Disk space

Printable View

Show 40 post(s) from this thread on one page

12-17-2004, 06:21 AM
incka

Disk space

I just got this from my server:

Drive Warning: /hda2 (/usr) is 88% full

3 days ago it was 78%.

I haven't uploaded anything in that time. What the heck is the /hda2 drive anyway?
12-17-2004, 06:38 AM
Chris

Possibly the location of a log file or the mail spool.
12-17-2004, 07:32 AM
moonshield

I dont know... Logs and mail are usually kept under /var. /usr contains mostly just installed programs shared over that computer...

Which distro are you using?
12-17-2004, 08:06 AM
MarkB

Are you using a caching system which stores files, and doesn't clean itself out?
12-17-2004, 08:24 AM
AndyH

SSH into the server

cd /usr/local/apache/domlogs

rm *

"y" to every file.

Go into WHM -> Server Settings, then make the log files be deleted every time tehy are ran.
12-17-2004, 08:59 AM
incka

OK, now I need to find some technical wiz kid to do that for me for a fiver...
12-17-2004, 09:25 AM
MarkB

Or, do it yourself (he posted instructions, even!).
12-17-2004, 10:37 AM
incka

Yeah, but it sounds boring and I've turned into a technophobe recently...
12-17-2004, 11:30 AM
moonshield

a technophobe? Already?
12-17-2004, 11:53 AM
chromate

I'll do it for £5 :) pm me if you really want.
12-17-2004, 11:57 AM
MarkB

Incka, if you're running your own server without a maintenance contract on it, then you really should learn. What if the kid who'll do it for a fiver doesn't KNOW what he's doing? (Or will happily compromise your system?)

Although I'm sure chromate isn't that kid :D
12-17-2004, 12:32 PM
incka

Nah, I've got a guy from Estonia who likes Kraftwerk and has long gray hair but is only 18 to do it... And I'm not lieing...
12-18-2004, 08:15 AM
moonshield

lol, doing it yourself would save money. A penny saved is a dollar made in my books.

Yes I cook my books.. :)
12-19-2004, 05:58 AM
AndyH

It really doesn't get any easier than the directions I posted...
12-19-2004, 06:53 AM
incka

Yeah, but SSH scares me, I'm sure I could easily ruin my server using it...
12-19-2004, 09:57 AM
chromate

Have you never used DOS ? It's not that different.
12-22-2004, 05:28 AM
incka

I've used dos prompt.....

Chromate, can you still do fix the problem for a fiver?
12-22-2004, 05:31 AM
chromate

No, I'll do it for free. Wouldn't feel right charging for it. It's too easy :) PM me with the server details.
12-22-2004, 08:46 AM
incka

Infact, that Estonian guy is back now and has done it. He also updated my php at the same time, for free...
12-22-2004, 09:20 AM
MarkB

Did you ask him to?
12-22-2004, 09:36 AM
incka

Estonian guy, yeah, he was on my server upgrading all my forums for some reason, so I got him to do that at the same time.
12-22-2004, 09:58 AM
MarkB

Wow, seems like a hell of a guy... :-|
12-22-2004, 10:07 AM
The New Guy

Installing one hell of a backdoor ;)
12-22-2004, 10:17 AM
MarkB

I didn't want to say that :p
12-22-2004, 03:20 PM
incka

I wouldn't trust him unless I knew a guy who owns a forum with over 2 million posts who uses him to do all the technical stuff for it...
12-22-2004, 04:38 PM
moonshield

Speaking of upgrades... everybody has remebered to upgrade php right?
12-23-2004, 02:59 AM
incka

My server provider have emailed me about unusual ssh to my server... Think it's just the drive changing and the upgrading of php?
12-23-2004, 04:04 AM
AndyH

Quote:

Originally Posted by incka

My server provider have emailed me about unusual ssh to my server... Think it's just the drive changing and the upgrading of php?

Paste the email they sent?

Upgrading PHP via SSH prompt is not classed as "unusual SSH" so no, no I don't think it would be.

What does "drive changing" mean?
12-23-2004, 04:56 AM
MarkB

Very interesting... Perhaps they're concerned about an Estonian IP being logged for SSH access (he didn't log into SSH with root, did he? But su-ed once he was in there with a standard login?)
12-23-2004, 05:39 AM
incka

Here is support ticket:

(awood-12/22/04-20:58):
We have received reports of unauthorized SSH access attempts coming from your server at 67.19.162.98. Please investigate and address this issue immediately. I have attached report.txt to this ticket for your review, which details the unauthorized traffic.

If you need assistance in this matter, please let us know. We are happy to help.

