Security Archives - Sys Admin Guides, How To's, etc by Marios Maravelias

ERROR: Can’t create temporary directory /var/clamav/clamav

Apr

19

2013

the good old clamav gave me the above error on daemon starting: [root@~]# service clamd start Starting Clam AntiVirus Daemon: LibClamAV Warning: ************************************************** LibClamAV Warning: *** The virus database is older than 7 days! *** LibClamAV Warning: *** Please update it as soon as possible. *** LibClamAV Warning: ************************************************** [ OK ] not updated ? ...

Rkhunter and plesk xinetd services 1

Apr

17

2013

When you see these in the report of rkhunter in a plesk server: Warning: Found enabled xinetd service: /etc/xinetd.d/ftp_psa Warning: Found enabled xinetd service: /etc/xinetd.d/poppassd_psa Warning: Found enabled xinetd service: /etc/xinetd.d/smtp_psa Warning: Found enabled xinetd service: /etc/xinetd.d/smtps_psa Warning: Found enabled xinetd service: /etc/xinetd.d/submission_psa

Mambo mosConfig_absolute_path exploit & solution

Dec

16

2009

I know that not lots of people use mambo these days, and most of them upgraded to joomla 1.5 but in case you happen to have one hosted in your server, there is a known vulnerability , hack scripts using the mosConfig_absolute_path variable to load malicious code from other webhosts ,and that gives them the ...

/tmp & /var/tmp noexec hardening without reboot

Nov

28

2009

After discovering scripts running in my /tmp folder (in CentOS 5.x) I had to harden the directory. The faster way to harden your /tmp and /var/tmp without rebooting is the following: In your /dev directory create an empty 2,5 GB file (best for web hosting servers with many websites). # cd /dev # dd if=/dev/zero ...

xinetd[#]: Deactivating service smtp due to excessive incoming connections. Restarting in 30 seconds.

Nov

15

2007

This happened to a Plesk 8.x Linux (RH) server, the problem was that smtp service was up and running, and the queue was very light , but smtp wouldn’t accept any connections at port 25 even from localhost. In the /var/log/messages I saw this disturbing message: xinetd[#]: Deactivating service smtp due to excessive incoming connections. ...

How to check if some one is spamming from my server (Linux Plesk 8.x)

Nov

13

2007

If you see a lot of smtp connections or your server gets constantly in spam black lists, maybe you should check if some bot spams through your server. The are 2 cases of spamming through a box: 1)using unsecure php forms that bots abuse 2)using smtp connection from an outside client this artice is about ...