Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
We have Linux server run java application,this morning the server did not response for the ssh connection.when I ssh -v, it shows " connection refused by remote host ".We also have a vnc server run in that Linux and it does not work either.But the ftp server is ok in that server,we can upload file into the server.In the end,we did not found a way to remote connect to the system.
After we reboot the computer on site,the ssh server is working again.But We did not found a clue why ssh is not working? Have someone ever met ssh hang problem like this? Which file should we look into?How to prevent ssh hang? Thanks in advanced.
added:
I check the log from secure.log.it states many failed attemps like following and i check the ipaddress is not ours:
Feb 23 04:13:30 localhost sshd[1276]: Failed password for invalid user mantis from 112.78.127.235 port 57140 ssh2
It seems like the attacker is trying to login into my server all the time until our ssh service is not responding.
SSH probably didn't "hang". The "Connection refused" response implies that no application was listening for incoming connections on the SSH port. It is most likely that the SSH service had died.
Check the log files. There is a good chance that there are clues in the logs (somewhere) to help explain what had happened.
If the logs don't give a definite explanation, I'd be considering the possibility that your server had been hacked ...
This sounds more like a firewall issue, either on the box itself or somewhere else in the network. You can verify that ssh is running and listening with netstat -ta | grep :22. If it is not, it indeed is a problem with SSH itself.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
Why postgres user generates over > 1000 processes of tracepath command?
And this uses a lot of CPU resources - up to 40% usage of my process core.
My application on ASP.NET Core 3.1 and PostgreSQL v10 server is on one VPS server.
Application using host 127.0.0.1 for connect to PostgreSQL server.
And what this command doing?
htop output:
UPD: 21.01.2010
I have detected a massive DDoS attack on my server. Attackers used root and other names that I don’t have.
I installed fail2ban and after 1-2 hours I saw this:
And count of bans is growing...
UPD: 22.01.2020
I have another problem: creating phantom process on postgresql username. It's using all my CPU and RAM...
I don't think you are under DDOS. You have been hacked, and maybe are now being used to commit DDOS against other people. They have dropped a shell launcher which lets them connect to postgresql and then call a function which launches any arbitrary shell script they want.
You said "Application using host 127.0.0.1 for connect to PostgreSQL server", but what is the attacker using? Is anyone other than 127.0.0.1 allowed to connect?
I am install fail2ban and after 1-2 hours i see this:
Any server open on port 22 and running fail2ban is going to build a list of banned IP. You didn't notice it before because you weren't running fail2ban before. It is unlikely this has anything to do with anything else you are seeing. Attacks on 22 are so ubiquitous that logging them is probably not useful.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
First of all, I'm beginner at this, so don't be too harsh.
Yesterday, I wanted to make Linux Server. Installed LAMP, PhpMyAdmin. Man the websites IP static. I installed moodle on my website server. Then I closed VirtualBox and went to sleep.
Today when I runned my server and tried to access /phpmyadmin or (ipaddress)/moodle it says that webpage isn't available. Does this mean I have to do everything from the scratch again?
I'd appreciate any help.
I tried command sudo service apache2 start , but nothing changes.
Run this command in Terminal:
sudo service apache2 restart
OR
sudo restart apache2
Try the Answer on this Post
There are a lot of basic troubleshooting steps to take here.
You mentioned "localhost" in your question, but this doesn't sound like the local host; if you're connecting to your guest machine from the host machine then both machines will treat it as a networking connection (because it is networking). How that networking is configured will depend on your VirtualBox configuration.
Are you sure the virtual machine is running, the IP address is assigned, and networking is, well, working? Try pinging the virtual/guest machine from the host machine. After pausing and resuming, one of my Debian machines used to always pick up a DHCP address on the host-networking adapter despite being set to a static address in /etc/network/interfaces. Look at ifconfig to verify the IP address listed is what you expect.
Are you sure Apache is running? Try accessing it from within the guest machine on http://localhost -- by telnet to port 80, command-line tool, or full-on web browser.
