Skip to main content

New User Questions About Security

Amgeek
Hi, Am trying to run a small VPS Cpanel Server. Learning as I go, little by little. I really need someone to "Look over my shoulder" (I can share my screen with you) and guide me along from time to time. I have a small budget so can pay some. Most of what I am finding are folks who want to do it all and or incapable of speaking (skype, Google hangout, whatever) My current host has been most helpful but I really need to find a good source. Eventually I would like to set up an Amazon server and will need help with that as well. I frequently see posts here in the forum that say something like "if you can't figure it out - hire one of us" Any ideas of who might do this. Thanks Ed

Comments

15 comments

Date Votes
  • TerranceR
    Hello, There are Companies that provide help such as this, you can utilize System Administration Services to get a list of System Administration Companies. If you have any cPanel Specific questions or need a Installation done, feel free to submit a Free Support Ticket at cPanel Customer Portal
    0
  • webhostuk
    Google is one resource to search for, if you wish to learn things by yourself or go for managed hosting where the hosting company can manage things for you.
    0
  • Amgeek
    Thank you both. Did not know about the Cpanel Customer Portal. Have been to System Administration Services but that seems to have been closed and the listings there are getting old. Tried to reach a couple of them before I started this thread. And, yes, I do look things up on Google and have asked several questions here. Have also gone without satisfactory answers - probably dont know enough to recognize the correct answer :) So... The offer stands. I need to spend a little time, from time to time, in a Google Hang out or similar situation, to really talk with someone about, what are probably fairly simple, basic terms and procedures. Thanks again. Amgeek
    0
  • Infopro
    Job offers / soliciting services is no longer permitted on these forums. You might want to post over on a forum like webhostingtalk if you're looking to hire someone. The System Administration Services is closed to replies, but it is kept up to date. IMHO, you don't need anyone looking over your shoulder that you have to pay, you're using cPanel! Spend some time with the documentation, read posts on this and other forums, don't go crazy trying out things you don't need on your server etc. You'll be fine.
    0
  • Amgeek
    Thanks, Infopro, for the forum info and I appreciate your confidence that I can do this. So far I have been able to figure most of it out and do try to keep it as simple as I can. There are thing that I think I should be able to understand that I just don't and might not even know where to start. For instance. Here is a question I have been wrestling with for several months. The following line of code(?)/Script(?)Command Line(?) was given to me by the provider of my VPS to help track down and remove a hack/attack. I am trying to 1) understand the results of running this (reading the output), (2) understanding how each line relates to what I find in Cpanel/WHM, (3) understanding what each of the commands and modifiers in that line does and what it is looking for. root@server2 [~]# grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"c wd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n 1 /home/barnat2/public_html/photonfullwp 9 /root 10 177 / 1683 /etc/csf I need to break down this line to understand what it does and why so I can work on interpreting the output. So far this is as far as I have gotten and I am not sure if what I have is correct. [LIST]
  • Grep : Grep searches.
  • Cwd : Comment when done
  • /var/log/exim_mainlog : this is the file that grep will search and comment on when done
  • | : seperates commands [LIST]
  • Grep
  • -v: (--invert-match) option?
  • var/spool : another file being searched ? Getting ready to display results? [LIST]
  • AWK: an interpreted programming language designed for text processing
  • -f: indicates the file containing the instruction? (what instruction?)
  • -F: Command line option Input field ????? Really stuck. Pretty lost- right?
    • 0
  • Infopro
    That command can be used for seeing where emails are coming from. You can google for: grep commands cheat sheet And find lots of tutorials on how to use grep. Here's is only one result: techrepublic.com/article/download-our-unix-command-cheat-sheets/
    ...track down and remove a hack/attack

    You've got a more immediate problem then it sounds like to me.
    ...1683 /etc/csf

    Your firewall has sent over 1683 emails it seems. Are you getting those emails? CSF/LFD emails can be very helpful.
    I need to break down this line to understand what it does and why so I can work on interpreting the output.

