Search Results

Search found 2676 results on 108 pages for 'spam blocking'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 11/108 | < Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >

  • Why some "non-profit" hoax and spam are created? [closed]

    - by naxa
    Many spam/hoax has no direct link to any ripoff site or similar, they're just making sure people spread them ("forward this to at least 10 people or else"). Some of those may be created out of good faith, I'm not interested in those... But the rest, I since long suspect that there is some other reason for making them other than making fun of people (without getting much of the feedback)... Why are these created?

    Read the article

  • Blocking path scanning

    - by clinisbut
    I'm seeing in my access log a number of request very suspicious: /i /im /imaa /imag /image /images /images/d /images/di /images/dis They part from a known resource (in the above example /images/disrupt.jpg). All comming from same IP. Requests varies from 1/sec to 10/sec, seems somewhat random. It's obviously they are trying to find something and seems they are using a script. How do I block this kind of behaviour? I though of blocking the IP request, at least for a given time. Keeping in mind that: Request intervals seems legitimate (at least I think so). I don't want to end blocking a search engine bot, which may find 404 urls too (and that's a different problem, I know). ¿Do they use always same IP?

    Read the article

  • phpBB - Reducing Spam

    - by user44175
    I've installed phpBB Forums last week and the past 2 days I've been getting users sign up and posting spam chinese emails on each topic. I have:- Added captcha on registration Made sure users have to verify subscription by email before allowing to post What else can I do to stop this from happening? I've banned their IP addresses but this doesn't stop them from using a proxy to keep spamming the forums. I've read I can block all chinese IP addresses through ACP but is this the best step to block all this? Seems to be all chinese spam at the minute, any help would be much appreciated.

    Read the article

  • How can I reduce the number of spammers registering with my phpBB site?

    - by Jayapal Chandran
    I have a site which runs phpBB, on this site I have enabled user authentication through email when registering enabled captcha However I still get spam users every 20 to 30 minutes. Is there anything I can do to prevent this with the ucp.php file? I have already loaded a large list of IP addresses yet there are spam users registering all the time. One thing I can do is I can check the bounce mail to find the username and can pipe bounced mails to a php script and immediately delete that user, but I have not got any bounce back from hotmail or some other email clients. So this way it will catch hold of a certain percent of spam users but there are still a huge amount of users spamming. What else can I do to prevent spammers abusing my phpBB site?

    Read the article

  • How to test email spam scores with amavis?

    - by CaptSaltyJack
    I'd like a way to test a spam message to see its spam scores that SpamAssassin gives it. The SA db files (bayes_toks, etc) reside in /var/lib/amavis/.spamassassin. I've been testing emails by doing this: sudo su amavis -c 'spamassassin -t msgfile' Though this yields some strange results, such as: Content analysis details: (3.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% [score: 1.0000] -0.0 NO_RELAYS Informational: message was not relayed via SMTP 0.0 LONG_TERM_PRICE BODY: LONG_TERM_PRICE 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% [score: 1.0000] -0.0 NO_RECEIVED Informational: message has no Received headers 0.2 is an awfully low scores for BAYES_999! But this is the first time I've used amavis, previously I've always just used spamassassin directly as a content filter in postfix, but apparently running amavis/spamassassin is more efficient. So, with amavis in the picture, how can I run a test on a message to see its spam score breakdown? Another email I ran a test on got this result: 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% [score: 0.8487] Doesn't make sense, that BAYES_80 can yield a higher score than BAYES_999. Help!

    Read the article

  • Server being used to send spam mail. How do I investigate?

    - by split_account
    Problem I think my server is being used to send spam with sendmail, I'm getting a lot of mail being queued up that I don't recognize and my mail.log and syslog are getting huge. I've shutdown sendmail, so none of it is getting out but I can't work out where it's coming from. Investigation so far: I've tried the solution in the blog post below and also shown in this thread. It's meant to add a header from wherever the mail is being added and log all all mail to file, so I changed the following lines in my php.ini file: mail.add_x_header = On mail.log = /var/log/phpmail.log But nothing is appearing in the phpmail.log. I used the command here to investigate cron jobs for all users, but nothing is out of place. The only cron being run is the cron for the website. And then I brought up all php files which had been modified in the last 30 days but none of them look suspicious. What else can I do to find where this is coming from? Mail.log reports Turned sendmail back on for second. Here is a small sample of the reports: Jun 10 14:40:30 ubuntu12 sm-mta[13684]: s5ADeQdp013684: from=<>, size=2431, class=0, nrcpts=1, msgid=<[email protected]>, proto=ESMTP, daemon=MTA-v4, relay=localhost [127.0.0.1] Jun 10 14:40:30 ubuntu12 sm-msp-queue[13674]: s5ACK1cC011438: to=www-data, delay=01:20:14, xdelay=00:00:00, mailer=relay, pri=571670, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (s5ADeQdp013684 Message accepted for delivery) Jun 10 14:40:30 ubuntu12 sm-mta[13719]: s5ADeQdp013684: to=<[email protected]>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32683, dsn=2.0.0, stat=Sent Jun 10 14:40:30 ubuntu12 sm-mta[13684]: s5ADeQdr013684: from=<[email protected]>, size=677, class=0, nrcpts=1, msgid=<[email protected]>, proto=ESMTP, daemon=MTA-v4, relay=localhost [127.0.0.1] Jun 10 14:40:31 ubuntu12 sm-msp-queue[13674]: s5AC0gpi011125: to=www-data, ctladdr=www-data (33/33), delay=01:39:49, xdelay=00:00:01, mailer=relay, pri=660349, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (s5ADeQdr013684 Message accepted for delivery) Jun 10 14:40:31 ubuntu12 sm-mta[13721]: s5ADeQdr013684: to=<[email protected]>, ctladdr=<[email protected]> (33/33), delay=00:00:01, xdelay=00:00:00, mailer=local, pri=30946, dsn=2.0.0, stat=Sent Jun 10 14:40:31 ubuntu12 sm-mta[13684]: s5ADeQdt013684: from=<[email protected]>, size=677, class=0, nrcpts=1, msgid=<[email protected]>, proto=ESMTP, daemon=MTA-v4, relay=localhost [127.0.0.1] Jun 10 14:40:31 ubuntu12 sm-msp-queue[13674]: s5ACF2Nq011240: to=www-data, ctladdr=www-data (33/33), delay=01:25:29, xdelay=00:00:00, mailer=relay, pri=660349, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (s5ADeQdt013684 Message accepted for delivery) Jun 10 14:40:31 ubuntu12 sm-mta[13723]: s5ADeQdt013684: to=<[email protected]>, ctladdr=<[email protected]> (33/33), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30946, dsn=2.0.0, stat=Sent Ju Further Investigation Spotted 4 spam accounts registered in the past day, which is suspicious however all have normal user privileges. There are no contact forms on the site, there are a number of forms and they take either filtered text input or plain text input. Mail is still being queued up having switched the website to maintenance mode, which blocks out everyone but the admin. Ok more investigation, it looks like the email is being send by my websites cron which runs every 5 minutes. However there are no cron jobs I've set-up which run more than once an hour and show on the website log so presumably someone has managed to edit my cron somehow. Copy of email: V8 T1402410301 K1402411201 N2 P120349 I253/1/369045 MDeferred: Connection refused by [127.0.0.1] Fbs $_www-data@localhost ${daemon_flags}c u Swww-data [email protected] MDeferred: Connection refused by [127.0.0.1] C:www-data rRFC822; [email protected] RPFD:www-data H?P?Return-Path: <?g> H??Received: (from www-data@localhost) by ubuntu12.pcsmarthosting.co.uk (8.14.4/8.14.4/Submit) id s5AEP13T015507 for www-data; Tue, 10 Jun 2014 15:25:01 +0100 H?D?Date: Tue, 10 Jun 2014 15:25:01 +0100 H?x?Full-Name: CronDaemon H?M?Message-Id: <[email protected]> H??From: root (Cron Daemon) H??To: www-data H??Subject: Cron <www-data@ubuntu12> /usr/bin/drush @main elysia-cron H??Content-Type: text/plain; charset=ANSI_X3.4-1968 H??X-Cron-Env: <PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin> H??X-Cron-Env: <COLUMNS=80> H??X-Cron-Env: <SHELL=/bin/sh> H??X-Cron-Env: <HOME=/var/www> H??X-Cron-Env: <LOGNAME=www-data>

