Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - cloud

Pages: [1] 2
1
Postfix / URGENT PLEASE HELP *UID Tracking* 6 blocks for UID 89 (postfix)
« on: November 23, 2023, 01:37:31 PM »
My server is under attack, I have tried many ways to block other attempts but I don't know how to block this *UID Tracking* 6 blocks for UID 89 (postfix) the fld.log didn't have much details. But in the email alert i found the attempt to postfix are from some IP range below is the details if some one can help how to block this will be helpfull,  As incoming and outgoing emails are totally stuck now.

Email Log message :
Code: [Select]
Sample of port hits:
Nov 23 19:02:38 cbwh kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=173.249.41.250 DST=64.233.166.27 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63421 DF PROTO=TCP SPT=55748 DPT=25 WINDOW=29200 RES=0x00 SYN URGP=0 UID=89 GID=89
Nov 23 19:02:41 cbwh kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=173.249.41.250 DST=64.233.166.27 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=39843 DF PROTO=TCP SPT=55732 DPT=25 WINDOW=29200 RES=0x00 SYN URGP=0 UID=89 GID=89
Nov 23 19:02:45 cbwh kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=173.249.41.250 DST=64.233.166.27 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63424 DF PROTO=TCP SPT=55748 DPT=25 WINDOW=29200 RES=0x00 SYN URGP=0 UID=89 GID=89
Nov 23 19:02:49 cbwh kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=173.249.41.250 DST=64.233.166.27 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=39844 DF PROTO=TCP SPT=55732 DPT=25 WINDOW=29200 RES=0x00 SYN URGP=0 UID=89 GID=89
Nov 23 19:02:49 cbwh kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=173.249.41.250 DST=64.233.166.27 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1159 DF PROTO=TCP SPT=55734 DPT=25 WINDOW=29200 RES=0x00 SYN URGP=0 UID=89 GID=89
Nov 23 19:02:53 cbwh kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=173.249.41.250 DST=64.233.166.27 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63425 DF PROTO=TCP SPT=55748 DPT=25 WINDOW=29200 RES=0x00 SYN URGP=0 UID=89 GID=89

1. on the same time of UID Tracking this log are also coming some time
Code: [Select]
Nov 23 18:15:17 cbwh lfd[21967]: (WPLOGIN) WP Login Attack 62.149.0.23 (UA/Ukraine/0-23.mcom2.cc.colocall.com): 10 in the last 3600 secs - *Blocked in csf* [LF_CUSTOMTRIGGER]
2
Code: [Select]
Nov 23 18:00:14 cbwh lfd[19670]: *UID Tracking* 6 blocks for UID 89 (postfix)
Nov 23 18:00:29 cbwh lfd[19704]: *UID Tracking* 6 blocks for UID 89 (postfix)
Nov 23 18:00:39 cbwh lfd[19722]: *UID Tracking* 6 blocks for UID 89 (postfix)
Nov 23 18:00:54 cbwh lfd[19764]: *UID Tracking* 6 blocks for UID 89 (postfix)
Nov 23 18:01:09 cbwh lfd[19819]: *UID Tracking* 6 blocks for UID 89 (postfix)
Nov 23 18:02:04 cbwh lfd[20005]: *UID Tracking* 6 blocks for UID 89 (postfix)
Nov 23 18:02:34 cbwh lfd[20116]: *UID Tracking* 6 blocks for UID 89 (postfix)
Nov 23 18:03:09 cbwh lfd[20216]: *UID Tracking* 6 blocks for UID 89 (postfix)
Nov 23 18:04:45 cbwh lfd[20401]: *UID Tracking* 6 blocks for UID 89 (postfix)
Nov 23 18:05:30 cbwh lfd[20574]: *UID Tracking* 6 blocks for UID 89 (postfix)
Nov 23 18:07:30 cbwh lfd[20812]: *UID Tracking* 6 blocks for UID 89 (postfix)
Nov 23 18:08:05 cbwh lfd[20879]: *UID Tracking* 6 blocks for UID 89 (postfix)
Nov 23 18:08:35 cbwh lfd[20931]: *UID Tracking* 6 blocks for UID 89 (postfix)
Nov 23 18:09:31 cbwh lfd[21030]: *UID Tracking* 6 blocks for UID 89 (postfix)

