I am in need of a server admin to manage an Ensim Pro 4.1.0-8.rhel.4ES server. The server is already online and is hosting about 270 shared hosting customers. I am willing to pay $75-$150/month which should include an x amount of hours per month for support, upgrades, installs & investigating abuse issues.
Some of my requirements are:
1) English speaking and must reside in the United States
2) Expert with the Ensim control panel
3) At least 6 years experience with Linux
3) Experience with auditing logs to determine abuse issues
4) Experience with finding exploitable scripts on the server using white-hat hacking techniques
5) AIM or YIM access
6) Response time within 1 hour
7) Phone support for emergencies
I need an advanced admin who can troubleshoot abuse issues. Currently my server is using 90% CPU consistently... all coming from MailScanner. My current admin cannot figure it out and told me to find another admin. In fact I would consider myself a bit more advanced (when it comes to researching abuse issues) than my current admin, but I still cannot figure it out.
Here's an excerpt from my maillog report:
As you can see by the following, 'apache@ensim.primary001.net' is the #1 sender. I've been told that if it's from
apache@ensim.primary001.net this means that a script or form is sending the email.
Top envelope pairs
-----------------------------------------------------------------------------
Nr Sender/Recipient Msgs MB %
-----------------------------------------------------------------------------
1
apache@ensim.primary001.net 1082 0.00 6.71
chancellorhome@bellsouth.net
2
smileteam@fuesting.com 684 0.00 4.24
acphoto@glidewell-lab.com
3
George@s15222094.onlinehome-server.info 488 0.00 3.03
geradk@sanbushi.co.uk.primary001.net
4
macccaconsultantsdoc@ccaconsultants.net 477 0.00 2.96
geradk@sanbushi.co.uk.primary001.net
5
a-rowol@aerobatics.com 476 0.00 2.95
geradk@sanbushi.co.uk.primary001.net
6 admin182 311 6.44 1.93
root
7
admin182@ensim.primary001.net 311 6.53 1.93
root@ensim.primary001.net
8 MAILER-DAEMON 276 0.00 1.71
uannawan@globalteamwork.net
9 <> 229 0.14 1.42
ikaliam@eltrun.gr
Also #1 & #3 Top recipient are not even hosted on this server:
Top envelope recipients
-----------------------------------------------------------------------------
Nr Recipient Msgs MB %
-----------------------------------------------------------------------------
1
geradk@sanbushi.co.uk.primary001.net 1441 0.00 8.94
3
chancellorhome@bellsouth.net 1082 0.00 6.71
Also I find this very alarming:
Inbound messages Outbound messages
-----------------------------------------------------------------------------
Total 7213 Total 15779
Average size (kB) 64.62 Sent 7289
Messages/hour 463.54 Deferred 4795
Messages/min 7.73 Queued 3605
Messages/sec 0.13 Other error 90
There are twice as many messages being sent out than received and with the amount of incoming spam the server deals with it's very strange that the server sends out twice as many emails as it receives.
I can almost guarantee the high outgoing mail usage is due to an exploited php script on a shard hosting account on the server in which an abuser is using to send out spam.
I need an expert who knows how to research these types of issues and put a stop to any exploits abusers are or could take advantage of.
I need an expert admin who knows how to search for exploited formmail scripts, exploited wordpress, exploited phpbb forums and any other type of php, cgi or perl script that an abuser could take advantage of. I need someone that can setup my server to scan for & find any exploits before the hackers/spammers do and email me the results daily.
I need an EXPERT!!! Please do not bother replying unless you (without a doubt) consider yourself a Linux expert when it comes to putting a stop to abuse & exploit issues on an Ensim server.
Linear Mode