    Read the article

  • In Exim, is RBL spam rejected prior to being scanned by SpamAssassin?

    - by user955664
    I've recently been battling spam issues on our mail server. One account in particular was getting hammered with incoming spam. SpamAssassin's memory use is one of our concerns. What I've done is enable RBLs in Exim. I now see many rejection notices in the Exim log based on the various RBLs, which is good. However, when I run Eximstats, the numbers seem to be the same as they were prior to the enabling of the RBLs. I am assuming because the email is still logged in some way prior to the rejection. Is that what's happening, or am I missing something else? Does anyone know if these emails are rejected prior to being processed by SpamAssassin? Or does anyone know how I'd be able to find out? Is there a standard way to generate SpamAssassin stats, similar to Eximstats, so that I could compare the numbers? Thank you for your time and any advice. Edit: Here is the ACL section of my Exim configuration file ###################################################################### # ACLs # ###################################################################### begin acl # ACL that is used after the RCPT command check_recipient: # to block certain wellknown exploits, Deny for local domains if # local parts begin with a dot or contain @ % ! / | deny domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] # to restrict port 587 to authenticated users only # see also daemon_smtp_ports above accept hosts = +auth_relay_hosts condition = ${if eq {$interface_port}{587} {yes}{no}} endpass message = relay not permitted, authentication required authenticated = * # allow local users to send outgoing messages using slashes # and vertical bars in their local parts. # Block outgoing local parts that begin with a dot, slash, or vertical # bar but allows them within the local part. # The sequence \..\ is barred. The usage of @ % and ! is barred as # before. The motivation is to prevent your users (or their virii) # from mounting certain kinds of attacks on remote sites. deny domains = !+local_domains local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ # local source whitelist # accept if the source is local SMTP (i.e. not over TCP/IP). # Test for this by testing for an empty sending host field. accept hosts = : # sender domains whitelist # accept if sender domain is in whitelist accept sender_domains = +whitelist_domains # sender hosts whitelist # accept if sender host is in whitelist accept hosts = +whitelist_hosts accept hosts = +whitelist_hosts_ip # envelope senders whitelist # accept if envelope sender is in whitelist accept senders = +whitelist_senders # accept mail to postmaster in any local domain, regardless of source accept local_parts = postmaster domains = +local_domains # accept mail to abuse in any local domain, regardless of source accept local_parts = abuse domains = +local_domains # accept mail to hostmaster in any local domain, regardless of source accept local_parts = hostmaster domains =+local_domains # OPTIONAL MODIFICATIONS: # If the page you're using to notify senders of blocked email of how # to get their address unblocked will use a web form to send you email so # you'll know to unblock those senders, then you may leave these lines # commented out. However, if you'll be telling your senders of blocked # email to send an email to [email protected], then you should # replace "errors" with the left side of the email address you'll be # using, and "example.com" with the right side of the email address and # then uncomment the second two lines, leaving the first one commented. # Doing this will mean anyone can send email to this specific address, # even if they're at a blocked domain, and even if your domain is using # blocklists. # accept mail to [email protected], regardless of source # accept local_parts = errors # domains = example.com # deny so-called "legal" spammers" deny message = Email blocked by LBL - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains sender_domains = +blacklist_domains # deny using hostname in bad_sender_hosts blacklist deny message = Email blocked by BSHL - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains hosts = +bad_sender_hosts # deny using IP in bad_sender_hosts blacklist deny message = Email blocked by BSHL - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains hosts = +bad_sender_hosts_ip # deny using email address in blacklist_senders deny message = Email blocked by BSAL - to unblock see http://www.example.com/ domains = +use_rbl_domains senders = +blacklist_senders # By default we do NOT require sender verification. # Sender verification denies unless sender address can be verified: # If you want to require sender verification, i.e., that the sending # address is routable and mail can be delivered to it, then # uncomment the next line. If you do not want to require sender # verification, leave the line commented out #require verify = sender # deny using .spamhaus deny message = Email blocked by SPAMHAUS - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains dnslists = sbl.spamhaus.org # deny using ordb # deny message = Email blocked by ORDB - to unblock see http://www.example.com/ # # only for domains that do want to be tested against RBLs # domains = +use_rbl_domains # dnslists = relays.ordb.org # deny using sorbs smtp list deny message = Email blocked by SORBS - to unblock see http://www.example.com/ # only for domains that do want to be tested against RBLs domains = +use_rbl_domains dnslists = dnsbl.sorbs.net=127.0.0.5 # Next deny stuff from more "fuzzy" blacklists # but do bypass all checking for whitelisted host names # and for authenticated users # deny using spamcop deny message = Email blocked by SPAMCOP - to unblock see http://www.example.com/ hosts = !+relay_hosts domains = +use_rbl_domains !authenticated = * dnslists = bl.spamcop.net # deny using njabl deny message = Email blocked by NJABL - to unblock see http://www.example.com/ hosts = !+relay_hosts domains = +use_rbl_domains !authenticated = * dnslists = dnsbl.njabl.org # deny using cbl deny message = Email blocked by CBL - to unblock see http://www.example.com/ hosts = !+relay_hosts domains = +use_rbl_domains !authenticated = * dnslists = cbl.abuseat.org # deny using all other sorbs ip-based blocklist besides smtp list deny message = Email blocked by SORBS - to unblock see http://www.example.com/ hosts = !+relay_hosts domains = +use_rbl_domains !authenticated = * dnslists = dnsbl.sorbs.net!=127.0.0.6 # deny using sorbs name based list deny message = Email blocked by SORBS - to unblock see http://www.example.com/ domains =+use_rbl_domains # rhsbl list is name based dnslists = rhsbl.sorbs.net/$sender_address_domain # accept if address is in a local domain as long as recipient can be verified accept domains = +local_domains endpass message = "Unknown User" verify = recipient # accept if address is in a domain for which we relay as long as recipient # can be verified accept domains = +relay_domains endpass verify=recipient # accept if message comes for a host for which we are an outgoing relay # recipient verification is omitted because many MUA clients don't cope # well with SMTP error responses. If you are actually relaying from MTAs # then you should probably add recipient verify here accept hosts = +relay_hosts accept hosts = +auth_relay_hosts endpass message = authentication required authenticated = * deny message = relay not permitted # default at end of acl causes a "deny", but line below will give # an explicit error message: deny message = relay not permitted # ACL that is used after the DATA command check_message: accept

