To find a matched entry in the route table, a bitwise AND will be applied to the destination IP and the netmask in the route table. I wonder if the bitwise AND will ALSO be applied to the "Network Destination" of current entry in the route table and the netmask, then the two AND results are compared; or, there is only one AND(the destination IP and the netmask) and the result is directly compared to the "Network Destination" in the route table?
I find new version(V5.9) of Wordpress adds this line to .htaccess:
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Old version of Wordpress does not have this line. What does it mean? Can I remove it?
It seems mail dot com does not have an ipv6 smtp server. It is a little weird for such a famous email service provider. Or, I did not find a way to get its ipv6 server? I used the following command to check its ipv6 server:
dig mx01.mail.com AAAA
But the output does not show an ipv6 address. How can I get its possible ipv6 servers?
Can I add multiple PTR records mapping multiple IPV6 addresses to the same domain, and add multiple AAAA records mapping the same domain to to the same set of IPV6 addresses, to let pass the iprev check?
Occasionally, I open a ticket at my VPS provider to let them create a rDNS record for me. Sometimes, I can find a page in my control panel to add the rDNS record myself. This is simple for ipv4 address. I just input an ip address and a domain name to create the rDNS record. I wonder how to add rDNS record for a block of ipv6 addresses such as a 2^64 address block. Do I have to add 2^64 rDNS records each mapping an ipv6 address to a domain? Can I have one record to map the whole address block to the same domain?
First question: why there are two error log files? One is /var/www/mywebsite/error.log, which is specified in <VirtualHost> with the ErrorLog instruction. The other is /var/log/httpd/error_log. I cannot find where it is defined.There is a line outside <VirtualHost> in /etc/httpd/conf/httpd.conf:
ErrorLog "logs/error_log"
But I think this is not corresponding to /var/log/httpd/error_log.
Second question: why the owner of both error log files is root:root, not apache:apache as specified in /etc/httpd/conf/httpd.conf:
User apache
Group apache
It seems mysqld allocates too much memory as buff/cache:
free -m
total used free shared buff/cache available
Mem: 990 448 96 36 445 326
Swap: 511 511 0
Now I cannot start httpd service because it "Failed to fork: Cannot allocate memory".
I wonder why this happens? Why the 445M buff/cache cannot be reclaimed and used for httpd?
My servers get attacks from thousands of ip addresses everyday. I have an idea. Can I report those malicious ip addresses, or use the resource to earn some money? How?
You may think these attacks are common on the Internet. But the attacks to my servers are kind of special. They come from thousands of different ips everyday. They try to login my box(but fail). The most uncommon thing is every ip just does several attempts then other ips continue. If this continues, I think I can catch quite a lot of compromised computers in the world.
Do not limit your thoughts to reporting those ips to somewhere. This is definitely a good resource to make some money in a way not known to me yet.
The down-votes have made it impossible for me to ask new questions here. Can you visitors kindly up-vote this question to help me get rid of the restriction? I curse those down voters.
Thanks!
On VPS, it seems I can use <VirtualHost> to redirect any subdomain to main domain. On shared host, since I cannot edit the apache configuration file, how can I do?
Currently, I create a CNAME record for *.mydmain.com to redirect to mydomain.com. But When I visit nonexist.mydomain.com, it lands on nonexist.mydomain.com/cgi-sys/defaultwebpage.cgi.
If we set an A record and a CNAME record for the same sub-domain, how is the DNS lookup done?
For example,
A record:
example.com => xx.xx.xx.xx
www.example.com => xx.xx.xx.xx
CNAME record:
www. => example.com
When resolving www.example.com, does the DNS resolver directly look up the A record for the subdomain www and get the ip, or look up the CNAME for www to get the redirect domain(example.com), then look up the A record of example.com to get the ip in the end?
I send an email which has a text mime part and a html mime part. When I receive the email using a client app such as Windows Mail, the html version of the email is shown in the client, which is good. However, if I login to webmail(such as outlook.com) to see the email, only the text part of the email is shown on the web page, the html part is shown as an attachment. How can I let webmail choose the html part as the preferred one?
When I click "Get Messages" in the Thunderbird client, I cannot retrieve any email from my Cyrus-imap pop3 server. I configured Thunderbird client to use pop3 port 995, Connection security: SSL/TLS. There is no error messages shown in Thunderbird . It appears Thurderbird has logged in the server but find the mailbox is empty. But, the mailbox is not empty actually because I can use openssl to retrieve emails from it. During the connection of Thunderbird, there are some logs in /var/log/maillog:
Sep 14 04:17:32 host1 pop3s[26537]: skiplist: checkpointed /var/lib/imap/tls_sessions.db (125 records, 23196 bytes) in 0 seconds
Sep 14 04:17:32 host1 pop3s[26537]: starttls: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits new) no authentication
Sep 14 04:17:32 host1 pop3s[26537]: counts: retr=<0> top=<0> dele=<0>
Why does starttls occur in the log? I configured Thunderbird to use SSL/TLS not STARTTLS. What does the "counts: retr=<0> top=<0> dele=<0>" mean?
I think the problem is probably caused by the self-signed certificate Cyrus-imap uses. so I applied for a letsencrypt certificate for the domain and change /etc/imap.conf from
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
to:
tls_cert_file: /etc/letsencrypt/live/example.com/fullchain.pem
tls_key_file: /etc/letsencrypt/live/example.com/privkey.pem
tls_ca_file: /etc/letsencrypt/live/example.com/chain.pem
,and set the permission of /etc/letsencrypt/live/example.com/, /etc/letsencrypt/archive/example.com/ and all files in the directories to 777. When I click "Get Messages" in Thunderbird again, the problem persists but the logs in /var/log/maillog change to:
Sep 14 04:36:25 host1 pop3s[30099]: skiplist: checkpointed /var/lib/imap/tls_sessions.db (126 records, 23388 bytes) in 0 seconds
Sep 14 04:36:25 host1 pop3s[30099]: TLS server engine: cannot load CA data
Sep 14 04:36:25 host1 pop3s[30099]: unable to get certificate from '/etc/letsencrypt/live/example.com/fullchain.pem'
Sep 14 04:36:25 host1 pop3s[30099]: TLS server engine: cannot load cert/key data
Sep 14 04:36:25 host1 pop3s[30099]: [pop3d] error initializing TLS
Sep 14 04:36:25 host1 pop3s[30099]: Fatal error: tls_init() failed
Sep 14 04:36:25 host1 pop3s[30099]: counts: retr=<0> top=<0> dele=<0>
So what on earth is the problem? Did Thunderbird successfully connect/login the server but did not find a message for some reason, or just could not connect to the server?
Suddenly, I cannot start services on my VPS(CentOS 7). For example,
service httpd start
Redirecting to /bin/systemctl start httpd.service
Authorization not available. Check if polkit service is running or see debug message for more information.
Failed to start httpd.service: Connection timed out
See system logs and 'systemctl status httpd.service' for details.
This is probably because the domain name I used as the host name has expired. I do not know the logic behind the service command. I start httpd, why does it invoke polkit service? The polkit service is also dead and cannot be started. The "service polkit status -l" command shows a message:
Lost the name org.freedesktop.PolcyKit1 - exiting
How to solve the problem?
On my VPS(CentOS 7), the default iptables is:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I cannot visit my website set up using Apache/2.4.6, the browser displays: "The connection was reset".
If I insert a rule to accept tcp connection on port 80 in iptables using "iptables -I INPUT -p tcp --dport=80 -j ACCEPT", everything is ok, the website can be visited without problem. The iptables is:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I wonder why I should add the rule because in old iptables, the third rule is "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0", which means it will accept all connections to all ports. Did I misunderstand something?
Since port 25 is blocked on my VPS, I need to configure Postfix to send emails to other ports such as 587 or 465. But it seems most incoming SMTP servers on the Internet such as outlook or gmail do not open port 587 or 465. They just use port 25 to receive emails. Is this a common practice?
I do not mean to use another SMTP server to relay emails (as talked in this post.)
Another question is if all(or most) SMTP servers that open port 587 need authentication? Port 587 is called submission port so I think it asks you for account information. Is there any incoming SMTP server that uses port 587 to receive emails and does not need account authentication?