FreeBSD Server Administration

« April 2005 | Main | June 2005 »

May 28, 2005

Email Problem Follow-up

It has been one week since I stopped postfix and disabled the mail command (#chmod 444 /usr/bin/mail), everything seems fine. I restarted postfix and notified my ISP, they told me they would keep watching this server. Since this server doesn't host any critical or major websites, I can take the risk - if anything bad happens again, I will make an OS reload.

According to some Blogs about Awstats exploit, the hackers modified their web pages and very probably gained shell access. Assuming the spammer didn't gain my shell account, that could be because:

1. The spammer is not "professional enough" to hack into my box - this is very unlikely, since they used the exploit for "business purpose".

2. FreeBSD is more secure, he wasn't able to gain the shell account even they used the exploit and had enough time. I have to love FreeBSD more if that's the case.


Category : Security

Posted by FreeBSD Newbie at 03:50 AM | Comments (0)

May 18, 2005

Awstats Exploit

I found the source of my email server problem, it's because I was using an old version of Awstats, which has a known exploit - allows remote command execution. After further search on the Internet, I found that it seemed to be a hot topic on the Internet several months ago, especially among bloggers, it's a shame that I haven't even heard of it.

I also found the spam email and attack source code under /tmp, I think it's better to check this directory regularly. I'm not sure if the spammer gained the shell access, the server seems clean.

The lesson: it's necessary to check out security alert frequently for administrators. Please let me know if you know some good source.

If you are using Awstats 6.2 or earlier versions, your server is at great risk, update it now!

Here is a great blog entry about this exploit, lots of helpful comments with security suggestions and resource.


Category : Security

Posted by FreeBSD Newbie at 06:06 AM | Comments (2)

May 17, 2005

MT-Blacklist Error : Byte Order Is Not Compatible

This is about MT-Blacklist, an anti-spam add-on for MovableType, which works great by scanning incoming comments, deny or force moderation if the comment contains specified words or exceeds URL limit. The comment system is hardly usable without MT-Blacklist, it takes much time to delete hundreds of automated spam comments each day.

After changed hosting, the perl version is different on the new server, MT-Blacklist can't read the database data due to the different byte order, error message looks like:
Plugin error: plugins/Blacklist.pl Byte order is not compatible at blib/lib/Storable.pm (autosplit into blib/lib/auto/Storable/thaw.al) line 363, at lib/MT/PluginData.pm line 28 Compilation failed in require at lib/MT.pm line 291.

The problem was fixed after I deleted all records in the table mt_plugindata.


Category : Misc

Posted by FreeBSD Newbie at 01:38 AM | Comments (0)

May 16, 2005

Be a Professional or Get a Professional?

After rented two unmanaged FreeBSD servers, I have been always wondering what's the best choice for me, does it make sense to learn how to administer a server? Isn't it better to hire someone to do all these stuff for me? Thus, the servers are more secure, and I can spend more time on the websites rather than thinking about the hosting all the time.

I also swayed between Linux and FreeBSD for a while, I like FreeBSD in many ways, but it has a big drawback - little documentation, almost everything needs extensive search on the Internet. Linux has a much bigger user base and enough tutorials on almost every subject.

My Linux VPS was hacked last month, fortunately I only host one website on it and nothing lost. I do most things with WebHost Manager and CPanel on it, as a result, I can do little research to find out how the hacker broke in. My ISP tried to fix the problems, several important programs damaged during the process, they restored the whole system form backup (they backup the whole system daily).

After the FreeBSD server working, I spent little time on learning FreeBSD, probably I'm tired of studying new stuff. The Linux hack and email spam incidents taught me a lesson: either to be a real professional - hard but convenient, or to hire someone - easy but inconvenient, convenient as well as easy solution doesn't exist at all.

Improving FreeBSD knowledge will be my first priority task from now on.


Category : General

Posted by FreeBSD Newbie at 07:54 AM | Comments (2)

May 15, 2005

Spam Email

Someone sent out lots of spams from my server yesterday, my ISP responded so fast that they disconnected my server immediately after they received the complaint.

They reconnected the server after I told them I would stop postfix and disable mail command to make sure no any emails will be sent out before the problems were fixed.

Actually I didn't manage postfix to work well, I even can't send emails from my desktop myself. Sending/receiving emails works well on the server side. Since it's not necessary for me to use the SMTP from my desktop, I kept the current configuration till now. That's why I haven't mentioned email configuration on this Blog so far.

I guess the spams were sent with a web script, because:
1. My postfix doesn't allow relays from desktop.
2. The sender was specified as "www@myhost.com" according to the
complaint email.

The spam email entry in the maillog looks like:
May 14 14:55:03 pang postfix/smtp[46011]: EC0C595C90: to=<xxx@xxx.com>,
relay=mail2.iecc.com[208.31.42.98], delay=724, status=sent (250 ok 1116100192
qp 2255)

The server looks clean to me, odds are it wasn't hacked. I use phpBB, vBulletin and Awstats on this server, currently I'm still trying to find out how the spammer did it.


Category : Security

Posted by FreeBSD Newbie at 06:59 PM | Comments (2)

May 09, 2005

Log Files

I deleted the log files of Postfix and Apache manually, these files weren't re-created even after I restarted Postfix and Syslogd, and it ended with a system reboot. I need to find a good way to rerotate Apache log files.

Update: Apache will create the new log files after restarting, a graceful restart is perferred.
# /usr/local/sbin/apachectl graceful

Check out Apache Log Rotation for more info.


Category : FreeBSD General

Posted by FreeBSD Newbie at 07:21 PM | Comments (2)