I have recently set up a new site, and I find recently the host is not quite responding to request when I ssh to the host or just hit my site's url. I think I could be under some kind of DoS attack, because I do not think google's crawling can cause that problem. Is there any way I can figure out who is doing that? I am not quite expert for apache, and I just barely know how to install it.
Also, how can I block particular ip from the server.
I don't know what to do, I know how to block and delete pretty much every other type of abuse. I run a server with 500+ shared hosting clients and reseller clients and it was just blocked because of email spam. I can keep on top of all other abuse (people trying to do dos attacks etc) but the one thing I can't get my head around is email spamming. how to stop people spamming emails from my server?
i was tasked to setup a proxy server to block access to some websites. i'm using centOS 5 and Squid 7:2.6 STABLE21-6.e15...i appended the following and tested the configuration with the supposed server i am using and the it does seem to work but now i'm wondering how i can test it with a client computer..i have 2 LAN cards and i just connected the other to one PC (can a direct connection work or does it need to pass thru a switch or hub)...i just can't figure out how it should be... how do i configure the 2nd LAN card to use this computer as its proxy server?
I have installed proxy server on ubuntu.I have done every process which is needed to establish proxy server.internet is also working fine through proxy but the sites which needs to be blocked it is not blocking.it is opening.I have made entry of sites which i needed to be blocked in block_dstdomain file in proxy
Is it possible to block a server completely from any connectivity to my Ubuntu system so that not even Google Search will detect files from that server?[URL]This is because of a nightmare issue I have been having with the Firefox Addon "DownThemAll!" which, I won't go further into.
As we know that squid has ability to allow/deny in TIME base.but i want to know that How to Block(deny) perticuler website in certain times of the day in particuler IP or IP Block suppose i want to block(deny) xyz.com website at every day at 10:00 to 13:00 time in 192.168.81.0/24 ip block.
who manage Postfix servers, what do you recommend is the best way to refuse all incoming and outgoing mail to specific domains? I want a blacklist of domains such as:
- AOL - Yahoo - MSN - Hotmail - Gmail
Is there a proper way I can tell Postfix to please deny sending and receiving SMTP traffic to and from those specific domains I specify? I see no need in my corp. mail server has to communicate in any way to those. I allow access to all those accounts via port 80/443 so they can just login to the web and send non business related junk this way.
Ok so, buddy of mine has his ssh server setup and upon checking his logs he sees a ton of failed attempts. Now obviously these are people that are scanning him and trying to brute force him. So is there a way to block them? We know you can block each IP but is there a way to block ALL connections except for certain ones, such as his and mine? Maybe a couple others.
now I have managed my rsyslogd to log the firewall into a separate file I would like to use a script which looks into this file for intruders which for example try to ping, telnet, ssh, rdp etc into my dsl connection.And then use a kind of app or firewall on my ubuntu server to block them.Yes my firewall logs them but does not block them if the policy is enabled, so they have access on through the firewall and the connect to my server but I only want some known IP addresses have access through it and this I cannot program in the firewall so I have to use some extras.Or am I thinking way to far and is there a better solution with IPtables or app?Is it possible to watch tcp connections between the firewall from outside IP addresses and the ubuntu server?
Short version:I began getting "out of space" errors on my soho server this week. I know I only had about 300Gi of data on the 640Gi drive. I can't find what's using the extra space. As the attached screenshots show, "sudo xdiskusage" finds a block of 223.7Gi with "permission denied" but sudo Disk Usage Analyzer doesn't see it. What is using the space, and how do I reclaim it?
Long Version:I first tried to figure something out using SSH and the df and du commands, but my command line knowledge is weak. I tried to log onto Gnome to use its console but kept getting booted back to the GUI login. After deleting some old files using Webmin, I finally was able to log into Gnome and use some GUI utilities. As you can see from the screenshots, "sudo xdiskusage" finds a block of 223.7Gi with "permission denied" but sudo Disk Usage Analyzer doesn't see it. The system behaves as if that block is real denying me use of that space.
I suspected the manner in which I've mounted the second HD for use as backup storage only might be the problem, but really have no clue how to confirm that. The system returns the same numbers regardless of whether the second drive is mounted or not.
I've attached the dmesg results in a text file
Computer Details Ubuntu 10.10 4Gi RAM 1 640Gi HD mounted as / 1 640Gi HD mounted as /backup (used only by Simple Backup) Running Server Apps: Samba, Apache, SSH, mySQL, webmin
I want to block a domain name in sendmail server. I added the domain name and "REJECT"in /etc/mail/access file. What has to be done for the changes to take effect? when i run make command in /etc/mail dir i get following error : make: Nothing to be done for `all'.
my workplace is switching from Oracle app server to Tomcat. I've never been a sysad, and never administered an app server. So that part is going to be completely new to me.ortunately, I don't have to be the primary on this - but my manager is encouraging me to learn the setup and how to do the job.So, my situation is that my test "server" is a P2 with 256MB of RAM. I know I'm not going to get screaming performance out of it, but all I really need it to do is run my web server and file server to support my Tomcat install on a separate box (P3, 2.8GHz, dual-core with a gig of RAM).
I'm not really a n00b to Linux, so building the system isn't a stumbling block. Which distro, and which version of that distro, is a stumbling block. I know ubuntu is easy to set up, and very popular. If I went that way, should I get the desktop version? Or the server version? I *want* the GUI, but don't require it. And I'm not real certain what they're referring to (hw or sw) when they call it "desktop" or "server".I'm not looking for a challenge to broaden my horizons in terms of my Linux knowledge - I just want something I can set up quickly so I can get on with learning what I need to about the server installation, configuration and administration.
