Ubuntu Servers :: Determining The Source Of Outgoing Requests To Suspicious IP Addresses

Oct 26, 2010

My Firestarter logs show periodic outgoing connection attempts to IP addresses in countries such as Malaysia, China, Russian Federation etc... Fortunately, Firestarter appears to be blocking them. I suspect these are not good and want to find out exactly what process is initiating these outgoing connections.

View 6 Replies


ADVERTISEMENT

Security :: Suspicious Requests In Haproxy Log From Multiple Sources To The Same Target - Block?

Apr 12, 2011

I have suspicious requests in my haproxy logs from multiple sources to the same target. I could deny them in /etc/hosts.deny, but there are too many to keep track of. Is there a way to deny all requests to a specific target either in haproxy or through iptables?

Here's an example of the request: Apr 12 15:11:37 127.0.0.1 haproxy[28672]: 41.105.42.150:27072 [12/Apr/2011:15:11:37.315] web_servers frontend_farm/######## 3/0/1/1/169 404 1073 - - --NI 3/3/2/1/0 0/0 "GET /images/comment_icon.gif HTTP/1.1"

I've commented out my amazon instance id for security purposes. The request is for comment_icon.gif which does not exist. All requests go to that. The source IPs are from different countries as well. Blocking a certain country won't work either. Basically, if there was a way to send all requests for comment_icon.gif to /dev/null or something it would work.

View 2 Replies View Related

General :: Windows - Selecting Which IP Address To Use For Outgoing Requests From Behind A NAT

Mar 12, 2010

Our organization has several external IP addresses. I am behind 2 layers of NAT and the servers choose which IP address to route my traffic to. Can I specify which IP address to use when finally leaving the organizations network. I know that source routing can be done in IPv4 by adding some options in the header. But can I configure my PC to add these options automatically. I have both a Windows and a Linux Machine.

View 1 Replies View Related

Debian :: Hidden Source List Addresses

Nov 27, 2015

Note the contents of my /etc/apt/sources.list. Only problem is when I run apt-get update there asome 'wheezy' update sources that I must have put it by accident. Where would they be coming from and how do I delete them?

Code: Select all#

# deb cdrom:[Debian GNU/Linux 8.2.0 _Jessie_ - Official amd64 NETINST Binary-1 20150906-11$
#deb cdrom:[Debian GNU/Linux 8.2.0 _Jessie_ - Official amd64 NETINST Binary-1 20150906-11:$

deb http://ftp.au.debian.org/debian/ jessie main
deb-src http://ftp.au.debian.org/debian/ jessie main

[Code] ....

View 6 Replies View Related

Ubuntu Servers :: Apache2 : Forward All Requests To Directory ?

Feb 9, 2010

i have a web site and i need to forward all requests to the same page. Basically i would like to show a maintenance page while we are working with our database behind the application and in the meantime i would like to redirect all url in the root directory as following :

http:[url].....

http:[url]....

i tried to perform the action using mod_rewrite in this manner :

Code:
RewriteEngine On
RewriteRule . http://www.mysite.com [L][code].....

The webpage at http:[url]....has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

View 2 Replies View Related

Ubuntu Servers :: Redirect All Outgoing Emails?

May 10, 2010

Here's what I'm trying to do to complete my rocking development server.

I would like all outgoing email on my Ubuntu server to be redirected to one email address (internal or external). I don't have any mail server installed yet (I'll probably use postfix unless you have another suggestion).

The reason I would like this to work is because I'm a web developer working on multiple projects. When I start working on a new project I would like to be able to test some of the forms and features in the web application (PHP) without having emails sent to the email address configured in the application. I can always change configurations but having my development server forward the emails would save me lots of trouble.

Example:
If one of my php application sends an email to: user1@domain.com, user3@domain4.com... I would like all of them to forward to myemail@domain.com

View 3 Replies View Related

Ubuntu Servers :: Outgoing Mail ALWAYS Flagged As Spam

Mar 2, 2010

I've got a web server that's hosting a few sites, and there are a few WordPress instances with these sites. With Wordpress, whenever a user registers with the site, they receive an email.With my server, it sends mail via Sendmail. This is all fine and good, except no matter what, it's flagged as spam. Is there any way to correct this?Keep in mind that this isn't a mail server, and the only reason the server ever sends mail is for new wordpress users and password resets.

View 8 Replies View Related

Ubuntu Servers :: Server Can't Make Outgoing Connections

Jul 17, 2011

I have a ubuntu 10.04 dedicated server that I am having problems with. It intermittently cannot connect to any other servers outside its network.

