,URIBL_PH_SURBL,URI_GOOGLE_PROXY scantime=0.3,size=25652,[email protected],uid=112,required_score=5.0,rhost=fqhn.matrixc bs-server.info.local,raddr=127.0.0.1,rport=39422,mid=<[email protected]>,autolearn=no
    Apr 26 17:18:24 fqhn postfix/qmgr[4556]: 9D5492C5BFE: from=<[email protected]>, size=25496, nrcpt=1 (queue active)
    Apr 26 17:18:24 fqhn postfix/pickup[4555]: 000692C6000: uid=1017 from=<[email protected]>
    Apr 26 17:18:24 fqhn postfix/cleanup[9523]: 000692C6000: message-id=<[email protected]>
    Apr 26 17:18:24 fqhn spamd[10090]: spamd: connection from fqhn.server.info.local [127.0.0.1] at port 39423
    Apr 26 17:18:24 fqhn postfix/smtp[9504]: 9D5492C5BFE: to=<[email protected]>, relay=none, delay=19423, delays=19423/0/0/0, ds n=5.4.4, status=bounced (Host or domain name not found. Name service error for name=yahoo.au type=A: Host not found)
    Apr 26 17:18:24 fqhn postfix/cleanup[9932]: 032EC2C60EC: message-id=<[email protected]>
    Apr 26 17:18:24 fqhn spamd[10090]: config: failed to parse line, skipping, in "(no file)": use_dcc 0
    Apr 26 17:18:24 fqhn spamd[10090]: spamd: processing message <[email protected]> for alvinaraza@
    ---

    Hello,


    First upgrade my Debian 7.8 server and delete all domain directory (IMSCP delete customer), but my server is sending SPAM. I think hack my all Debian server and IMSCP and not only Drupal Site.
    If I stop postfix my server don't send more letter, but reboot server is restarted sending...