    Read the article

  • Using my own Postfix, filtering spam and getting all the mail into my ISP's inbox

    - by djechelon
    Hello, I currently own a domain bought via GoDaddy.com, which provides me a basic email setup for the most common needs. I configured it to forward all mail to [email protected] to [email protected]. I also own a virtual server with a running Postfix that I use for a specific website (all mail to somedomain.com gets forwarded via LMTP to a program written by me). Since I'm recently experiencing some harassing by spammers, since GoDaddy doesn't seem to filter spam, and since my Windows Phone's Pocket Outlook cannot filter spam, I would like to use SpamAssassin to filter inbound spam by changing my domain's MX records to my server My ideal setup is the following: All mail delivered to somedomain.com gets redirected via LMTP as usual via virtual transport without any spam check All mail to [email protected] gets redirected to [email protected] after a severe spam check I don't care about [email protected] since I use just one address for now I would like to train SpamAssassin with customized spam rules, possibly based on the presence of certain keywords (links to certain unsubscribe pages I found recurring) I currently configured Postfix with transport somedomain.com lmtp:[127.0.0.1]:8025 .somedomain.com error: Cannot accept mail for this domain relay somedomain.com OK (I guess I should add mydomain.com OK too) virtual @mydomain.com [email protected] (looks like a catch-all rule, it's OK as requirement 3) I installed SpamAssassin, I can do rcspamd start and set it to boot with the server, but I don't know if there is anything else to do for use in Postfix, and how to apply requirement 1 (only mail to mydomain.com gets filtered) I also tried to send an email via Telnet to make sure my settings are ready for MX change. I received the message into my account but I found that it gone through secureserver.net, like Postfix didn't rewrite the destination but simply relayed the message. Thank you in advance. I'm no expert in SpamAssassin, and I have little experience in Postfix (enough to avoid making my server an open relay)

    Read the article

  • What Kind of Spam is This? Testing Blog Comment Limits

    - by Yar
    I received this comment on one of my blogs today (on blogger.com): Easily I agree but I about the post should acquire more info then it has. It's the third in a series. Before there was: I will not acquiesce in on it. I over precise post. Expressly the title attracted me to be familiar with the sound story. and before that Your blog keeps getting better and better! Your older articles are not as good as newer ones you have a lot more creativity and originality now keep it up! It is obviously computer-generated (well, not this last one). The comments are from Anonymous, so they're not trying to legitimate a user on Blogger. Is this a spam attack? What might its goal be? Or are they just testing my blog to see if I reject or not? Does this kind of "attack" have a name?

    Read the article

  • How to send emails without getting into Spam Act trouble?

    - by Jason
    Lets say I have a database of 60,000 emails. I would like to send them an email notifying them of a new related service (similar to what they've signed up) which adds value to what they already signed up to. I know most of them would welcome it but they did not opt-in for this new related service. I don't want to send out the email invite only to find out I got into some Spam Act trouble. What is a friendly way to reach these targetted audience?

    Read the article

  • How do you make sure email you send programmatically is not automatically marked as spam?

    - by Leon Bambrick
    This is a tricky one - and I've always relied on techniques such as permission-based emails (i.e. only sending to people you have permission to send to) and not using blatantly spamish terminology. Of late, some of the emails I send out programmatically have started being shuffled into people's spam folder automatically - and I'm wondering what i can do about it. This is despite the fact that these particular emails are not ones that humans would mark as spam (specifically, they are emails that contain license keys that people have paid good money for, so I don't think they're going to consider them spam) I figure this is a big topic in which I am essentially an ignorant simpleton.