Please update us as soon as this has been resolved, thanks!
--------------------------------------
(c20321inck-12/23/04-03:49):I'm not very technical so I don't understand from report.txt what the problem is. Could you give me a simple description of the problem. I did recently get someone to do something in shell to stop one of my drives, hda2 or something, becoming full. Perhaps that is what happend, or perhaps it was when he updated PHP.
--------------------------------------
(c20321inck-12/23/04-06:32):I contacted the guy on msn messenger and this was what he said:

PHP-5.0.3 voila says:
nope
ok
it doesn't sem to be me
those login attempts are too close for me
and i laready had the right addresses and codes yesterday
--------------------------------------
(c20321inck-12/23/04-06:32):Does this mean there is a security problem on my server?
12-23-2004, 05:41 AM
incka

Here is the first half of the report they sent me:

The remote system 98.67-19-162.reverse.theplanet.com was found to have exceeded acceptable login failures on host178.holyou.net. As such the attacking host has been banned from further accessing this system; for the integrity of your host you should investigate this event as soon as possible.

The following are event logs for exceeded login failures from 98.67-19-162.reverse.theplanet.com on service sshd (all time stamps are GMT +0800):

----

- Executed actions:

/etc/apf/apf -d 98.67-19-162.reverse.theplanet.com

- Log events from /var/log/messages:

Dec 22 20:53:59 host178 sshd(pam_unix)[11006]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:53:59 host178 sshd(pam_unix)[11008]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:00 host178 sshd(pam_unix)[11010]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:01 host178 sshd(pam_unix)[11012]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:01 host178 sshd(pam_unix)[11014]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:02 host178 sshd(pam_unix)[11016]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:02 host178 sshd(pam_unix)[11018]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:03 host178 sshd(pam_unix)[11020]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:04 host178 sshd(pam_unix)[11022]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:04 host178 sshd(pam_unix)[11024]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:04 host178 sshd(pam_unix)[11026]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:04 host178 sshd(pam_unix)[11028]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:05 host178 sshd(pam_unix)[11030]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:06 host178 sshd(pam_unix)[11032]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:06 host178 sshd(pam_unix)[11034]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:07 host178 sshd(pam_unix)[11036]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:07 host178 sshd(pam_unix)[11038]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:08 host178 sshd(pam_unix)[11040]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:08 host178 sshd(pam_unix)[11042]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:09 host178 sshd(pam_unix)[11044]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:09 host178 sshd(pam_unix)[11046]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:09 host178 sshd(pam_unix)[11048]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:10 host178 sshd(pam_unix)[11051]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:11 host178 sshd(pam_unix)[11054]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:11 host178 sshd(pam_unix)[11056]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:12 host178 sshd(pam_unix)[11059]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:12 host178 sshd(pam_unix)[11061]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:12 host178 sshd(pam_unix)[11067]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:13 host178 sshd(pam_unix)[11070]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:13 host178 sshd(pam_unix)[11076]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:14 host178 sshd(pam_unix)[11078]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:14 host178 sshd(pam_unix)[11080]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:15 host178 sshd(pam_unix)[11090]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:16 host178 sshd(pam_unix)[11092]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:16 host178 sshd(pam_unix)[11094]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:17 host178 sshd(pam_unix)[11096]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:17 host178 sshd(pam_unix)[11098]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:17 host178 sshd(pam_unix)[11103]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:18 host178 sshd(pam_unix)[11105]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:18 host178 sshd(pam_unix)[11107]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:19 host178 sshd(pam_unix)[11109]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:19 host178 sshd(pam_unix)[11111]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:20 host178 sshd(pam_unix)[11114]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:21 host178 sshd(pam_unix)[11116]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:21 host178 sshd(pam_unix)[11118]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:21 host178 sshd(pam_unix)[11120]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:22 host178 sshd(pam_unix)[11122]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:22 host178 sshd(pam_unix)[11125]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:23 host178 sshd(pam_unix)[11128]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:23 host178 sshd(pam_unix)[11130]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:24 host178 sshd(pam_unix)[11132]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:24 host178 sshd(pam_unix)[11134]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:25 host178 sshd(pam_unix)[11136]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:26 host178 sshd(pam_unix)[11138]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:26 host178 sshd(pam_unix)[11140]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com

Dec 22 20:54:26 host178 sshd(pam_unix)[11143]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=98.67-19-162.reverse.theplanet.com
12-23-2004, 05:56 AM
MarkB

What did report.txt say?
12-23-2004, 05:58 AM
incka

thats what i posted above.
12-23-2004, 05:58 AM
incka

That's a hacker script trying to guess the password isn't it...
12-23-2004, 06:37 AM
r2d2

With several attempts per second, that would seem to be a likely candidate...
12-23-2004, 07:11 AM
MarkB

Sorry, didn't see the thread had gone to another page.

Definitely summat fishy there. My guess is someone's using another server to try and use brutal force methods to get into other servers. (I get at least 1 brutal force attack on my server a day; my firewall just boots the connection and blocks the IP)
12-23-2004, 08:26 AM
incka

Stupid hackers, why can't they learn to make websites for profit instead of ruining them for fun, or if they hack websites, make hacking gangs that only hack other hacking gangs websites..
12-23-2004, 08:44 AM
MarkB

Put some security systems in place on your server and you needn't worry (as much).
12-23-2004, 10:27 AM
moonshield

thats unfortunate, same with your htmlforums.
12-23-2004, 10:28 AM
moonshield

my ssh boots people off after 2 missed passwords... Interesting that your didnt

Show 40 post(s) from this thread on one page