Are other services working? Try to connect remotely to whatever you have running: SSH, FTP, IMAP, MySQL, NTP -- try to connect and see if the problem is the network or the service.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I'm a complete begginer in Linux, especially in Linux for servers. I just installer Ubuntu in a server and now I'm trying to configure SSH for remote access.
I installed openssh-server and then did ufw allow 22.
Now when I do ssh username#XXX.XXX.X.XXX in another computer it says that the remote host identification was changed.
I did some research and found this tutorial, but I don't know if it is what I need.
I just want to configure the SSH access to the server.
Can anyone help me?
During SSH request the server presents its id to clien which the client stores along with the host name/IP of the server as known hosts.
When the ID(key) of the server changes(may be due to intallation of ssh server, ip address change, etc), the SSH request fails as the server ID stored in known_hosts is different from the one presented now. This is what has happened.
If you have not made any changes to the server and this happens beware it might indicate a man-in-middle attack where the attacker is trying to snoop you connection to server.
To fix this you need to remove a entry in known_hosts file.
ssh-keygen -R <hostname/IP>
If you are unsure about your client hostname you can just delete the known_hosts file using
rm ~/.ssh/known_hosts
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
Alright, so I'm not great (or even good) with servers, but have recently been put in charge of the task of setting them up. I have an application sitting on a VPS, here are the specs that may matter for this question...
Ubuntu 10.04
Nginx
ufw
So I was setting up my first firewall and was using UFW. I accidentally only opened up ports 80 and 443 (I was confused about setting up an SSL cert (also a new task)) and got logged out of the server. My ssh is set to try port 22 and so when I try to ssh in, it won't let me, I get this error --
ssh: connect to host xxx.xxx.xxx.xxx port 22: Operation timed out
So I tried to ssh in on one of the open ports by running this command --
ssh deployer#xxx.xxx.xxx.xxx -p443
and received this error --
ssh: connect to host xxx.xxx.xxx.xxx port 443: Connection refused
The same thing happened for trying port 80.
What do I do? I already have a live and very active application on this server. I need to be able to login and reopen port 22 for ssh or switch ssh over to another port.
Side note: sftp did not work either.
Most (if not all) VPS providers have a shell integrated in the control panel of the customer, so even if you have the sshd off you can still run commands on the server.
If not you can still also contact the hosting company and they can run commands on any of the virtual devices they are hosting.
Because your ssh server is running only on port 22 you will not be able to connect to it through port 80 (usually used for http) or port 443 (usually used for https). So there is nothing you can do from remote :(
If somehow you could upload and execute a file in your application, then to get a shell on the server is only a matter of uploading a reverse-shell. Some web applications allow the admins (I suppose you're an admin of the web application) to upload this kind of files (.php, .perl, etc.). Maybe is the case of your application. If you can't upload a file, then you probably are screwed.
Note that this isn't a good security practice. The application shouldn't allow you to upload and execute code, because if somehow an admin account is compromised, then the whole server may be compromised.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I'm a programmer dammit, I should be allowed to ask these kinds of IT questions! :)
Anyway the problem is as follows. I'm writing an automatic build script to deploy code to a live windows 2003 server. To get access to the server I enabled the VPN role, and I can connect to it remotely from my dev machine using a username and password I set up on the server from the network connections screen.
I set up a share on that machine and gave full share+security permissions to the account I am using to connect. Once connected, I would have thought I would be able to see the share. In fact I can't even see the computer even though the VPN is connected (if i type '\IPADDRESS\' into the run box nothing comes up).
Am I missing an essential step here?
So you can use Remote Desktop Connection to connect to the server, but CIFS/SMB (shares) is not working?
Is there a Windows firewall setting that needs to be changed (... I don't even know if there was a 2003 update that included Windows firewall)?
Pinging the IP address results in which error message (or, hopefully none if you can RDC)?
Is the remote server and your local dev box on the same IP subnet? If its not routed properly you may be trying to hit a local address.
It looks to me like you can't connect to a network share from inside the same session that you esatblished the VPN connection in. I now manually open the VPN connection, then kick off the build scripts