    Read the article

  • Auto blocking attacking IP address

    - by dong
    This is to share my PowerShell code online. I original asked this question on MSDN forum (or TechNet?) here: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/f950686e-e3f8-4cf2-b8ec-2685c1ed7a77 In short, this is trying to find attacking IP address then add it into Firewall block rule. So I suppose: 1, You are running a Windows Server 2008 facing the Internet. 2, You need to have some port open for service, e.g. TCP 21 for FTP; TCP 3389 for Remote Desktop. You can see in my code I’m only dealing with these two since that’s what I opened. You can add further port number if you like, but the way to process might be different with these two. 3, I strongly suggest you use STRONG password and follow all security best practices, this ps1 code is NOT for adding security to your server, but reduce the nuisance from brute force attack, and make sys admin’s life easier: i.e. your FTP log won’t hold megabytes of nonsense, your Windows system log will not roll back and only can tell you what happened last month. 4, You are comfortable with setting up Windows Firewall rules, in my code, my rule has a name of “MY BLACKLIST”, you need to setup a similar one, and set it to BLOCK everything. 5, My rule is dangerous because it has the risk to block myself out as well. I do have a backup plan i.e. the DELL DRAC5 so that if that happens, I still can remote console to my server and reset the firewall. 6, By no means the code is perfect, the coding style, the use of PowerShell skills, the hard coded part, all can be improved, it’s just that it’s good enough for me already. It has been running on my server for more than 7 MONTHS. 7, Current code still has problem, I didn’t solve it yet, further on this point after the code. :)    #Dong Xie, March 2012  #my simple code to monitor attack and deal with it  #Windows Server 2008 Logon Type  #8: NetworkCleartext, i.e. FTP  #10: RemoteInteractive, i.e. RDP    $tick = 0;  "Start to run at: " + (get-date);    $regex1 = [regex] "192\.168\.100\.(?:101|102):3389\s+(\d+\.\d+\.\d+\.\d+)";  $regex2 = [regex] "Source Network Address:\t(\d+\.\d+\.\d+\.\d+)";    while($True) {   $blacklist = @();     "Running... (tick:" + $tick + ")"; $tick+=1;    #Port 3389  $a = @()  netstat -no | Select-String ":3389" | ? { $m = $regex1.Match($_); `    $ip = $m.Groups[1].Value; if ($m.Success -and $ip -ne "10.0.0.1") {$a = $a + $ip;} }  if ($a.count -gt 0) {    $ips = get-eventlog Security -Newest 1000 | Where-Object {$_.EventID -eq 4625 -and $_.Message -match "Logon Type:\s+10"} | foreach { `      $m = $regex2.Match($_.Message); $ip = $m.Groups[1].Value; $ip; } | Sort-Object | Tee-Object -Variable list | Get-Unique    foreach ($ip in $a) { if ($ips -contains $ip) {      if (-not ($blacklist -contains $ip)) {        $attack_count = ($list | Select-String $ip -SimpleMatch | Measure-Object).count;        "Found attacking IP on 3389: " + $ip + ", with count: " + $attack_count;        if ($attack_count -ge 20) {$blacklist = $blacklist + $ip;}      }      }    }  }      #FTP  $now = (Get-Date).AddMinutes(-5); #check only last 5 mins.     #Get-EventLog has built-in switch for EventID, Message, Time, etc. but using any of these it will be VERY slow.  $count = (Get-EventLog Security -Newest 1000 | Where-Object {$_.EventID -eq 4625 -and $_.Message -match "Logon Type:\s+8" -and `              $_.TimeGenerated.CompareTo($now) -gt 0} | Measure-Object).count;  if ($count -gt 50) #threshold  {     $ips = @();     $ips1 = dir "C:\inetpub\logs\LogFiles\FPTSVC2" | Sort-Object -Property LastWriteTime -Descending `       | select -First 1 | gc | select -Last 200 | where {$_ -match "An\+error\+occured\+during\+the\+authentication\+process."} `        | Select-String -Pattern "(\d+\.\d+\.\d+\.\d+)" | select -ExpandProperty Matches | select -ExpandProperty value | Group-Object `        | where {$_.Count -ge 10} | select -ExpandProperty Name;       $ips2 = dir "C:\inetpub\logs\LogFiles\FTPSVC3" | Sort-Object -Property LastWriteTime -Descending `       | select -First 1 | gc | select -Last 200 | where {$_ -match "An\+error\+occured\+during\+the\+authentication\+process."} `        | Select-String -Pattern "(\d+\.\d+\.\d+\.\d+)" | select -ExpandProperty Matches | select -ExpandProperty value | Group-Object `        | where {$_.Count -ge 10} | select -ExpandProperty Name;     $ips += $ips1; $ips += $ips2; $ips = $ips | where {$_ -ne "10.0.0.1"} | Sort-Object | Get-Unique;         foreach ($ip in $ips) {       if (-not ($blacklist -contains $ip)) {        "Found attacking IP on FTP: " + $ip;        $blacklist = $blacklist + $ip;       }     }  }        #Firewall change <# $current = (netsh advfirewall firewall show rule name="MY BLACKLIST" | where {$_ -match "RemoteIP"}).replace("RemoteIP:", "").replace(" ","").replace("/255.255.255.255",""); #inside $current there is no \r or \n need remove. foreach ($ip in $blacklist) { if (-not ($current -match $ip) -and -not ($ip -like "10.0.0.*")) {"Adding this IP into firewall blocklist: " + $ip; $c= 'netsh advfirewall firewall set rule name="MY BLACKLIST" new RemoteIP="{0},{1}"' -f $ip, $current; Invoke-Expression $c; } } #>    foreach ($ip in $blacklist) {    $fw=New-object –comObject HNetCfg.FwPolicy2; # http://blogs.technet.com/b/jamesone/archive/2009/02/18/how-to-manage-the-windows-firewall-settings-with-powershell.aspx    $myrule = $fw.Rules | where {$_.Name -eq "MY BLACKLIST"} | select -First 1; # Potential bug here?    if (-not ($myrule.RemoteAddresses -match $ip) -and -not ($ip -like "10.0.0.*"))      {"Adding this IP into firewall blocklist: " + $ip;         $myrule.RemoteAddresses+=(","+$ip);      }  }    Wait-Event -Timeout 30 #pause 30 secs    } # end of top while loop.   Further points: 1, I suppose the server is listening on port 3389 on server IP: 192.168.100.101 and 192.168.100.102, you need to replace that with your real IP. 2, I suppose you are Remote Desktop to this server from a workstation with IP: 10.0.0.1. Please replace as well. 3, The threshold for 3389 attack is 20, you don’t want to block yourself just because you typed your password wrong 3 times, you can change this threshold by your own reasoning. 4, FTP is checking the log for attack only to the last 5 mins, you can change that as well. 5, I suppose the server is serving FTP on both IP address and their LOG path are C:\inetpub\logs\LogFiles\FPTSVC2 and C:\inetpub\logs\LogFiles\FPTSVC3. Change accordingly. 6, FTP checking code is only asking for the last 200 lines of log, and the threshold is 10, change as you wish. 7, the code runs in a loop, you can set the loop time at the last line. To run this code, copy and paste to your editor, finish all the editing, get it to your server, and open an CMD window, then type powershell.exe –file your_powershell_file_name.ps1, it will start running, you can Ctrl-C to break it. This is what you see when it’s running: This is when it detected attack and adding the firewall rule: Regarding the design of the code: 1, There are many ways you can detect the attack, but to add an IP into a block rule is no small thing, you need to think hard before doing it, reason for that may include: You don’t want block yourself; and not blocking your customer/user, i.e. the good guy. 2, Thus for each service/port, I double check. For 3389, first it needs to show in netstat.exe, then the Event log; for FTP, first check the Event log, then the FTP log files. 3, At three places I need to make sure I’m not adding myself into the block rule. –ne with single IP, –like with subnet.   Now the final bit: 1, The code will stop working after a while (depends on how busy you are attacked, could be weeks, months, or days?!) It will throw Red error message in CMD, don’t Panic, it does no harm, but it also no longer blocking new attack. THE REASON is not confirmed with MS people: the COM object to manage firewall, you can only give it a list of IP addresses to the length of around 32KB I think, once it reaches the limit, you get the error message. 2, This is in fact my second solution to use the COM object, the first solution is still in the comment block for your reference, which is using netsh, that fails because being run from CMD, you can only throw it a list of IP to 8KB. 3, I haven’t worked the workaround yet, some ideas include: wrap that RemoteAddresses setting line with error checking and once it reaches the limit, use the newly detected IP to be the list, not appending to it. This basically reset your block rule to ground zero and lose the previous bad IPs. This does no harm as it sounds, because given a certain period has passed, any these bad IPs still not repent and continue the attack to you, it only got 30 seconds or 20 guesses of your password before you block it again. And there is the benefit that the bad IP may turn back to the good hands again, and you are not blocking a potential customer or your CEO’s home pc because once upon a time, it’s a zombie. Thus the ZEN of blocking: never block any IP for too long. 4, But if you insist to block the ugly forever, my other ideas include: You call MS support, ask them how can we set an arbitrary length of IP addresses in a rule; at least from my experiences at the Forum, they don’t know and they don’t care, because they think the dynamic blocking should be done by some expensive hardware. Or, from programming perspective, you can create a new rule once the old is full, then you’ll have MY BLACKLIST1, MY  BLACKLIST2, MY BLACKLIST3, … etc. Once in a while you can compile them together and start a business to sell your blacklist on the market! Enjoy the code! p.s. (PowerShell is REALLY REALLY GREAT!)