Code:

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7008ms

(I have tried a bunch of other ips too and none outside its network are pingable) I'm not sure if this is a problem with my server or a problem with the networking outside the server. I have been emailing my server provider and they keep on insisting the problem is with the server and that their network is working fine. Apparently all of their other servers work and they can login into the gateway and ping 8.8.8.8 from there. So they just want to reinstall the OS, but I thought I'd post here to see if anyone has any ideas.

Here is some info I have gained while troubleshooting: I haven't changed any settings at all on the server for months. I haven't done any updates for about a week. The strangest thing is that this is intermittent, there have been a few times in the last 24 hours where I have been able to ping 8.8.8.8 or other ips, but 98% of the time I can't. I have also tried rebooting the server, which had no effect. I can ping the gateway, and I can ping other servers on the same subnet. I can ssh onto the server from my home internet connection, and I can view webpages on apache, so incoming connections work.

View 1 Replies View Related

Ubuntu Servers :: Actual IP Not Logged When Requests Come Forwarded By Reverse Proxy

Feb 18, 2011

the apche2.conf and vhost file I gave the link are the machine on LAN when site is actually hosted.When some one from internet access the site then I expect a log of IP in access.log instead of which I see the IP of machine which is working as Reverse Proxy server for all such requests.What mistake did I do above.

View 4 Replies View Related

Ubuntu Servers :: SMTP Outgoing Times Out After U-Verse Install

Feb 7, 2011

I changed over to U-Verse which means I have a new router, gateway and IPs. Took some doing but everything is working on my server with one exception.Outgoing SMTP mail.I get CONNECTION TIMEOUT when ever something from inside my network tries to hit an SMTP server outside.Any computer within my network does a Telnet (hostname or IP) 25 and I get a time out.Port 25 is open on the router.

View 3 Replies View Related

Fedora Servers :: Setting Up An Outgoing Mail Using 587?

Oct 25, 2009

I have a small home network running mail agents Evolution and Thunderbird, and connected to the internet via Comcast. Originally I used my campus office computer as a mail server, but encountered problmes because Comcast started blocking port 25, allegedly because of span problems. I need to change the setup on my campus office computer so it uses port 587 when functioning as an outgoing mail server.

Can anyone recommend a tutorial which tells me everything to do in order to accomplish that?

At present I'm, using Comcast's outgoing mail server, but I started having problems with sporadic blokage of outgoing mail with attachments, which Comast can't explain.

View 7 Replies View Related

Fedora Servers :: Can't Send My Outgoing Mail Using Port 587 / Why Is So?

Dec 10, 2009

I have installed a sendmail server on fedora 10
I try to configure my sendmail server as a mail server to send outgoing email using port 587( because port 25 is blocked). after finishing configuring my sendmail server, i checked out my sendmail server using telnet localhost 587, and it worked fine as below code...

I have tried two different ways for user name: name, or name@mail.mydomian.com, but not working at all, the two results are the same.
PS: I have test port 587 and can use port 587 and Kmail to send outgoing mail using other external relay server

is my wrong configuration for sendmail server or kmail?

View 9 Replies View Related

Fedora Servers :: No Outgoing Mail - Service Unavailable

Aug 2, 2011

I am facing a problem with Linux fedora 9 mail server. I cant send any mails outside, since in log I found that
dsn= 5.0.0, stat = service unavailable

View 1 Replies View Related

Fedora :: Configure Incomming/outgoing Servers For Email/Thunderbird?

Nov 2, 2009

Basically i have no idea to provide proper information in the setup wizerd.

View 4 Replies View Related

Ubuntu Servers :: Can't Access A Few Addresses?

May 28, 2010

I am having an issue on my server where I can't access certain ip's erratically. These addresses could previously connect to us.I think it may be related to getting rootkitted. I know the risks in not reinstalling but we are not able to install yet at this point. I cleaned out shv4 and shv5 from the os and setup tripwire. The client can't ping the server and likewise back.From my personal computer they both respond to pings.The server is running denyhosts but that is about it in-terms of security.I can't find anyhting anywhere... No ipchains present, nothing in host.deny, subnet is 255.255.255.0.I'm really at a loss so I'm looking for some direction

I know someone is going to tell me that I have to assume all my files are compromised and i should reinstall; I did md5 checks on alot of files and there is no data on here that shouldnt get out and I check for stuff running that shouldn't be daily.The server is 10.04 server. Latest updates.Here is a list of installed packages

Code:
adduserinstall
anacroninstall

[code]...

View 4 Replies View Related

Ubuntu Security :: What IP Addresses To Be Used For Update Servers

Mar 22, 2010

Does anyone know the ubuntu update servers IP addresses. I am trying to fine tune my firewall rules and was unsure of what ip addresses to use for the update servers. I believe they are us.archive.ubuntu.com and security.ubuntu.com. However, I could be wrong.

