Is there any way we can get email notification when IIS web server not responding or not working or any issues?.
Please let me know if we have any options.
And here's another one
http://www.pingdom.com
There are lots of companies that will do this for you, some for free, some for a monthly fee.
Here are some:
http://www.monitor.us/index.jsp
http://www.site24x7.com/
or try googling "web server monitoring service"
One cheaper option is through WMI scripting. Create a script that will listen on port 80 for the IP you want to track and if it doesn't respond in specified time, send an email to yourself. Also, email can be sent through a third party tool installed on the machine or default SMTP service. Of course you can schedule this script to run every minute or whatever time intervals you want. If you follow this route, it is highly beneficial if you create and schedule this task on a separate network.
Some links:
http://www.robvanderwoude.com/wmiexamples.php
http://learn.iis.net/page.aspx/162/managing-sites-with-iis39s-wmi-provider/
Related
I have a busy CentOS webserver that sends a lot of outbound email using PHPMailer. Postfix and Sendmail are both installed on it, but as there are no user accounts that use the server for email, I wonder if I can uninstall both of those and close ports 25,110,465,587 for security. Will PHPMailer still be able to send outgoing?
No, PHPMailer (and any other mail library for any programming language, for that matter) is just an interface for the email service and not a mailer daemon by itself.
You do not need POP (you can shut that down anytime) but you will need sendmail or some other SMTP service to actually do the work PHP Mailer requests.
If you definitely need to shut down sendmail and the related ports, you can always part ways with it and implement your mail delivery logic using Mailgun, SendGrid, Elastic Email, Pepipost or some other alternative. There WILL be coding involved as you'll need to interact with those providers' APIs and they all involve some costs (Mailgun and Sendgrid have free tiers for a couple thousand emails per month, I don't remember if the others do as well) and integration efforts.
I believe you should be fine to remove any local mail service as PHPMailer is made to use an external service. You can close those ports as it's only outgoing!
The PHP mail() function usually sends via a local mail server, typically fronted by a sendmail binary on Linux, BSD and OS X platforms, however, Windows usually doesn't include a local mail server; PHPMailer's integrated SMTP implementation allows email sending on Windows platforms without a local mail server.
https://github.com/PHPMailer/PHPMailer
Indeed you do not need to have a local mail server, however, if it's really busy, sending via a local mail server will be far more efficient than sending via any external service, especially if these messages are being sent immediately (and synchronously) in response to HTTP requests. You can see more about this in the PHPMailer wiki on github.
You definitely don't need POP3, but you may need inbound on port 25 if you're going to receive/handle bounces from the messages you send and want them to come back to you.
In this scenario you would only need port 25 open in both directions, none of the others.
Also, be clear what you mean by sendmail. Postfix is a complete mail server and so is sendmail, but the name sendmail is also often used to refer the sendmail binary that is actually a local message submission agent - it's what gets used by the PHP mail() function. postfix provides a sendmail binary, but postfix is not sendmail.
We have 2 Windows 2016 Servers and on both we found that our apps, that run on IIS, started to have suspicious behavior e.g. started to timeout, slowing down etc.
After doing more research we found that some processes have requests to same domain, that requests spend most bandwidth and they never go off (as you would expect).
Here are screenshots:
Server 1: https://gyazo.com/8bd433b2a2e6e3091885f9bf095ce0be
Server 2: https://gyazo.com/6a18d04d836adafc6952be212413eb16
Any idea how to resolve that?
since looking up for the domain didnt show any intresting result ,
in order to investigate the activity you need to download and install wireshark .
use it to sniff your hosts (install it on them ofcorse) and then submit the traffic samples of the HTTP activity of yhfund.dadcaptive.co.uk to the answer
I have an IIS7 web server at Rackspace that is being utilized/attacked in some manner to send SPAM. I have run several variations of anti-virus and malware software on the server and cleaned anything found, but it is still happening.
I'm leaning towards some kind of web form attack, but there are several sites on this server and I didn't create all of them, so figuring out what form(s) is being used (or even where they all are) is proving challenging.
Does anyone know of any solution to pinpoint what script(s) might be firing off these emails? Is there any way to monitor the SMTP service with more information? I've looked at SMTP logs, but all I see are things like:
2014-02-14 06:00:52 127.0.0.1 [---server info, etc---] SMTPSVC1 [-compname-] 127.0.0.1 0 MAIL - +FROM:<--------#-------------------> 250 0 56 43 0 SMTP - - - -
In fact, there are 19,608 in about a 16 hour period in this one log file I'm looking at. But unfortunately, this doesn't seem helpful.
