hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : LDF notification
Reply

Forum Jump

LDF notification

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 09-02-2009, 02:39 PM
jestin_virtual jestin_virtual is offline
WHT Addict
 
Join Date: Aug 2009
Posts: 100

LDF notification


LFD Problem !


Hello ,

i`m receiving below email for 10 times per day

it`s amazing that the subject of email is one of my users but in the body of mail i can see another user also



i have change the users to User1 / User2 to understand better , and ip address to ...My server ip .....


Time: Wed Sep 2 22:44:51 2009 +0430
PID: 29219
Account: User1
Uptime: 5294 seconds


Executable:

/usr/bin/perl


Command Line (often faked in exploits):

spamd child


Network connections by the process (if any):

tcp: 127.0.0.1:783 -> 0.0.0.0:0
tcp: 127.0.0.1:783 -> 127.0.0.1:39286
udp: ...my server ip..:61458 -> ....someone else ip....:53


Files open by the process (if any):

/dev/null
/dev/null
/dev/null
/usr/bin/spamd
/usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/VBounce.pm
/home/User2/.spamassassin/bayes_toks


Memory maps by the process (if any):

00162000-00171000 r-xp 00000000 fd:00 38666263 /lib/libresolv-2.5.so
00171000-00172000 r-xp 0000e000 fd:00 38666263 /lib/libresolv-2.5.so
00172000-00173000 rwxp 0000f000 fd:00 38666263 /lib/libresolv-2.5.so
00173000-00175000 rwxp 00173000 00:00 0
001a6000-001a8000 r-xp 00000000 fd:00 38666287 /lib/libutil-2.5.so
001a8000-001a9000 r-xp 00001000 fd:00 38666287 /lib/libutil-2.5.so
001a9000-001aa000 rwxp 00002000 fd:00 38666287 /lib/libutil-2.5.so
001ad000-001c7000 r-xp 00000000 fd:00 38666292 /lib/ld-2.5.so
001c7000-001c8000 r-xp 00019000 fd:00 38666292 /lib/ld-2.5.so
001c8000-001c9000 rwxp 0001a000 fd:00 38666292 /lib/ld-2.5.so


Last edited by jestin_virtual; 09-02-2009 at 02:42 PM.


Sponsored Links
  #2  
Old 09-02-2009, 03:51 PM
SPaReK SPaReK is offline
Web Hosting Master
 
Join Date: Apr 2002
Posts: 692
You need to add:

Code:
cmd:spamd child
to the /etc/csf/csf.pignore file on your server and then restart lfd:

Code:
service lfd restart
For additional help regarding configserver firewall, see their website and support forums:

http://configservers.net

  #3  
Old 09-02-2009, 04:00 PM
jestin_virtual jestin_virtual is offline
WHT Addict
 
Join Date: Aug 2009
Posts: 100
Quote:
Originally Posted by SPaReK View Post
You need to add:

Code:
cmd:spamd child
to the /etc/csf/csf.pignore file on your server and then restart lfd:

Code:
service lfd restart
For additional help regarding configserver firewall, see their website and support forums:

http://configservers.net

i have received another email before the notification




Subject : lfd on server.mabdns.com: Excessive resource usage: dezir (29219)


Time: Thu Sep 3 00:04:03 2009 +0430
Account: User1
Resource: Process Time
Exceeded: 10046 > 1800 (seconds)
Executable: /usr/bin/perl
Command Line: spamd child
PID: 29219
Killed: No

Sponsored Links
  #4  
Old 09-02-2009, 04:28 PM
rootatmike rootatmike is offline
Junior Guru Wannabe
 
Join Date: Aug 2009
Location: Bangalore
Posts: 59
Hey friend, nothing to be worried abt the mail. This is a just notification email from cpanel service about the high resource usage of the user's process spamd.