I am running a spam filter on debian lenny 5.1 with postfix, amavis-new, spamassassin, and clamav. It works pretty well but I would like to finish tweaking it to minimize the mail getting quarantined. It really isn't quarantining anything that isn't spam, except for an occasional list mailer. However, the quarantine is huge, and takes a while to go through. I noticed that much of the spam is coming from foreign country tld's like .cz is there anyway to have postfix run a check on the header and if the email, or smtp origination is from a server from a foreign tld have it just rejected. I can whitelist anything if need be in the future but as of now we don't do any business overseas and don't need to worry about blocking legit email.
I think this should be possible, however, I am unsure of the syntax for the file, where to put it and if wildcards are possible in domain blocking like
I want to block some ip address that are attacking my server and making my ssh port busy. On searching the google, I found
Code: iptables -A INPUT -s ip_address -j DROP
I will add this rule in iptables. My questions are: 1) do I have to do
Code: chkconfig iptables on
so that it load the iptables at boot. I am wondering why do I need this because iptables is already modified and it loads the iptables at boot time if firewall is enabled.
2) When we add the above rule, which file is modified? Another way, where are this rules stored? It is not in /etc/sysconfig/iptables and /etc/sysconfig/iptables_config.
Installed Ubuntu Server 10.10, included Apache, PHP, and OpenSSH. Apache is up and serving pages, I can connect using PuTTY no problem. Server responds to a pingHowever, attempting to use ping or traceroute from the server results in a Destination Unreachable. Happens even for other 192.168.1.10x boxes on the local network
securing VNC connections by tunneling the connection over SSH. However, from the server perspective it will still allow an unsecured connections and you're relying on the client to setup up the SSH tunneling. Is there a way to configure the Linux server to now allow connection over an unsecured channel?
I run my own home server using OpenSuse 11.1, everything is setup using apache, php, etc etc, and it all works perfect, but now I need to use my own email server for the use of Dolphin social networking software, so that when someone registers, the email server sends out registration confirmation emails, so I set up postfix, yeah right!!!, even though I followed all instructions to set postfix as a closed relay, a test done at mxtoolbox site still said it was an open relay, but while I was trying to set up postfix, my access to the server slowed down, and my servers drive light was constantly active,,, so when I look at the mail queue, I saw 4000+ emails, all from japan, (hinen.net), so I promptly shut down postfix and use postsuper -d ALL in the command console to delete the queue, but no matter how I try, I couldn't configure postfix as a closed relay,,, so I uninstalled it and installed sendmail, and using webmin, I could use a spam list and block the domain, now, sendmail's test at mxtools show as a closed relay, I can't even send out a test email using smtp auth, but disabling auth, I can, but now my IP is blocked at spam cop, and spamhaus,,, gmail server say my IP is not authorized to send to their servers, but to use my ISP relay instead,,, but my ISP doesn't have a relay,,hence the need to run my own email server.
My home server uses double layer firewall, a hardware firewall between the internet and the server, and a software firewall on the server, and I only allow the ports I need, IE, 80 = http, 443 = https, 20/21 = ftp, 25 = smtp, 110 = pop3. and that's all, but any other internal access from my workstation to the server, using ssh, I only open the ports on the server firewall. If someone here has a great deal of knowledge on sendmail, and can set up a an M4 (linux.mc) config file for me, it would be much appreciated. What I would like my email server to do, is to only allow the sending of emails from inside it's own server system,, ie, when a php script sends an email to the server, then the email server would let it through, but anything else, outside the local network is ignored.
My Problem is: I want to stop gmail access without blocking https. Yes in my squid proxy normal [URL].. is not accessible. But gmail recently started https service by which user can still get access to gmail. I DONT WANT TO STOP https CAUSE ITS BEING USING BY OTHER PROGRAMS.
My company recently started bouncing all .Gifs back to our linux server. Is there a way on my end that i can block this from happening so it stops taking up space?
i am using centos 5.4, running squid for proxy, i want to block email sending and receiving of proxy users to secure my data. how is it possible that the proxy user can only brows websites but he can not receive or open and send or save as draft to mail box.
I want to keet some data on windows dir. I have tried the below command and giving the below error. [root@xyz0044 ~]# mount -t cifs //10.48.64.52/jata -o username=domainv.kumar3,password=xxxx /mnt/backup mount: block device //10.48.64.52/jata is write-protected, mounting read-only mount: cannot mount block device //10.48.64.52/jata read-only
I have set up a couple of postfix servers for my domains, but the only thing I am missing now is this: How to block the public sending mail from my email to my email? I have managed it with SPF, but surely there must be a better way, that returns "relay not allowed" to the client. The SPF method costs too much, since it must make a dns request for each mail. So far, I have not gotten many of these mails, unless when testing my mailserver, but as I see it, anyone should not be allowed to send mail from abuse@mydomain.com to abuse@mydomain.com.
Somebody must have thought about this a long time ago, and there is simply that little line in main.conf that I'm missing.. My setup is this (virtual): I have a primary mx, with postfix, courier IMAP/POP3 server, a user database, and sasl via saslauthd. I also have a secondary mail server (backup mx) with no sasl auth, but with a copy of the mail users in the virtual tables, but added as relay_* users instead.
Spamassassin and SPF testing is replicated too, so most of the stuff should work, but I simply cannot find a setting in Postfix that denies someone to mail FROM my address TO my address. When mailing from my address and out in the open, they are required to authenticate, but not when using one of my my domain addresses, and also targeting my domain addresses.
As said, It is possible with a strict SPF setting, but that is at a cost for every lookup. It would be quicker for postfix to lookup the sender and the recipient in the relay/virtual tables, and deny if both addresses were in the recipient tables, and sender is not authenticated.