View 3 Replies View Related

Ubuntu Networking :: How To Determine Addresses Of Servers Connected To In XP

Apr 5, 2010

I'm running a dual boot system at work. I'm connected to a few shared drives in XP, and would also like to connect to them while using Ubuntu.How do I determine the addresses of the servers I'm connected (mapped) to in XP?

View 2 Replies View Related

Ubuntu Servers :: Tracking Domain Names And Addresses?

Aug 5, 2010

I'm using Ubuntu 10.4 box with Apache2 web server. I have a site with several Domain Names. How do I set up tracking?

View 1 Replies View Related

Ubuntu Servers :: Display The Addresses That Have Been Issued By My Dhcp3?

Jan 1, 2011

I want to display the associated host name with each address.

I've found the /var/lib/dhcp3/dhcpd.leases file, but it appears to have an entry for every time a lease was issued so it's hard to tell which ones are currently active.

View 3 Replies View Related

Networking :: How To Determine Ip-addresses Of ISP's DNS Name Servers?

Dec 7, 2008

I am looking for a command which, when typed from the command line, returns the ip-addresses of the DNS nameservers that my ISP is using.I think is should be technically possible to write a program that does this, because linux installers set up /etc/resolv.conf correctly (as does knoppix). But I've been unable to find a command that does it. Is there one, and if so, what is it called?

View 14 Replies View Related

Ubuntu Servers :: Change Web Addresses Of Apache For Backup System?

Dec 12, 2010

I have tried several places for help but I am getting no where...Here is my background.I have spent all weekend to replicate my development server back at home. I have an Apache remote server with 3 IP based virtual hosts pointing to

[URL]

Now I have been able to set up a VM on my desktop, installed the OS, the applications, the db server, apache etc. Everything is looking good so far. So right now I have,

[URL]

So when I go to 192.168.0.111, I go to [URL] so I guess apache is working aswell.What I want to do is, instead of going to [URL] I want to change it to another address such as a.me.add1How can I do this? I am looking through the virtual hosts section, I have changed server name entry etc but its not working.Can you tell me in big picture what I would need to do to set that up? My current set up doesnt really help me much once the site get the www address.tell me if Document Root of IP address 192.168.0.111 points to [URL] will it always resolve into that webaddress. That is if I enter 192.168.0.111 the browser will redirect it to [URL].

View 3 Replies View Related

Ubuntu Servers :: Setup An Outbound SMTP Mail Server With & Using Multiple IP Addresses

Mar 15, 2010

This is the current setup that we have: We have approx 20 clients who pay us to send out a type of e-mail called an E-Blast to their customers. We currently are using 5 Microsoft Windows Virtual Servers to do this. The problem is that those machines are starting to break down. There are times that it will take Microsoft Windows approx 9-10 hours to complete 1 job. This is way too long. We want to move away from Microsoft Windows for this particular type of job as it seems there are more customers who are wanting to use this type of advertising.

It seems that using a Linux Server "Command Line or Shell" environment would be the best way to go as there is no GUI like Windows. Since there is just text...that is something that would/should process very, very quickly.

I am in the process of setting up a new SMTP outbound mail server. This is the current software & configuration (what is installed on this new machine):

All of the customer data (Names, E-Mail Addresses, etc that these e-mails are going to) are currently loaded in a Microsoft SQL Database.

My machine that I am using is plugged into the DMZ. I have 1 ip address for the 1 network card. I have also added/bound 4 more ip addresses to that network card.

I have configured Postfix for Multiple IP Addresses.

I can, from the command line, send successful test e-mails and receive them in my personal account.

As far as I know everything is setup correctly. I can and will post requested information so that it can be verified that everything is setup correctly.

Here are a couple of my questions:

Ensure that I have my Network / Interfaces file and my Postfix's Master.cf/Main.cf files setup correctly?

How can I setup this server to be an Outbound SMTP server and get it to use all 5 of the IP Addresses to send these e-mails quickly?

What can I use to check and ensure that this server is in fact sending out emails on all 5 IP

Addresses (I heard that there is a program named "Postal" that may help in determing this).

View 3 Replies View Related

Programming :: Faking IP Addresses To Test Servers On Internal Network

Jun 9, 2009

I'm in the process of setting up a script in perl to make 1,000's of curl calls to my companies application on our test server. Our software does all sorts of tracking of data based on IP addresses using geoIP, so i was wondering if anyone knew of a way to fake these addresses to the server?I know a big issue with the IP faking is the return path but i dont really need this. I also cant do it on the hardware level since the script is going to be picking lots of different IP's at random.Anyone have any idea if this is possible and if so, are there any known libraries i can use for this? I prefer perl but any Linux compatiblie scripting language is fine.