2
CentOS 7 Problems / Can we delete File and folders under tmp Folder ?
« on: September 01, 2023, 07:58:55 PM »
Hi,

My server disk usage was increased recently no it was showing 87% So I don't know why it was like that I didn't have much website hosted under my server. I noticed there are many files under tmp Folder. In windows we mostly remove %temp% , Prefetch etc. So I need to know If there are folder or files which we can delete which will not effect our server or services. Please help me..

3
Hi,

Recently all website Hosted in my server are showing below error, its seems the error are because of Varnish Cache Serve.

I have tried many way to resolve this issue but nothing worked, Wordpress website are showing below error

Error 503 Backend fetch failed
Backend fetch failed
Guru Meditation:
XID: 262174
Varnish cache server

Other PHP websites are showing below error
Error 503 Backend fetch failed

Can some help me to resolve this issue, it will be helpful..

4
Hi,

One of my hosting user was unable to execute a command line in laravel through ssh.

command : php artisan make:mail TestEmail

while executing it getting this error message. " bash: php: command not found "

I have searched every where but didn't know how to resolve it ..

5

getting a error message while sending an from mail_queue, any one can help me ?

error message
Warning: mail(): Multiple or malformed newlines found in additional_header in mail_queue/usr/local/cwpsrv/htdocs/resources/admin/modules/mail_queue.php

6
From the past three weeks iam some of the email send from domain names are still in the Postfix Mail Queue
when we try to Process the Queue still it will be gone to deferred list. I found those domains are using google Gsuite (Google work space) all the dns of these domain name's are correct and successfully fetching in mx tool box and google dig tools. If any body have any idea of this issue please help me asap other wise i will loose some customers.

Error message :

(Host or domain name not found. Name service error for name=abcd.com type=MX: Host not found, try again)


7
Hi,

From today none of the email are sending out to gmail. Past days i was able to receive Firewall logs mail (LFD) but now i can see more than 50 emails are in Mail Queue. Did any one have similar issue or any idea why it was not sending default and automatic emails out from server.

Please help URGENT.. :-[

8
CentOS 7 Problems / ALL WEBSITES ARE DOWN
« on: February 02, 2022, 05:53:37 PM »
Yesterday all website are working fine, today evening everything gone down, we don't know what happened.
OUR SSH is off and we can only login to ssh through VNC. when executing a command we also getting an error message
Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.... etc. any one have similar issue did you
have any solutions

9
SSL / Letsencrypt SSL Certificate issue in Hosted domain names
« on: October 02, 2021, 08:46:11 PM »
" Connection not protected "

From 1st October 2021 all our hosted domain names in the server are showing Connection not protected error message. We tried to renew some ssl from the CWP pro panel but it was not renewing at all. Any one have the same issue or can you suggest me a resolution for this issue.

See the screenshot : https://image.prntscr.com/image/jtM5z9SaQL-zfClNhtyTaA.png

10
After the recent update some email account users email usage is showing more than allocated space, It was an big BUG in CWP.
it was our experience and those customers are not able to attach file to their email because of this bug. Screen shot added below let me know if any one can help on this . Continuous Bug in CPW making us to move back to CPanel

After recent update on CWP the email account usage are showing out of allowed space for each account, there was issue in CWP and it is a BUG. how these email users can use more than allow space for their email usage ? IF CWP is working fine this will not happen so below person always say there was no issue in CWP from our expreience CWP always have BUGS and it was not resolved or sorted yet.

http://prntscr.com/16puu6e


11
From the past 4-5 days my server was targeted by hacker, with in one to three second difference my LFD is alerting us message like below. In a day we are getting more than 500 pop3 login failed attempt  from different IP address and different country.

So we stopped the Dovecot IMAP/POP3 Server service for a day but it will not given any resolution when ever we turn on the service attempt start again.

Any one have any solution to protect the server ?

Log entries:

May 16 17:15:59 pop3-login: Info: Disconnected (auth failed, 1 attempts in 2 secs): user=<info@hosteddomain.com>, method=PLAIN, rip=5.95.195.241, lip= ip removed, session=<Y6QyBXHCFcEFX8Px>

May 16 17:15:37 pop3-login: Info: Disconnected (auth failed, 1 attempts in 2 secs): user=<info@hosteddomain.in>, method=PLAIN, rip=83.110.207.34, lip=ip removed, session=<4f/kA3HCd+BTbs8i>

May 16 17:15:07 pop3-login: Info: Disconnected (auth failed, 1 attempts in 2 secs): user=<info@hosteddomain.com>, method=PLAIN, rip=157.32.0.107, lip=ip removed, session=<JMMXAnHCo9+dIABr>

etc.... see the screen shot for more logs




12
Dear CWP,

Getting lot of attack from the past month itself, all attempt are from different county some of them are from the same country and we have blocked some country in the CC_DENY (CN,RU,BG,RU,BR,TR,LT,NL,TR,RO,IE,US) But some of our customers from CC_DENY list was not able to access their website. In the past month these attack was very less but in past day in was increased. As it was not possible to block all country's but you may need to tell us or implement an solution to block these type of attack on SMTP. Below i have added some of them with details please go through it and tell us an solution. Also we are not able to find out which user account they where trying to login ?

Latest:
Time:     Wed Jun 10 19:28:38 2020 +0530
IP:       193.56.28.176 (GB/United Kingdom/-)
Failures: 3 (smtpauth)
Interval: 3600 seconds
Blocked:  Permanent Block [LF_SMTPAUTH]

Log entries:

Jun 10 19:28:10 cbwh postfix/smtpd[26746]: warning: unknown[193.56.28.176]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun 10 19:28:23 cbwh postfix/smtpd[26746]: warning: unknown[193.56.28.176]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun 10 19:28:38 cbwh postfix/smtpd[26746]: warning: unknown[193.56.28.176]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

Other

Jun 10 18:23:02 cbwh postfix/smtpd[21826]: warning: gw70.coldimport.com.pe[209.45.62.70]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun 10 18:23:02 cbwh postfix/smtpd[21826]: warning: gw70.coldimport.com.pe[209.45.62.70]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun 10 18:23:02 cbwh postfix/smtpd[21826]: warning: gw70.coldimport.com.pe[209.45.62.70]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun 10 12:50:00 cbwh postfix/smtpd[14837]: warning: unknown[141.98.80.152]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun 10 09:06:22 cbwh postfix/smtpd[17322]: warning: unknown[59.55.36.129]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun 10 12:29:46 cbwh postfix/smtpd[12248]: warning: unknown[37.49.230.7]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun 10 12:29:46 cbwh postfix/smtpd[12248]: warning: unknown[37.49.230.7]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun  9 18:31:19 cbwh postfix/smtpd[28740]: warning: unknown[5.249.164.2]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun  9 13:21:14 cbwh postfix/smtpd[27667]: warning: unknown[103.139.44.210]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

Continuous Attack with different IP

Failures: 6 (smtpauth)
Interval: 3600 seconds
Blocked:  Permanent Block [LF_SMTPAUTH]

