Openpanel
I have a VPS with Debian Squeeze and Apache2, Mysql and PHP5 on it. It has recently (the last two or three days) been freshly rebuilt after a little crash last week caused by spiking IO, ooming, overloaded Mysql database and something else.
I followed all of the quick start guides in the library, including securing your server, monitoring your server, backing up etc. So I have all the basics installed including munin and monit.
To help me get a visual overview, I installed Openpanel on my freshly rebuilt VPS yesterday. I got the mail server running on it and a couple of mail accounts too.
After having had a few problems on the last build of my VPS, I also uploaded three wordpress web sites back to the server and simply added name based virtual hosts with a index.html page for the rest of my domains. They also worked fine yesterday.
Between last night and this morning (I am in Europe) something happened and there was nothing to see this morning. No sites. Nothing loaded. So I rebooted my server and the sites came back online.
However Openpanel is no longer accessible. The mail server and accounts I set up are no longer working either. I am not sure if this (openpanel's problem) caused my VPS to go down.
I have logwatch coming into my mailbox daily. This morning I had a look at what activity had transpired.
Before I rebuilt my VPS, I saw in my logs that I had a lot of attention from illegal logins and activity in china, france and italy. I still have a lot of attention from someone trying to ilelgally login from china.
I am not sure if their activites last night contributed to my VPS content disappearing from online view. I really dont have a lot of data on the disk. I am only using 8% and I have a 1024 Linode (free upgrade).
Here is some info in the logwatch:
–------------------- SSHD Begin ------------------------
SSHD Killed: 1 Time(s)
SSHD Started: 2 Time(s)
Illegal users from:
211.144.85.58 (reserve.cableplus.com.cn): 5 times
223.4.241.4 (ip223.hichina.com): 318 times
Users logging in through sshd:
trollkyrka:
81.191.63.152 (c983FBF51.dhcp.as2116.net): 57 times
Received disconnect:
11: disconnected by user : 3 Time(s)
SFTP subsystem requests: 53 Time(s)
Unmatched Entries
reverse mapping checking getaddrinfo for ip223.hichina.com [223.4.241.4] failed - POSSIBLE BREAK-IN ATTEMPT! : 318 time(s)
reverse mapping checking getaddrinfo for reserve.cableplus.com.cn [211.144.85.58] failed - POSSIBLE BREAK-IN ATTEMPT! : 10 time(s)
–-------------------- SSHD End -------------------------
and
--------------------- pam_unix Begin ------------------------
pure-ftpd:
Password Failures:
user unknown: 344 Time(s)
Unknown Entries:
authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=graphology rhost=8.243.33.120.broad.pt.fj.dynamic.163data.com.cn : 172 Time(s)
authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=graphologyorgau rhost=8.243.33.120.broad.pt.fj.dynamic.163data.com.cn : 172 Time(s)
---------------------- pam_unix End -------------------------
and
--------------------- Named Begin ------------------------
Received control channel commands
reload: 3 Time(s)
stop -p: 1 Time(s)
Unmatched Entries
adjusted limit on open files from 1024 to 1048576: 2 Time(s)
built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS=': 2 Time(s)
generating session key for dynamic DNS: 2 Time(s)
reading built-in trusted keys from file '/etc/bind/bind.keys': 5 Time(s)
set up managed keys zone for view _default, file 'managed-keys.bind': 2 Time(s)
using default UDP/IPv4 port range: [1024, 65535]: 5 Time(s)
using default UDP/IPv6 port range: [1024, 65535]: 5 Time(s)
using up to 4096 sockets: 2 Time(s)
–-------------------- Named End -------------------------
and under
--------------------- Connections (secure-log) Begin ------------------------
Changed password expiry for users:
bind : 1 Time(s)
postfix : 1 Time(s)
Unmatched Entries
groupadd: group added to /etc/group: name=bind, GID=112: 1 Time(s)
groupadd: group added to /etc/group: name=openpanel-admin, GID=1004: 1 Time(s)
groupadd: group added to /etc/group: name=openpanel-authd, GID=1002: 1 Time(s)
groupadd: group added to /etc/group: name=openpanel-core, GID=1003: 1 Time(s)
groupadd: group added to /etc/group: name=openpaneluser, GID=1001: 1 Time(s)
groupadd: group added to /etc/group: name=postdrop, GID=111: 1 Time(s)
groupadd: group added to /etc/group: name=postfix, GID=110: 1 Time(s)
groupadd: group added to /etc/gshadow: name=bind: 1 Time(s)
groupadd: group added to /etc/gshadow: name=openpanel-admin: 1 Time(s)
groupadd: group added to /etc/gshadow: name=openpanel-authd: 1 Time(s)
groupadd: group added to /etc/gshadow: name=openpanel-core: 1 Time(s)
groupadd: group added to /etc/gshadow: name=openpaneluser: 1 Time(s)
groupadd: group added to /etc/gshadow: name=postdrop: 1 Time(s)
groupadd: group added to /etc/gshadow: name=postfix: 1 Time(s)
useradd: add 'openpanel-admin' to group 'openpaneluser': 1 Time(s)
useradd: add 'openpanel-admin' to shadow group 'openpaneluser': 1 Time(s)
usermod: change user 'bind' password: 1 Time(s)
usermod: change user 'openpanel-admin' password: 1 Time(s)
usermod: change user 'postfix' password: 1 Time(s)
---------------------- Connections (secure-log) End -------------------------
I am not sure if the above 'unmatched entries' are indication of illegal attempts to access or change something within openpanel or not?
I have spent the last week working on my site everyday to fix the problems that I had with the last build. I am a little at my wits end to know what more I can do to prevent my sites from going down. I am a learner when it comes to servers but I wouldn't say clueless. I would appreciate if anyone can offer some help or tips. I would really like to stop the problems that keep coming up.
This is normally where openpanel is:
Before I installed openpanel I was thinking to install ISPconfig. Well, right now, if I cannot make openpanel work or appear again, then I guess I will try ISPconfig.
Please, is there anyone who can offer me some suggestions or assistance. I greatly appreciate any feedback.
Greetings,
Jasmin
2 Replies
But now I cannot access the blog page:
I previously posted an SOS concerning permission denied to the blog folder on wordpress and thought I had fixed it myself. But now it comes up again. Have already read through and asked on wordpress forums about this problem, but to no avail. So trying again here this time.
Thank you!