View 1 Replies View Related

CentOS 5 Networking :: Multiple Static ISP IP Addresses / Servers Configuration

Mar 31, 2011

I have a CentOS5 server with dual ethernet adapters + Webmin installed as my Router / Firewall / DHCP server working successfully with 1 static IP from my ISP. I also have 7 additional static IP addresses from my ISP needing to configure to individual servers inside my network. I have configured the additional virtual interfaces, but am lost on how to route data specifically from additional ISP address to specific internal network address.

Below is my desired configuration.
98.173.159.xx1 = eth0 physical interface ==> eth1 192.168.1.1
98.173.159.xx2 = eth0:1 virtual interface ==> 192.168.1.10 ==> CentOS Server 2
98.173.159.xx3 = eth0:2 virtual interface ==> 192.168.1.20 ==> CentOS Server 3
98.173.159.xx4 = eth0:3 virtual interface ==> 192.168.1.30 ==> CentOS Server 4
98.173.159.xx5 = eth0:4 virtual interface ==> 192.168.1.40 ==> Mac OS X Server 1
98.173.159.xx6 = eth0:5 virtual interface ==> 192.168.1.50 ==> Mac OS X Server 1
98.173.159.xx7 = eth0:6 virtual interface ==> 192.168.1.60 ==> Network Attached Storage Server 1
98.173.159.xx8 = eth0:7 virtual interface ==> 192.168.1.70 ==> Windows 2008 Server 1

View 2 Replies View Related

Ubuntu Security :: Rkhunter Suspicious Files And Folders?

Apr 1, 2010

I have been running rkhunter but how do i view the /var/log/rkhunter.log? I have tried using: sudo /var/log/rkhunter.log but all i got was "Command not found?

View 6 Replies View Related

Ubuntu Security :: Anitivirus Blocked The Suspicious Web Pages While Browsing

Dec 8, 2010

I come to Ubuntu with the notion that it is much more secure than Windows. In XP I had an anti-virus, third-party firewall and sundry softwares against spybots, rootkits etc. The anitivirus blocked the suspicious web pages while browsing. I generally avoided public networks, carrying a portable internet device Do I need similar stuff with Ubuntu.

View 9 Replies View Related

General :: Security - Running Suspicious X Programs In GNU?

Mar 18, 2010

What the most harmful thing can malware program started as separate limited user account do if it has access to the X server? Network and filesystem things are already considered by chroot and netfilter.

It obviously can lock the screen and I will need to switch to other vt and kill it manually. Can it for example disrupt other GUI programs on the same X server (access a root terminal in nearby window)?

I know that it is safer to run it in separate X server, for example, in Xtightvnc or even some virtual machine, but how dangerous is to just run it like other programs?

View 3 Replies View Related

Security :: Rkhunter Found Suspicious Files?

Aug 10, 2010

I got this warning in the log of rkhunter:Quote:

Checking /dev for suspicious file types [ Warning ]
[13:37:16] Warning: Suspicious file types found in /dev:
[13:37:16] /dev/shm/pulse-shm-43136623: data

[code]....

View 2 Replies View Related

Ubuntu Security :: Ran A Chkrootkit Scan And Found - Suspicious Files And Directories ?

Aug 1, 2010

I ran a chkrootkit scan and found this: The following suspicious files and directories were found: /usr/lib/pymodules/python2.6/.path /usr/lib/xulrunner-1.9.2.8/.autoreg /usr/lib/firefox 3.6.8/.autoreg /usr/lib/jvm/.java-6-openjdk.jinfo

How do I get rid of this suspicious file?

View 4 Replies View Related

Security :: Trace Route From Home Showing Suspicious Hop Just Outside LAN?

Mar 15, 2011

I know this post isn't strictly linux based, but since the system in question appears to be using Linux and I am as well I decided to post this here. In doing other network playing with Ubuntu Sever 10.10 I noticed that on all traceroutes I did to any IP the second hop from my house jumped through a connection on IP 24.96.153.61 which I think should only be another dynamic IP Knology.net customer...

In scanning the IP I now know that its a Juniper Junos Router 9.2R1.10 (Probably running on some VMware based on googling?) Open ports show: 22 ssh openSSH 4.4 v. 1.99 23 telnet Openwall GNU/*/Linux telnetd

At first I thought this was just a legit Knology.net DNS server or something, but using such outdated versions and freeware... I feel suspiciously like this is something else. Also, why in the world would knology allow remote access to their mainframe equipment? Seems that if it were ever breached it would be beyond terrible for the ISP...

Finally, why can't people not SSH into my box from the outside if I have MAC address filtering on? Anyone know anything about this or am I just being paranoid? I'm a noob, so knowing too little about all this is probably more the problem?

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved