Atomicorp

It was setup to run as qscand... Running asl -s -f changed it to root. After running aum -uf it now works. The problem, as faris stated the other day, is that qmail-scanner-reconfigure resets it to qscand. This morning, CET, when the email wasn't working, I ran asl -s -f which didn't help. I then ru...

Filesystem looks ok: Filesystem Size Used Avail Use% Mounted on /dev/mapper/vg_server15-lv_root 119G 55G 58G 49% / tmpfs 12G 12K 12G 1% /dev/shm /dev/sda1 485M 112M 348M 25% /boot /dev/mapper/vg_server15-lv_home 25G 1,2G 23G 5% /home Inodes: df -ih Filesystem Inodes IUsed IFree IUse% Mounted on /dev...

After updating to clamd rules published sometime tonight (CET) clamd is broken. Starting Clam AntiVirus Daemon: LibClamAV Error: cli_load(): Can't open file /var/clamav/ASL-securiteinfo.hdb LibClamAV Error: cli_loaddbdir(): error loading database /var/clamav/ASL-securiteinfo.hdb ERROR: Can't open fi...

ok, any tips how to fix it?

Thanks a bunch!

Access granted!

Stil no reply from support.

By manually disabling mod_sec and way I can now access web servers. ASL web is still missing.

MODSEC_ENABLED="no"
WAF_ENGINE="no"

I have opened a support ticket, but until it gets picked up I was hoping for some help here. I updated to 4.0.6 and enabled the new Threat Intelligence System. After that apache isn't working anymore. Neither is the ASL web gui. I just get a page saying ERR_EMPTY_RESPONSE. I have tried to disable IP...

Thanks paulie!

I'll try the log part again. I didn't see anything suspicious the last time, but I probably wasn't looking with enough attention.

They do not have a contact form, so it sounds likely that it is parsing requests. I must look into this.

10002 is qmail-scanner, qscand.

prupert wrote: Security hole in a plug-in perhaps?

Not unlikely. Then I just need to find which one...

That was my initial idea as well. It is an updated version of WP. I have changed the password for the users but it still keeps sending spam.

Not that I can find. There are a few of them from all the different Wordpress-sites on the server, but all are in the correct location. The user 10001 is the user account in Linux for the "Name of website"

A small problem. A few days a week I get hit with spam, sent to my account Received: (qmail 16615 invoked by uid 10002); 17 Jun 2014 07:08:34 +0200 X-Qmail-Scanner-Diagnostics: from by servername (envelope-from <coco888@msn.com>, uid 10001) with qmail-scanner-2.10st (clamdscan: 0.98.3/19106. mhr: 1....

Running aum -uf and asl -s -f does not fix it. I am now downgrading modsec per instructions in my support thread.

I think this article detailing a hacker attack on a server was quite an interesting read.

http://draios.com/fishing-for-hackers/

Sorry if it is wrongly placed. Please go ahead and move it.