Thanks
Mike

  #5  
Old 09-02-2009, 04:36 PM
fabin fabin is online now
Web Hosting Master
 
Join Date: Mar 2009
Location: Gods Own Country
Posts: 640
Sometimes those mails can be annoying.. you can add a user or executable to /etc/csf/csf.pignore file.. and you won't get any notifications for it

f.e
Quote:
user:user1

  #6  
Old 09-03-2009, 03:23 AM
jestin_virtual jestin_virtual is offline
WHT Addict
 
Join Date: Aug 2009
Posts: 100
Quote:
Originally Posted by SPaReK View Post
You need to add:

Code:
cmd:spamd child
to the /etc/csf/csf.pignore file on your server and then restart lfd:

Code:
service lfd restart
For additional help regarding configserver firewall, see their website and support forums:

http://configservers.net



root@server [~]# spamd child
[22949] warn: server socket setup failed, retry 1: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
[22949] warn: server socket setup failed, retry 2: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
[22949] error: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
spamd: could not create INET socket on 127.0.0.1:783: Address already in use
root@server [~]#

  #7  
Old 09-05-2009, 11:51 AM
jestin_virtual jestin_virtual is offline
WHT Addict
 
Join Date: Aug 2009
Posts: 100
Quote:
Originally Posted by fabin View Post
Sometimes those mails can be annoying.. you can add a user or executable to /etc/csf/csf.pignore file.. and you won't get any notifications for it

f.e
Hello ,

1 - is it only a notification or firewall has blocked the process also ,

2 - as you told i can add the user in "csf.pignore" but what to do if i don`t want to receive any notification regarding the issue

please chek the below lines and let me know which line should i remove


exe:/usr/local/cpanel/3rdparty/bin/english/webalizer
exe:/usr/lib/courier-imap/bin/pop3d
exe:/usr/lib/courier-imap/bin/imapd
exe:/usr/sbin/pure-ftpd
exe:/usr/local/cpanel/cpsrvd
exe:/usr/local/cpanel/3rdparty/bin/imapd
exe:/usr/local/apache/bin/httpd
exe:/usr/local/cpanel/bin/cppop
exe:/usr/sbin/sshd
exe:/usr/sbin/proftpd
exe:/usr/local/cpanel/3rdparty/bin/php
exe:/usr/local/cpanel/3rdparty/bin/analog
exe:/usr/local/urchin/bin/urchinwebd
exe:/usr/local/cpanel/cpsrvd-ssl
exe:/usr/bin/spamc
exe:/usr/local/cpanel/bin/cppop-ssl
exe:/usr/local/cpanel/bin/logrunner
exe:/usr/local/cpanel/cpdavd
exe:/usr/local/cpanel/bin/cpwrap
exe:/usr/libexec/gam_server
exe:/usr/sbin/named
exe:/usr/sbin/exim
exe:/usr/sbin/mysqld
exe:/usr/sbin/mysqld_safe
exe:/usr/libexec/hald-addon-acpi
exe:/usr/sbin/hald
exe:/bin/dbus-daemon
exe:/usr/bin/dbus-daemon-1
user:mailnull
user:mailman
exe:/usr/libexec/hald-addon-keyboard
exe:/usr/libexec/dovecot/imap
exe:/usr/libexec/dovecot/pop3
exe:/usr/sbin/nsd
exe:/usr/libexec/dovecot/pop3-login
exe:/usr/libexec/dovecot/imap-login
exe:/var/cpanel/3rdparty/bin/php






Thank You

  #8  
Old 09-05-2009, 12:09 PM
fabin fabin is online now
Web Hosting Master
 
Join Date: Mar 2009
Location: Gods Own Country
Posts: 640
Quote:
1 - is it only a notification or firewall has blocked the process also ,
Its just a notification.

Quote:
2 - as you told i can add the user in "csf.pignore" but what to do if i don`t want to receive any notification regarding the issue
As others have already told, add the below line to csf.pignore
Code:
cmd:spamd child
And, don't forget to restart ldf

__________________
Fabin Mundattil @ Xieles Support
High Quality Server Management | support @ xieles.com
http://xieles.com

  #9  
Old 09-05-2009, 03:40 PM
jestin_virtual jestin_virtual is offline
WHT Addict
 
Join Date: Aug 2009
Posts: 100
Quote:
Originally Posted by fabin View Post
Its just a notification.