If anyone could offer any insight, that'd be great!
If I had to guess, you have a webpage that has been compromised (which is what I think you suspect), and is being used to generate all the messages. The webpage probably accepts a FROM and a TO, without any validation.
If you start seeing these come in, as a test, start shutting off websites, until you see the attack stop.
Then, start the website back up, see if it continues. Then, I would start grepping that website location for files relating to email.
Most likely your server is configured to act as an email relay server, which allows anyone to send email that is in transit to your server for your server to send on (relay). Spammers do this to cover up the original origination point of the email.
The fix is to configure your server not to be a relay server. More background info here:
http://en.wikipedia.org/wiki/Open_mail_relay
I'm trying to write a small website monitoring program, that can check my web hosts to see whether they are down or not, and to calculate the uptime or warn me if it's down. It's going to be a standalone app.
I wanted to know whether pinging is a good way of finding out whether a site is down or not?
Thanks in advance.
That's one thing that you can do but it's by no means a certainty either way.
Some sites will ignore ICMP packets so that no ping response is given. Some sites will respond to pings even when the web server (or whatever service you're after) is down.
The only way you can be certain that a given site will provide a service is to, well, use that service. Nothing else will be as accurate.
A better method would be to provide a series of steps which would detect where a fault lay, at least in the infrastructure that you can control. For example:
allow pings to be received and acted upon.
have a static web page in the web server.
have a dynamic page in the application server which delivers static content.
have a dynamic page in the application server which uses the database.
Then your tester client would simply attempt to "contact" those four points and report on the success. Since you would expect your site to be up most of the time, I'd just check the fourth option to see if everything was okay, and do the other checks only if a problem were found.
It depends on how you define ping. If you're talking about the "low level" ICMP echo, then no it isn't likely to be a good indicator of whether or not your site is down. You would be better off to actually have an application pull a page down from your site to ensure that the HTTP server is running. There are plenty of services for this and likely some code you could download from google as well. http://www.dailyblogtips.com/test-if-a-website-is-down-for-everyone-or-just-for-your/
ICMP can prove the server is alive.
TCP checking can show the web server is working, but not the site.
To perform site checking, you should do http GET request(even HEAD doesn't work sometimes) to make sure the page was fine.(return status 200)
You can write your own checking system or use some third party site like http://allping.net/
ping gives you insight in latency from a specific location and also points to possible network issues (packet loss). As said in a previous answer, some servers don't respond to ping requests in which case ping is useless.
To check a server with ping from over 50 locations worldwide have a look at this free tool: http://just-ping.com/
Currently we use DNS polling for four web servers.
The problem we met is that: When the user refreshes, he might go to other web servers. This feels very bad when a user has already logged in. Because we use a session to remember login status, but when refreshing to other web servers, the session is lost.
So the best solution should be to make the user still be on the same web server when he refreshes. Is there a way out?
Ok, I believe you mean "Round Robin DNS". Well, what you describe is a very common problem and there is no "right" solution for it, since the possible answers depend on many variables: are you trying to provide automatic failover or just load balancing? Are you willing to spend time and/or money in a load balancer? What technologies are you using? Java EE? PHP? Apache? IIS?
Having said that, if you're just after load balancing and failover is not much of an issue you may want to use different names for each server (www1,www2,www3 and so on) and redirect to them from your "main" web server (www) upon first access. It's simple (and simplistic) but practical in a few settings.
Can the web servers use a common database server to store the session information?
I know that certain hardware based load balancers will create a "sticky" relationship between a user and a server to avoid this type of problem.
You have quite a few options.
You can store sessions in a key:value storage, f.e. memcached (my personal favorite)
You can store sessions in a database
You can put reverse-proxy loadbalancers like in DNS and Your servers in the back. Then set it to make all requests from the same IPs go to the same servers, regardless of which loadbalancer they go through. In HAProxy this option is called balance source. Beware: if the number of node changes, the sessions can be lost. You can use the cookie or url_param features to avoid this.
See the HAProxy documentation. It's worth reading, really.
Are the four web servers all on the same site and network, or are they distributed?
If the former, you can include a server ID somewhere in the HTTP response, such that a reverse proxy in front of the real servers can identify which server is responsible for the session.
A DNS server that can respond based on the location of client could solve this problem. PowerDNS with the geoip module or GeoIPdns are some examples. You would need to make sure that the IP address sets were non-overlapping so a client always got the same response.
This would not provide any sort of fail over on its own.