Joshua D'Alton's questions

UPDATE: Seems it was a fake email, so not really that urgent, but the questions are still valid.

So I received an email about a VPS I host (I'm a VPS hosting company, this is a customer VPS) being used for phishing sites, on both IPs for the VPS, and I'm wondering what to do. I tried setting local hosts file such that I'd be seeing their phishing site, but didn't seem to work, and no I didn't do it wrong :P

Anyway, that aside, at the moment I'm grepping the whole openvz directory for the particular domain, however nothing has come up.

So I guess what I'm wondering is:

1. Is there some cool fancy tool I don't know about that lets you check if an IP:[port optional] answers to a vhost/domain? (maybe needs a 2nd question for that? :) )
2. This VPS is running nginx, what should I be looking for (at the moment all I see is some proxy stuff to vk.com, maybe the phishing email I got is old?)

3. Any other advice.

   cat /etc/nginx/conf.d/default.conf
   server {
       listen xxx.xxx.199.213:30;
       server_name redirectvk;
       access_log /dev/null;
               location / {
                 proxy_bind xxx.xxx.199.213;
               proxy_pass http://vk.com:80;
               }
       }
   
   
   server {
       listen xxx.xxx.199.213:31;
       server_name redirectlvk;
       access_log /dev/null;
               location / {
               proxy_bind xxx.xxx.199.213;
               proxy_pass http://login.vk.com:80;
               }
       }
   
   server {
       listen xxx.xxx.199.213:32;
       server_name redirectmvk;
       access_log /dev/null;
               location / {
               proxy_bind xxx.xxx.199.213;
               proxy_pass http://m.vk.com:80;
               }
       }
   
   
   server {
       listen xxx.xxx.199.213:80;
       server_name redirectvk;
       access_log /dev/null;
               location / {
               proxy_set_header Host $host;
             proxy_bind xxx.xxx.199.213;
               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
               proxy_pass http://5.9.90.49:80/;
               }
       }
   
   
   
   
   server {
       listen xxx.xxx.199.214:30;
       server_name redirectvk;
       access_log /dev/null;
               location / {
                 proxy_bind xxx.xxx.199.214;
               proxy_pass http://vk.com:80;
               }
       }
   
   
   server {
       listen xxx.xxx.199.214:31;
       server_name redirectlvk;
       access_log /dev/null;
               location / {
               proxy_bind xxx.xxx.199.214;
               proxy_pass http://login.vk.com:80;
               }
       }
   
   server {
       listen xxx.xxx.199.214:32;
       server_name redirectmvk;
       access_log /dev/null;
               location / {
               proxy_bind xxx.xxx.199.214;
               proxy_pass http://m.vk.com:80;
               }
       }
   
   
   server {
       listen xxx.xxx.199.214:80;
       server_name redirectvk;
       access_log /dev/null;
               location / {
               proxy_set_header Host $host;
             proxy_bind xxx.xxx.199.214;
               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
               proxy_pass http://5.9.90.49:80/;
               }
       }
   

Thanks!

(also how did ladadada get the config post to look so nice, mine went all fubar :?)

So I created a new user, put in the normal details, said yes to create mailbox, then tried to share with someone. After an hour of battling cached mode etc etc, I thought to check the permissions of someone else.

Normally under exchange advanced, mailbox rights, you would have a bunch of items: administrator anon logon domain admins everyone mail ops SELF etc

But this one only had SELF!

So my question is, why did it fail to add these permissions (I eventually fixed the problem by adding them in myself)?

So customer calls up saying exchange isn't working, and when he remoted in he could see all the services disabled.

All the exchange services, IIS, update, plus a bunch of others were all set to disabled state.

Apon changing to automatic they started again fine and now email works, but how they got into this state is the worry.

I believe, from something similar years ago, that in msconfig there is diagnostic startup, which might result in said services being disabled. Again though, after another 'normal' reboot, why wouldn't they revert back to normal? And, how would it have gone into diag startup in the first place?

Anyway, a few other people on google seem to have had the same problem over the years but no one has really found a solution. At this stage we aren't ruling out a virus however it is a server with almost 0 access to the web so doubtful.

And exchange 2007 8.1 (some 0s missing) on server 2008 SBS (windows server standard FE 2007 SP2)

Servers have multiple users running multiple programs, some of which don't seem to behave and will eat up RAM like there is no tomorrow, for example:

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
30091 xxxx 20   0 2194m 1.4g 1.4g S   21  9.0   0:56.03 aaaaa
30212 xxxx 20   0 1460m 1.1g 1.1g D    5  6.9   0:44.12 aaaaa

We have filesystem quota setup, otherwise nothing else that I know of. I'd like to be able to limit VIRT RES SHR (perhaps just limiting 1 will limit the other 2?). Is this possible?

As well I would like to limit cputime before command is terminated (actually the command is called by another script, I assume the father script won't be terminated?).

I've had a look at limits.conf and PAM stuff, but not sure what is the best way, and how to test.