Article 11296 at 07/11/29 14:56:35 From: webmaster (at mark) muntada.com Subject: [coba-e:11296] Re: sudden authentication problem

Index: [Article Count Order] [Thread]
Date:  Thu, 29 Nov 2007 00:49:43 -0500
From:  MuntadaNet Webmaster <webmaster (at mark) muntada.com>
Subject:  [coba-e:11296] Re: sudden authentication problem
To:  coba-e (at mark) bluequartz.org
Message-Id:  <200711290556.lAT5uUkq020508 (at mark) huda.muntadanet.com>
In-Reply-To:  <BAY135-W417806F0BF27BDEB9A951E82700 (at mark) phx.gbl>
References:  <BAY135-W319EAA4A584DE254227F3682700 (at mark) phx.gbl> <20071129104409.2d6eab4f (at mark) patricko> <BAY135-W417806F0BF27BDEB9A951E82700 (at mark) phx.gbl>
X-Mail-Count: 11296

Sounds like a file system is getting full.

Try doing a df -h.

-Rashid

At 10:31 PM 11/28/2007, you wrote:

>e a Centos BQ server which has been functioning fine for a while. 
>Now suddenly today all authentication failed (email, admin, ftp).  I 
>was able to log in through SSH and run dbrecover.  That fixed the 
>problem briefly, but then it failed again.  I tried rebooting the 
>server but same problem. It also seemed that many of the times I ran 
>dbrecover it did not solve the problem, even temporarily.
> > >
> > > Now it is the evening and the problem seems to have gone away for now.
> > >
> > > My initial thought is that it was a dictionary attack causing 
> this problem as I've run into this before.  However, while I could 
> see obvious hacking attempts using email login attempts in the 
> secure log, they did not seem to be very numerous. (I could be 
> wrong as I don't know exactly how to determine the number).  In any 
> case, during the several hours when this problem occurred, there 
> didn't seem to be a heavy load on the server as I had experienced 
> in the past with such attacks.
> > >
> > > I know that other people have experienced a similar problem.  I 
> have read Brian's instructions for converting the passwords to a 
> flat file.  I'm not sure if that will resolve the problem I'm 
> experiencing, or there is something else going on. Just curious if 
> there is anything else I should be looking for.
> >
> > Please dont speculate. Dig ur logs and return the facts.
> >
> >
> > For Other Blues, I am using .db authentication for 2 year straight
> >  w/o any problem. The no. of site per server is > 1 thousand
> >
> >
> > ### I always recommend removing POP3 loggin to .db, eg below ####
> > ### Why? This will make DBRecover run faster (in /var/db) 
> ...  when you have been strike by dick-sionary attack ####
> >
> >
>
>Well the problem has resurfaced, and there is no attack going on 
>now.   And dbrecover doesn't seem to be solving the problem 
>either.  The problem did go away after about 15 minutes. I monitored 
>it and did noy see any attacks.I'm about to transfer sites to 
>another server, but am reluctant to do that unless I know what the problem is.
>
>_________________________________________________________________
>Connect and share in new ways with Windows Live.
>http://www.windowslive.com/connect.html?ocid=TXT_TAGLM_Wave2_newways_112007

*****************************************************************
MuntadaNet Web Hosting and Web Design Services
http://www.muntada.com

Sales - sales (at mark) muntada.com
Support - support (at mark) muntada.com
Billing - billing (at mark) muntada.com

Main Office - 808-689-6092
Fax - (808) 356-0279
*****************************************************************