There’s always a battle with hosting web sites with applications like Joomla.
More and more I just love WordPress. It’s just so easy to keep up to date, Joomla not so much.
Today I’m chasing a spammer out of one system with a not so robust application.
Customer called this morning to say that their web site was reporting errors connecting to the database…
That quickly showed me that I had a silly amount of load and it appeared it was in the email system.
# tail -f /var/log/mail.log
That showed that mail was running though the system like mad and most of it being rejected.
# /etc/init.d/postfix stop
That put a stop to the mail traffic.
First I figured out what was in the mail queue…
# qshape incoming active deferred’
That showed that I had a 10,000 plus messages in the mail queue…
postsuper -d ALL
That just dumped the whole queue and at least let the server get back some breath…
Ok, so that likely dropped some customer mail at the same time, but that’s what a resend button is for.
Next, need to find out where these messages are getting in…
# cd /var/spool/postfix/deferred
That quickly showed up a list of messages being deferred…
That let me view the message in the queue…
Humm… ok that file shouldn’t be sending messages, so where’s that living…
find /var/www/sites -name stats.php -print
That gave me a nice list of all the file locations…
Sure enough, checked with the back up and that file just showed up and shouldn’t be there…
Rinse and repeat until all bad boys found.
I also checked my http log files to see what was being access and discovered a few things I didn’t like which helped me confirm what I was looking for.
Yes. hardening Joomla a bit might have saved me some time here. Clearly the application folders need to be read only, so that’s now next on the list!
Monitoring with the dude…
The plan now is to put a bit more monitoring on my Dude so I can see if the server goes bonkers again. Here’s a few notes from a discussion with someone else about bits that might be helpful to do this.
Out of snmpd.conf
# exec .126.96.36.199.4.1.2021.53 mailq /usr/bin/mailq
catic weather map, threashhold plugins, zennos, nigos
Today I was reading over an article about the new quad-core mobile phones starting to hit the market.
JD #21 11:11 am Apr 05 2012
Quad core is a bit overkill,..
I still can’t decide if the comments made by many users were alarming, amusing or just a very sad demonstration of our current state of ignorance?
You’ve been able to get to me via firstname.lastname@example.org for almost two decades at a cost, to me.
Over the past month I’ve followed the dotKiwi debate on the Internet New Zealand mailing list.
Today I got my latest bill from my domain registrant for my domain name.
As I was watching American Idol on the TV, while blogging about something else, I noted with interest that the singers all have simple @twitter addresses on the screen.