As others have already told, add the below line to csf.pignore
Code:
cmd:spamd child
And, don't forget to restart ldf
Hello ,
please check my "csf.pignore" file ( check the last line pls )
But , Still same problem

exe:/usr/local/cpanel/3rdparty/bin/english/webalizer
exe:/usr/lib/courier-imap/bin/pop3d
exe:/usr/lib/courier-imap/bin/imapd
exe:/usr/sbin/pure-ftpd
exe:/usr/local/cpanel/cpsrvd
exe:/usr/local/cpanel/3rdparty/bin/imapd
exe:/usr/local/apache/bin/httpd
exe:/usr/local/cpanel/bin/cppop
exe:/usr/sbin/sshd
exe:/usr/sbin/proftpd
exe:/usr/local/cpanel/3rdparty/bin/php
exe:/usr/local/cpanel/3rdparty/bin/analog
exe:/usr/local/urchin/bin/urchinwebd
exe:/usr/local/cpanel/cpsrvd-ssl
exe:/usr/bin/spamc
exe:/usr/local/cpanel/bin/cppop-ssl
exe:/usr/local/cpanel/bin/logrunner
exe:/usr/local/cpanel/cpdavd
exe:/usr/local/cpanel/bin/cpwrap
exe:/usr/libexec/gam_server
exe:/usr/sbin/named
exe:/usr/sbin/exim
exe:/usr/sbin/mysqld
exe:/usr/sbin/mysqld_safe
exe:/usr/libexec/hald-addon-acpi
exe:/usr/sbin/hald
exe:/bin/dbus-daemon
exe:/usr/bin/dbus-daemon-1
user:mailnull
user:mailman
exe:/usr/libexec/hald-addon-keyboard
exe:/usr/libexec/dovecot/imap
exe:/usr/libexec/dovecot/pop3
exe:/usr/sbin/nsd
exe:/usr/libexec/dovecot/pop3-login
exe:/usr/libexec/dovecot/imap-login
exe:/var/cpanel/3rdparty/bin/php
spamd child

  #10  
Old 09-05-2009, 03:46 PM
fabin fabin is online now
Web Hosting Master
 
Join Date: Mar 2009
Location: Gods Own Country
Posts: 640
Code:
exe:/usr/libexec/dovecot/imap
exe:/usr/libexec/dovecot/pop3
exe:/usr/sbin/nsd
exe:/usr/libexec/dovecot/pop3-login
exe:/usr/libexec/dovecot/imap-login
exe:/var/cpanel/3rdparty/bin/php
cmd:spamd child
That way

__________________
Fabin Mundattil @ Xieles Support
High Quality Server Management | support @ xieles.com
http://xieles.com

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
AOL and there non-notification changes! KNL-BSW Running a Web Hosting Business 0 08-17-2004 05:33 PM
SMS Notification eric1234 Running a Web Hosting Business 0 06-18-2004 09:57 AM
RO&R 5-day notification Axi WHT Announcements, Feedback and Questions 3 07-17-2003 10:28 PM
PM Notification Neo3Net WHT Announcements, Feedback and Questions 2 03-04-2003 04:00 PM

Related posts from TheWhir.com
Title Type Date Posted
ICANN's Trademark Clearinghouse Extends Claims Service for IP Infringement Notifications Web Hosting News 2013-12-11 16:17:57
Europe Wants to Govern the Cloud Blog 2013-10-07 12:31:16
Interesting Cloud Tidbits Blog 2013-08-16 11:30:05
Windows Azure Updates Offer More Automation Web Hosting News 2013-08-14 13:33:20
Web Host Solar VPS Expands Monitoring Service SolarRay to Chicago, Orlando Web Hosting News 2012-10-19 14:34:30


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?