    Read the article

  • Extreme headache from ASSP Extreme Ban

    - by Chase Florell
    I've got a local user on my server that as of today cannot send email from any of their devices. Only Webmail (which doesn't touch any of their devices) works. Here are the various email failures I'm receiving in the logs. Dec-04-12 19:52:47 75966-05166 [SpoofedSender] 111.111.111.111 <[email protected]> to: [email protected] [scoring:20] -- No Spoofing Allowed -- [Test]; Dec-04-12 19:52:47 75966-05166 [Extreme] 111.111.111.111 <[email protected]> to: [email protected] [spam found] -- score for 111.111.111.111 is 1980, surpassing extreme level of 500 -- [Test] -> spam/Test__1.eml; Dec-04-12 19:52:48 75968-05169 111.111.111.111 <[email protected]> to: [email protected] [scoring:10] -- IP in HELO does not match connection: '[192.168.0.10]' -- [Re Demo Feedbacks for End of November Sales]; Dec-04-12 19:52:48 75968-05169 [SpoofedSender] 111.111.111.111 <[email protected]> to: [email protected] [scoring:20] -- No Spoofing Allowed -- [Re Demo Feedbacks for End of November Sales]; Dec-04-12 19:52:48 75968-05169 [Extreme] 111.111.111.111 <[email protected]> to: [email protected] [spam found] -- score for 111.111.111.111 is 2020, surpassing extreme level of 500 -- [Re Demo Feedbacks for End of November Sales] ->spam/Re_Demo_Feedbacks_for_End_of_N__2.eml; Dec-04-12 19:52:57 75977-05179 [SpoofedSender] 111.111.111.111 <[email protected]> to: [email protected] [scoring:20] -- No Spoofing Allowed -- [test]; Dec-04-12 19:52:57 75977-05179 [Extreme] 111.111.111.111 <[email protected]> to: [email protected] [spam found] -- score for 111.111.111.111 is 2040, surpassing extreme level of 500 -- [test] -> spam/test__3.eml; ……………. Dec-04-12 19:55:35 76135-05338 [SpoofedSender] 111.111.111.111 <[email protected]> to: [email protected] [scoring:20] -- No Spoofing Allowed -- [test]; Dec-04-12 19:55:35 76135-05338 [MsgID] 111.111.111.111 <[email protected]> to: [email protected] [scoring] (Message-ID not valid: 'E8472A91545B44FBAE413F6D8760C7C3@bts'); Dec-04-12 19:55:35 76135-05338 [InvalidHELO] 111.111.111.111 <[email protected]> to: [email protected] [spam found] -- Invalid HELO: 'bts' -- [test] -> discarded/test__4.eml; note: 111.111.111.111 is a replacement for the users home IP address Here is the headers of one of the messages X-Assp-Score: 10 (HELO contains IP: '[192.168.0.10]') X-Assp-Score: 10 (IP in HELO does not match connection: '[192.168.0.10]') X-Assp-Score: 20 (No Spoofing Allowed) X-Assp-Score: 10 (bombSubjectRe: 'sale') X-Assp-Score: 20 (blacklisted HELO '[192.168.0.10]') X-Assp-Score: 45 (DNSBLcache: failed, 111.111.111.111 listed in safe.dnsbl.sorbs.net) X-Assp-DNSBLcache: failed, 174.0.35.31 listed in safe.dnsbl.sorbs.net X-Assp-Received-SPF: fail (cache) ip=174.0.35.31 [email protected] helo=[192.168.0.10] X-Assp-Score: 10 (SPF fail) X-Assp-Envelope-From: [email protected] X-Assp-Intended-For: [email protected] X-Assp-Version: 1.7.5.7(1.0.07) on ASSP.nospam X-Assp-ID: ASSP.nospam (77953-07232) X-Assp-Spam: YES X-Assp-Original-Subject: Re: Demo Feedbacks for End of November Sales X-Spam-Status:yes X-Assp-Spam-Reason: MessageScore (125) over limit (50) X-Assp-Message-Totalscore: 125 Received: from [192.168.0.10] ([111.111.111.111] helo=[192.168.0.10]) with IPv4:25 by ASSP.nospam; 4 Dec 2012 20:25:52 -0700 Content-Type: multipart/alternative; boundary=Apple-Mail-40FE7453-4BE7-4AD6-B297-FB81DAA554EC Content-Transfer-Encoding: 7bit Subject: Re: Demo Feedbacks for End of November Sales References: <003c01cdd22e$eafbc6f0$c0f354d0$@com> From: Some User <[email protected]> In-Reply-To: <003c01cdd22e$eafbc6f0$c0f354d0$@com> Message-Id: <[email protected]> Date: Tue, 4 Dec 2012 19:32:28 -0700 To: External User <[email protected]> Mime-Version: 1.0 (1.0) X-Mailer: iPhone Mail (10A523) Why is it that a local sender has been banned on our local server, and how can I fix this?

    Read the article

  • Spam in Whois: How is it done and how do I protect my domain?

    - by user2964971
    Yes, there are answered questions regarding spam in Whois. But still unclear: How do they do it? How should I respond? What precautions can I take? For example: Whois for google.com [...] Server Name: GOOGLE.COM.ZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM IP Address: 217.107.217.167 Registrar: DOMAINCONTEXT, INC. Whois Server: whois.domaincontext.com Referral URL: http://www.domaincontext.com Server Name: GOOGLE.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM IP Address: 69.41.185.195 Registrar: TUCOWS DOMAINS INC. Whois Server: whois.tucows.com Referral URL: http://domainhelp.opensrs.net Server Name: GOOGLE.COM.ZZZZZZZZZZZZZ.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM IP Address: 209.126.190.70 Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM Whois Server: whois.PublicDomainRegistry.com Referral URL: http://www.PublicDomainRegistry.com Server Name: GOOGLE.COM.ZZZZZZZZZZZZZZZZZZZZZZZZZZ.HAVENDATA.COM IP Address: 50.23.75.44 Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM Whois Server: whois.PublicDomainRegistry.com Referral URL: http://www.PublicDomainRegistry.com Server Name: GOOGLE.COMMAS2CHAPTERS.COM IP Address: 216.239.32.21 Registrar: CRAZY DOMAINS FZ-LLC Whois Server: whois.crazydomains.com Referral URL: http://www.crazydomains.com [...] >>> Last update of whois database: Thu, 05 Jun 2014 02:10:51 UTC <<< [...] >>> Last update of WHOIS database: 2014-06-04T19:04:53-0700 <<< [...]