    What problem are you actually having? An account is sending out spam from your server, the server has been compromised?
    0
  • Amgeek
    Thanks, Infopro, for the forum info and I appreciate your confidence that I can do this. So far I have been able to figure most of it out and do try to keep it as simple as I can. There are thing that I think I should be able to understand that I just don't and might not even know where to start. For instance. Here is a question I have been wrestling with for several months. The following line of code(?)/Script(?)Command Line(?) was given to me by the provider of my VPS to help track down and remove a hack/attack. I am trying to 1) understand the results of running this (reading the output), (2) understanding how each line relates to what I find in Cpanel/WHM, (3) understanding what each of the commands and modifiers in that line does and what it is looking for. root@server2 [~]# grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"c wd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n 1 /home/barnat2/public_html/photonfullwp 9 /root 10 177 / 1683 /etc/csf I need to break down this line to understand what it does and why so I can work on interpreting the output. So far this is as far as I have gotten and I am not sure if what I have is correct. [LIST]
  • Grep : Grep searches.
  • Cwd : Comment when done
  • /var/log/exim_mainlog : this is the file that grep will search and comment on when done
  • | : seperates commands [LIST]
  • Grep
  • -v: (--invert-match) option?
  • var/spool : another file being searched ? Getting ready to display results? [LIST]
  • AWK: an interpreted programming language designed for text processing
  • -f: indicates the file containing the instruction? (what instruction?)
  • -F: Command line option Input field ????? Really stuck. Pretty lost- right?

    • That command can be used for seeing where emails are coming from. You can google for: grep commands cheat sheet And find lots of tutorials on how to use grep. Here's is only one result: techrepublic.com/article/download-our-unix-command-cheat-sheets/ You've got a more immediate problem then it sounds like to me. Your firewall has sent over 1683 emails it seems. Are you getting those emails? CSF/LFD emails can be very helpful. What problem are you actually having? An account is sending out spam from your server, the server has been compromised?

    Thanks for the keyword "cheat sheets" (had been working "tutorials"). FYI the techrepublic.com sheet is gone. Working my way through some of the others and some look pretty good. How would I have known that ..."1683 /etc/csf" means the firewall (csf?) is sending spam notices? I have not gotten any emails like that. Will research CSF/LFD this weekend. Current problem WAS (false confidence?) an account was spamming. I think their email password had been compromised. I changed it and they are no longer getting "over quota" bounce backs. Running the command again show about 300 additional (1683 to 1953) . Would like to clear that info to get a fresh count but don't know how. If that is fixes then I want to understand the rest of the report and the command better .
    0
  • Amgeek
    Am I on hold or forgotten? Still trying to interpret: root@server2 [~]# grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n 2 / 4 /root 643 /etc/csf It is different than when we started (last week). Does it still look like I have trouble?
    0
  • Infopro
    643 emails in a week from your firewall is quite a bit. Have you gotten/read any of them?
    0
  • Amgeek
    Thanks for three good pieces of info. 1. Information in the report covers the past week (?) and 2 the line 643 /etc/csf is the number of emails the firewall has sent someone(?) and 3. apparently not me. I have not seen any of them. So..... I have looked at the firewall configuration again and don't see where those numbers come from or where the emails are going. Where would I find and change that?
    0
  • Infopro
    Normally, emails from CSF\LFD are send to root, all root email should be forwarded to an off server email address. You can check to make sure you've got server contacts setup properly, here: WHM "Server Contacts "Edit System Mail Preferences Assuming thats setup proper, you might check to see if emails are being delivered to that email address where root email is forwarded to, using this tool: Home "Email "Mail Delivery Reports
    0
  • Amgeek
    Looks like all mail from root@server"" is sent to root@server[/EMAIL]"". In Edit System Mail Preferences there are three options: Forward Mail for "Cpanel" to: currently blank Forward mail "Nobody" to : root Forward mail for "root" to: nobody I will change all of thoes to my email address and see what happens. Any precautions I should take?
    0
  • Infopro
    Be sure you don't use a gmail account. You could, but if too much email forwarded to your gmail account you may get rate limited or even blocked. And then get ready for a flood of email I suspect.
    0
  • Amgeek
    Getting a trickle. Only 4 overnight. My two sign ins, one looks like a Cpanel automatic update probably happened and the other, I am guessing, is a blocked ftp attack on one of the accounts on the server.
    Time: Wed May 18 07:07:50 2016 -0400 IP: 58.20.241.75 (CN/China/-) Failures: 10 (ftpd) Interval: 3600 seconds Blocked: Permanent Block May 18 07:06:34 server2 pure-ftpd: (?@ 58.20.241.75) [WARNING] Authentication failed for user [anaccountontheserver.com]
    But there were probably more? I ran that "Grep" command and got: 3 / 5 /root 941 /etc/csf I think the results says there were about 300 sent since the last reading (above/about 24 hours ago)? Am I missing something?
    0
  • cPanelMichael
    But there were probably more? I ran that "Grep" command and got: 3 / 5 /root 941 /etc/csf I think the results says there were about 300 sent since the last reading (above/about 24 hours ago)? Am I missing something?

    Hello, This suggests emails sent out by your firewall. You can access your CSF interface in Web Host Manager to view your firewall logs and notification settings to see what's triggering the alerts. Thank you.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post