AOLserver Chat Logs

2007/10/09

IRC [00:26] *** holycow joined the chat.
IRC [01:51] *** holycow parted the chat.
IRC [04:24] *** ryan-g2 joined the chat.
IRC [04:25] <ryan-g2> why does my server keep reporting: Error: dns: getaddrinfo failed: Temporary failure in name resolution
IRC [04:25] <ryan-g2> but I can resolve domain names from the command line with ping?
IRC [04:26] <cacrus> where is yoru DNS hosted ? did you try changing the DNS ?
IRC [04:27] <ryan-g2> yes
IRC [04:27] <ryan-g2> my DNS works via ping
IRC [04:27] <ryan-g2> but not is aolserver
IRC [04:27] <ryan-g2> the error is logged quite frequently
IRC [04:27] <ryan-g2> even when no one is on the site
IRC [04:28] <cacrus> yes i got that from earleir message , thats why i asked , where is yoru DNS hosted ?
IRC [04:28] <cacrus> This can happen due to netwrok latency , try changing your DNS, did u try bringing a cache dns on the same machine and see if u still have the problem .
IRC [04:28] <ryan-g2> several DNS servers here in Canada
IRC [04:29] <ryan-g2> a major ISP, and CIRA our registrar
IRC [04:29] <ryan-g2> I should say this started after my machine was hacked
IRC [04:31] <frankie> ryan-g2: that could be the consequence of a trojan
IRC [04:31] <cacrus> Oh is it a windows machine ?
IRC [04:31] <ryan-g2> no, rhe3
IRC [04:31] <frankie> ryan-g2: or a rootkit :)
IRC [04:31] <ryan-g2> how might I deal with those?
IRC [04:32] <ryan-g2> I killed a john process
IRC [04:32] <cacrus> check "grep hosts /etc/nsswitch.conf"
IRC [04:32] <frankie> ryan-g2: if it has been root compromised, you have to reinstall from scratch
IRC [04:32] <ryan-g2> how do I know if it has been root compromised
IRC [04:32] <ryan-g2> there were some files on there owned by root
IRC [04:33] <frankie> try reinstalling psutils from a safe source, if you were able to see process never seen before you are smashed
IRC [04:34] <frankie> there are also some ckrootkit programs, but they are not 100% safe
IRC [04:35] <frankie> often confusing resolv is a first step to round filters
IRC [04:35] <ryan-g2> frankie can I hire you to look into the security of this webserver. It is OpenACS/RHE3/Aol 4.0.8
IRC [04:36] <frankie> no sorry, it's a long task and it should be done off-line too
IRC [04:36] <ryan-g2> ok
IRC [04:37] <frankie> first step is disconnecting the cable :) to avoid major damages and NEVER reboot with the same root disk
IRC [04:37] <frankie> someone could be so bastard to leave a trojan and clean the whole disk at startup
IRC [04:40] <ryan-g2> I'm tempted to move the site to another box and wipe the infected box.
IRC [04:40] <ryan-g2> can you recommend some security resources?
IRC [04:42] <frankie> ryan-g2: really don't know, but for continuous auditing and system sw updating
IRC [04:42] <ryan-g2> ok
IRC [04:42] <frankie> ryan-g2: i would also check running web apps, which are the major sources of issues these days
IRC [04:44] <frankie> ryan-g2: acs/aolserver are not a great problem but i recommend to check each other service and filtering out unrequired service, that's standard hardening
IRC [04:44] <tekbasse> and the default accounts that come with rhel.. I know of cases where this has happened with rhe due to default accounts being available on install..
IRC [04:44] <ryan-g2> yeah I think he got in through webmin, which I accidentally left open
IRC [04:45] <frankie> is rh3 still supported?
IRC [04:45] <frankie> ah
IRC [04:45] <frankie> webmin < 1.250?
IRC [04:45] <ryan-g2> duno
IRC [04:45] <frankie> you are done
IRC [04:45] <frankie> check your webmin logs, people could have get your shadow file
IRC [04:46] <frankie> there's a suitable worm for that running since ages
IRC [04:46] <frankie> never, never having webmin port open to the world!
IRC [04:47] <frankie> dfinitively OT here anyway
IRC [04:48] <tekbasse> also, see "Securing your system" lower on this page: http://openacs.org/xowiki/os-nix-install
IRC [04:51] <ryan-g2> k thanks
IRC [04:54] *** ryan-g2 parted the chat.
IRC [06:46] *** cacrus parted the chat.
IRC [10:40] *** ryan-g2 joined the chat.
IRC [10:41] <ryan-g2> anyone used an equifax/geotrust cert with aolserver? nsd is not listed as a supported server for any cert
IRC [10:42] <Dossy> SSL is SSL
IRC [10:42] <Dossy> it should work
IRC [10:43] <ryan-g2> okay, and I can use their openssl instructions?
IRC [10:43] <Dossy> yes
IRC [10:47] <ryan-g2> thanks Dossy
IRC [12:45] *** ryan-g2 parted the chat.
IRC [13:04] *** holycow joined the chat.
IRC [15:02] *** cacrus joined the chat.
IRC [17:04] *** cacrus parted the chat.
IRC [22:47] *** frankie parted the chat.