Jun  8 23:07:43 cbwh postfix/smtpd[4946]: warning: unknown[46.38.145.247]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun  8 23:08:01 cbwh postfix/smtpd[3963]: warning: unknown[46.38.145.251]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun  8 23:06:20 cbwh postfix/smtpd[4946]: warning: unknown[46.38.145.252]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun  8 23:04:20 cbwh postfix/smtpd[3963]: warning: unknown[46.38.145.253]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun  8 23:04:20 cbwh postfix/smtpd[3963]: warning: unknown[46.38.145.253]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun  8 22:57:40 cbwh postfix/smtpd[3963]: warning: unknown[46.38.145.6]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun  8 22:57:44 cbwh postfix/smtpd[4558]: warning: unknown[46.38.145.249]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun  8 22:56:48 cbwh postfix/smtpd[4558]: warning: unknown[46.38.145.248]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun  8 22:51:43 cbwh postfix/smtpd[3963]: warning: unknown[46.38.145.4]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun  8 22:50:24 cbwh postfix/smtpd[3963]: warning: unknown[46.38.145.5]: SASL LOGIN authentication failed: UGFzc3dvcmQ6


13
After the Past four update of CWP PRO this is error Iam getting always why ? once in day or twise in a day Iam able to see New update are available in my CWP PRO but my YUM STOPPED updating the package after I have installed the CWP PRO PANEL update please let me know why this error is there any solution ?


Detailed yum log  https://pastebin.com/VM0gr7QM

======== SOME  YUM  Error ==============

  file /usr/lib64/python3.6/distutils/__pycache__/dir_util.cpython-36.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
  file /usr/lib64/python3.6/distutils/__pycache__/errors.cpython-36.opt-1.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
  file /usr/lib64/python3.6/email/__pycache__/errors.cpython-36.opt-1.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
  file /usr/lib64/python3.6/distutils/__pycache__/errors.cpython-36.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
  file /usr/lib64/python3.6/email/__pycache__/errors.cpython-36.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
  file /usr/lib64/python3.6/distutils/__pycache__/fancy_getopt.cpython-36.opt-1.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
  file /usr/lib64/python3.6/distutils/__pycache__/fancy_getopt.cpython-36.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
  file /usr/lib64/python3.6/distutils/__pycache__/file_util.cpython-36.opt-1.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
 
  file /usr/lib64/python3.6/xml/sax/__pycache__/_exceptions.cpython-36.opt-1.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
  file /usr/lib64/python3.6/xml/sax/__pycache__/_exceptions.cpython-36.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
  file /usr/lib64/python3.6/xml/sax/__pycache__/expatreader.cpython-36.opt-1.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
  file /usr/lib64/python3.6/xml/sax/__pycache__/expatreader.cpython-36.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
  file /usr/lib64/python3.6/xml/sax/__pycache__/handler.cpython-36.opt-1.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
  file /usr/lib64/python3.6/xml/sax/__pycache__/handler.cpython-36.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
  file /usr/lib64/python3.6/xml/sax/__pycache__/saxutils.cpython-36.opt-1.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
  file /usr/lib64/python3.6/xml/sax/__pycache__/saxutils.cpython-36.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
  file /usr/lib64/python3.6/xml/sax/__pycache__/xmlreader.cpython-36.opt-1.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
  file /usr/lib64/python3.6/xml/sax/__pycache__/xmlreader.cpython-36.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64

Error Summary
-------------

14
Suggestions / Domain parking option when it will be available ?
« on: March 20, 2020, 02:52:34 PM »
Hi,

Still the team is improving the CWP service why you haven't enabled the domain name parking services in the
CWP or CWP PRO ? While creating an Package it was showing the Parked Domains options still it was not enabled
in any new updates. It was too much difficult to provide hosting services to customers, if an customer need to park
a domain name we need to add an extra Addon Domains in that package. So let me know when you will enable
this feature ?

15
Updates / User Error logs disappeared after recent update
« on: February 03, 2020, 04:35:51 PM »
Dear Developers,

Congratulate for the new login window, Iam an PRO user, after recent update error log option is not showing

any where in the user control panel. So please let me know if it was removed or it will be available when any error

happen in php script which Cpanel follow.  So please let me know where is our error log   >:(

If any one know how to move this user error logs to their public directory or error occurring folder same like

Cpanel. OR please consider this request to be added in your next update to move the error logs to user direcotry

by this way user usage quota will also effect and if any one is not caring about error log they will start looking to

it if their quota was full because of error log files.

Pages: [1] 2