    Read the article

  • Why is my Drupal Registration email considered spam by gmail? (headers included)

    - by Jasper
    I just created a Drupal website on a uni.cc subdomain that is brand-new also (it has barely had the 24 hours to propagate). However, when signing up for a test account, the confirmation email was marked as spam by gmail. Below are the headers of the email, which may provide some clues. Delivered-To: *my_email*@gmail.com Received: by 10.213.20.84 with SMTP id e20cs81420ebb; Mon, 19 Apr 2010 08:07:33 -0700 (PDT) Received: by 10.115.65.19 with SMTP id s19mr3930949wak.203.1271689651710; Mon, 19 Apr 2010 08:07:31 -0700 (PDT) Return-Path: <[email protected]> Received: from bat.unixbsd.info (bat.unixbsd.info [208.87.242.79]) by mx.google.com with ESMTP id 12si14637941iwn.9.2010.04.19.08.07.31; Mon, 19 Apr 2010 08:07:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 208.87.242.79 as permitted sender) client-ip=208.87.242.79; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of [email protected] designates 208.87.242.79 as permitted sender) [email protected] Received: from nobody by bat.unixbsd.info with local (Exim 4.69) (envelope-from <[email protected]>) id 1O3sZP-0004mH-Ra for *my_email*@gmail.com; Mon, 19 Apr 2010 08:07:32 -0700 To: *my_email*@gmail.com Subject: Account details for Test at YuGiOh Rebirth MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed; delsp=yes Content-Transfer-Encoding: 8Bit X-Mailer: Drupal Errors-To: info -A T- yugiohrebirth.uni.cc From: info -A T- yugiohrebirth.uni.cc Message-Id: <[email protected]> Date: Mon, 19 Apr 2010 08:07:31 -0700 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - bat.unixbsd.info X-AntiAbuse: Original Domain - gmail.com X-AntiAbuse: Originator/Caller UID/GID - [99 500] / [47 12] X-AntiAbuse: Sender Address Domain - bat.unixbsd.info X-Source: X-Source-Args: /usr/local/apache/bin/httpd -DSSL X-Source-Dir: gmh.ugtech.net:/public_html/YuGiOhRebirth

    Read the article

  • Why are emails sent from my applications being marked as spam?

    - by Brian
    Hi. I have 2 web apps running on the same server. The first is www.nimikri.com and the other is www.hourjar.com. Both apps share the same IP address (75.127.100.175). My server is through a shared hosting company. I've been testing my apps, and at first all my emails were being delivered to me just fine. Then a few days ago every email from both apps got dumped into my spam box (in gmail and google apps). So far the apps have just been sending emails to me and nobody else, so I know people aren't manually flagging them as spam. I did a reverse DNS lookup for my IP and the results I got were these: 100.127.75.in-addr.arpa NS DNS2.GNAX.NET. 100.127.75.in-addr.arpa NS DNS1.GNAX.NET. Should the reverse DNS lookup point to nimikri.com and hourjar.com, or are they set up fine the way they are? I noticed in the email header these 2 lines: Received: from nimikri.nimikri.com From: Hour Jar <[email protected]> Would the different domain names be causing gmail to think this is spam? Here is the header from one of the emails. Please let me know if any of this looks like a red flag for spam. Thanks. Delivered-To: [email protected] Received: by 10.231.157.85 with SMTP id a21cs54749ibx; Sun, 25 Apr 2010 10:03:14 -0700 (PDT) Received: by 10.151.130.18 with SMTP id h18mr3056714ybn.186.1272214992196; Sun, 25 Apr 2010 10:03:12 -0700 (PDT) Return-Path: <[email protected]> Received: from nimikri.nimikri.com ([75.127.100.175]) by mx.google.com with ESMTP id 28si4358025gxk.44.2010.04.25.10.03.11; Sun, 25 Apr 2010 10:03:11 -0700 (PDT) Received-SPF: neutral (google.com: 75.127.100.175 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=75.127.100.175; Authentication-Results: mx.google.com; spf=neutral (google.com: 75.127.100.175 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected] Received: from nimikri.nimikri.com (localhost.localdomain [127.0.0.1]) by nimikri.nimikri.com (8.14.3/8.14.3) with ESMTP id o3PH3A7a029986 for <[email protected]>; Sun, 25 Apr 2010 12:03:11 -0500 Date: Sun, 25 Apr 2010 12:03:10 -0500 From: Hour Jar <[email protected]> To: [email protected] Message-ID: <[email protected]> Subject: [email protected] has invited you to New Event MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit

    Read the article

  • Exchange 2003 mail non-delivery (NDR), spam activity? events 7002 & 7004

    - by HighTechGeek
    Windows Server 2003 Small Business Server SP2 Exchange Version 6.5 (Build 7638.2: Service Pack 2) This network has been neglected and has been having email problems for years and was on many blacklists. I was called in after the server eventually crashed... I got the server back up and running, but email problems persist. Outgoing mail delivery is sporadic. Sometimes the mail goes through, sometimes a delayed delivery report is generated after a day or more, and sometimes it seems to go through, but the recipient never receives it. Not sure if spammers are successfully using the server as a relay (see event entries below after turning on maximum SMTP logging)... User PCs infected with viruses and server was blacklisted on many sites (I used mxtoolbox.com) I have cleaned all the PCs and changed all passwords (including administrator) I have requested removal from all of the blacklists - most have removed the listing, some take more time. I have setup rDNS pointer records with the ISP (Comcast) - that was one reason for some of the blacklistings. I have tested that it's not an open relay using telnet as described here: www.amset.info/exchange/smtp-openrelay.asp I followed the advise of a Spamhaus & Microsoft article to enable maximum SMTP logging. http://www.spamhaus.org/faq/answers.lasso?section=isp%20spam%20issues#320 which directed me to Microsoft KB article 895853, specifically, the part 2/3 down titled: "If mail relay occurs from an account on an Exchange computer that is not configured as an open relay" . The Application Event Log is filling with this type of activity (Event ID 7002, 7002 & 3018 errors): Event Type: Error Event Source: MSExchangeTransport Event Category: SMTP Protocol Event ID: 7004 Date: 1/18/2011 Time: 7:33:29 AM User: N/A Computer: SERVER Description: This is an SMTP protocol error log for virtual server ID 1, connection #621. The remote host "212.52.84.180", responded to the SMTP command "rcpt" with "550 #5.1.0 Address rejected [email protected] ". The full command sent was "RCPT TO: ". This will probably cause the connection to fail. and this: Event Type: Warning Event Source: MSExchangeTransport Event Category: SMTP Protocol Event ID: 7002 Date: 1/18/2011 Time: 7:33:29 AM User: N/A Computer: SERVER Description: This is an SMTP protocol warning log for virtual server ID 1, connection #620. The remote host "212.52.84.170", responded to the SMTP command "rcpt" with "452 Too many recipients received this hour ". The full command sent was "RCPT TO: ". This may cause the connection to fail. or a variant of: Event Type: Warning Event Source: MSExchangeTransport Event Category: SMTP Protocol Event ID: 7002 Date: 1/18/2011 Time: 8:39:21 AM User: N/A Computer: SERVER Description: This is an SMTP protocol warning log for virtual server ID 1, connection #661. The remote host "82.57.200.133", responded to the SMTP command "rcpt" with "421 Service not available - too busy ". The full command sent was "RCPT TO: ". This may cause the connection to fail. also Event Type: Error Event Source: MSExchangeTransport Event Category: NDR Event ID: 3018 Date: 1/18/2011 Time: 9:49:37 AM User: N/A Computer: SERVER Description: A non-delivery report with a status code of 5.4.0 was generated for recipient rfc822;[email protected] (Message-ID ). Causes: This message indicates a DNS problem or an IP address configuration problem Solution: Check the DNS using nslookup or dnsq. Verify the IP address is in IPv4 literal format. Data: 0000: ef 02 04 c0 ï..À Any guidance and/or suggestions and/or tests to perform would be greatly appreciated.

    Read the article

  • All my emails to Yahoo!, Hotmail and AOL are going to Spam, though I've implemented every validation

    - by Chetan
    Hi, I've implemented everything and checked everything (SPF, DomainKey, DKIM, reverse lookup), and only Gmail is allowing my emails to go to Inbox. Yahoo, Hotmail and AOL are all sending my messages to Spam. What am I doing wrong? Please help! Following are the headers of messages to Yahoo, Hotmail and AOL. I've changed names and domain names. The domain names I'm sending mail from are polluxapp.com and gemini.polluxapp.com. Yahoo: From Shift Licensing Tue Jan 26 21:55:14 2010 X-Apparently-To: [email protected] via 98.136.167.163; Tue, 26 Jan 2010 13:59:12 -0800 Return-Path: X-YahooFilteredBulk: 208.115.108.162 X-YMailISG: gPlFT1YWLDtTsHSCXAO2fxuGq5RdrsMxPffmkJFHiQyZW.2RGdDQ8OEpzWDYPS.MS_D5mvpu928sYN_86mQ2inD9zVLaVNyVVrmzIFCOHJO2gPwIG8c2L8WajG4ZRgoTwMFHkyEsefYtRLMg8AmHKnkS0PkPscwpVHtuUD91ghsTSqs4lxEMqhqw60US0cwMn_r_DrWNEUg_sESZsYeZpJcCCPL0wd6zcfKmtYaIkidsth3gWJPJgpwWtkgPvwsJUU_cmAQ8hAQ7RVM1usEs80PzihTLDR1yKc4RJCsesaf4NUO_yN1cPsbFyiaazKikC.eiQk4Z3VU.8O5Vd8i7mPNyOeAjyt7IgeA_ X-Originating-IP: [208.115.108.162] Authentication-Results: mta1035.mail.sk1.yahoo.com from=example.com; domainkeys=pass (ok); from=example.com; dkim=permerror (bad sig) Received: from 127.0.0.1 (EHLO gemini.example.com) (208.115.108.162) by mta1035.mail.sk1.yahoo.com with SMTP; Tue, 26 Jan 2010 13:59:12 -0800 Received: from gemini.example.com (gemini [127.0.0.1]) by gemini.example.com (Postfix) with ESMTP id 3984E21A0167 for ; Tue, 26 Jan 2010 13:55:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=example.com; h=to :subject:from:content-type:message-id:date; s=mail; bh=bRIHfxE3S e+YeCrIOqziZsiESJA=; b=J+D56Czff+6wGjQycLEvHyT32+06Nngf+6h7Ep6DL SmmJv3ihiAFJIJiPxiwLNpUsOSHhwJYjYQtynbBnag40A6EUBIsucDR+VoEYD+Cc 9L0dV3QD5D77VpG9PnRQDQa91R+NPIt5og9xbYfUWJ1b/jXkZopb0VTM+H9tandM 24= DomainKey-Signature: a=rsa-sha1; c=nofws; d=example.com; h=to:subject :from:content-type:message-id:date; q=dns; s=mail; b=pO5YvvjGTXs 3Qa83Ibq9woLq5VSsxUD5uoSrjNrW9ICMmdWyJpb9oT5byFR9hMthomTmfGWkkh6 3VxtD0hb0HVonN+1iheqJ9QBBOctadLCAOPZV3mfA99XUu7Y0DR2qtkU/UkSe8In 5PENWFbwub88ZsRDiW3hCbNHl+UO8Jsc= Received: by gemini.example.com (Postfix, from userid 502) id 386DE21A0166; Tue, 26 Jan 2010 13:55:14 -0800 (PST) To: [email protected] Subject: Shift License For James Xavier From: "Shift Licensing" Content-type: text/html Message-Id: <[email protected] Date: Tue, 26 Jan 2010 13:55:14 -0800 (PST) Content-Length: 282` Hotmail: X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtTQ0w9Ng== X-Message-Status: n:0 X-SID-PRA: [email protected] X-AUTH-Result: NONE X-Message-Info: 6sSXyD95QpWzUBaRfzf3NMbaiSGCCYGXSczlzLw49r01I25elu3oYM0V2uNa8BV2O7DOiFEeewTBKMtN+PW+ig== Received: from gemini.example.com ([208.115.108.162]) by snt0-mc4-f7.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 26 Jan 2010 13:18:53 -0800 Received: from gemini.example.com (gemini [127.0.0.1]) by gemini.example.com (Postfix) with ESMTP id 9431321A0167 for ; Tue, 26 Jan 2010 13:18:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gemini.example.com; h=to :subject:message-id:date:from; s=mail; bh=DLF0k+uELpY6If5o3SWlSj 7j0vw=; b=nAMpb47xTVh73y6a2rf6V1rtYHuufr46dtuwWtHyFC85QKfZJReJJL oFIPjgEC28/1wSdy8VbfLG1g64W1hvnJjet3rcyv3ANNYxnFaiH5yt3SDEiLxydS gjCmNcZXyiVsWtpv7atVRO/t/Own+oFB9zz/9mj43Bhm4bnZ2cTno= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gemini.example.com; h=to :subject:message-id:date:from; q=dns; s=mail; b=sFpNxlskyz4MYT38 BA/rQ6ZAcQjhy7STkLPckrCDVVZcE4/zukHyARq7guMtYCCEjXoIbVEtNikPC97F cGpJGGZrppTGjx62N0flxG8hvwejiJYnUJF1EIP4JckGWyEI+21vtWLLQ27eegtN fs9OkIQ2iUPC/4u8N1eqiff0VZU= Received: by gemini.example.com (Postfix, from userid 504) id 8ED7221A0166; Tue, 26 Jan 2010 13:18:53 -0800 (PST) To: [email protected] Subject: Testing this Message-Id: <[email protected] Date: Tue, 26 Jan 2010 13:18:53 -0800 (PST) From: [email protected] Return-Path: [email protected] X-OriginalArrivalTime: 26 Jan 2010 21:18:54.0039 (UTC) FILETIME=[29CEE670:01CA9ECD] AOL: X-AOL-UID: 3158.1902377530 X-AOL-DATE: Tue, 26 Jan 2010 5:07:23 PM Eastern Standard Time Return-Path: Received: from rly-mg06.mx.aol.com (rly-mg06.mail.aol.com [172.20.83.112]) by air-mg06.mail.aol.com (v126.13) with ESMTP id MAILINMG061-a1d4b5f6787a4; Tue, 26 Jan 2010 17:07:22 -0500 Received: from gemini.example.com (gemini.example.com [208.115.108.162]) by rly-mg06.mx.aol.com (v125.7) with ESMTP id MAILRELAYINMG067-a1d4b5f6787a4; Tue, 26 Jan 2010 17:07:04 -0500 Received: from gemini.example.com (gemini [127.0.0.1]) by gemini.example.com (Postfix) with ESMTP id 32B3821A0167 for ; Tue, 26 Jan 2010 14:07:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gemini.example.com; h=to :subject:message-id:date:from; s=mail; bh=RL0GLHd3dZ8IlIHoHIhA/U cLtUE=; b=BKg4p3qnaIdFRjAbvUa+Hwcyc6W91v4B4hN95dVymJrxyUBycWMUSC nzKmJ5QllhCYjwO+S7GrRdmlFpjBaK8kt2qmdCyC2UuiDF6xY6MXx/DBF56QpYtZ YDY4kXdiEMSbooH14B4CCPhaCTdC1wCtV0diat3EANCLxSDYAYq5k= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gemini.example.com; h=to :subject:message-id:date:from; q=dns; s=mail; b=fDSjNpfWs7TfGXda uio8qbJIyD+UmPL+C0GM1VeeV8FADj6JiYIT1nT3iBwSHlrLFCJ1wxPbE4d9CGl8 gQkPIV6T4TL7ha052nur0EOWoBLoBAOmhTshF/gsIY+/KMibbIczuRyTgIGVV5Tw GZVGFddVFOYgee7SAu0KNFm7aIk= Received: by gemini.example.com (Postfix, from userid 504) id 2D5F521A0166; Tue, 26 Jan 2010 14:07:03 -0800 (PST) To: [email protected] Subject: Testing Message-Id: <[email protected] Date: Tue, 26 Jan 2010 14:07:03 -0800 (PST) From: [email protected] X-AOL-IP: 208.115.108.162 X-AOL-SCOLL-AUTHENTICATION: mail_rly_antispam_dkim-d227.1 ; domain : gemini.example.com DKIM : pass X-Mailer: Unknown (No Version) Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit

    Read the article

  • How to run node.js app on port 80? Are processes blocking my port?

    - by Lucas
    I believe the port 80 on my remote instance is blocked, and I am trying to run a node.js app using port 80. I have experimented with ports 3000 and 3002, and both ports are working fine, but I get an error when running on port 80. I suspect port 80 is blocked from my output of netstat -an below, but how can I find the process id's of the addresses that are blocking port 80 below? [lucas@ecoinstance]~/node/nodetest1$ netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:3002 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:27017 127.0.0.1:51108 ESTABLISHED tcp 0 0 127.0.0.1:51106 127.0.0.1:27017 ESTABLISHED tcp 0 0 127.0.0.1:27017 127.0.0.1:51106 ESTABLISHED tcp 0 0 127.0.0.1:51107 127.0.0.1:27017 ESTABLISHED tcp 0 0 10.240.241.116:3002 174.61.171.61:36583 TIME_WAIT tcp 0 0 127.0.0.1:27017 127.0.0.1:51109 ESTABLISHED tcp 0 0 10.240.241.116:42423 169.254.169.254:80 ESTABLISHED tcp 0 0 127.0.0.1:51108 127.0.0.1:27017 ESTABLISHED tcp 0 532 10.240.241.116:22 174.61.171.61:56824 ESTABLISHED tcp 0 0 127.0.0.1:27017 127.0.0.1:51107 ESTABLISHED tcp 0 0 10.240.241.116:42412 169.254.169.254:80 ESTABLISHED tcp 0 0 127.0.0.1:51109 127.0.0.1:27017 ESTABLISHED tcp 0 0 127.0.0.1:51105 127.0.0.1:27017 ESTABLISHED tcp 0 0 10.240.241.116:42422 169.254.169.254:80 TIME_WAIT tcp 0 0 127.0.0.1:27017 127.0.0.1:51105 ESTABLISHED tcp6 0 0 :::22 :::* LISTEN udp 0 0 0.0.0.0:49948 0.0.0.0:* udp 0 0 0.0.0.0:68 0.0.0.0:* udp 0 0 10.240.241.116:123 0.0.0.0:* udp 0 0 127.0.0.1:123 0.0.0.0:* udp 0 0 0.0.0.0:123 0.0.0.0:* udp6 0 0 :::12151 :::* udp6 0 0 :::123 :::* Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 405680 /tmp/ssh-KdkxJfFLpKTC/agent.22 813 unix 2 [ ACC ] STREAM LISTENING 408230 /tmp/ssh-ofUeNNEwAqtP/agent.22 243 unix 2 [ ACC ] STREAM LISTENING 416227 /tmp/mongodb-27017.sock unix 2 [ ACC ] SEQPACKET LISTENING 3692 /run/udev/control unix 7 [ ] DGRAM 5286 /dev/log unix 2 [ ACC ] STREAM LISTENING 5318 /var/run/acpid.socket unix 2 [ ACC ] STREAM LISTENING 16170 /tmp//tmux-1000/default unix 2 [ ACC ] STREAM LISTENING 414450 /var/run/dbus/system_bus_socke And here is the log when trying to run on port 80 with node.js: [lucas@ecoinstance]~/node/nodetest1$ npm start > [email protected] start /home/lucas/node/nodetest1 > node ./bin/www events.js:72 throw er; // Unhandled 'error' event ^ Error: listen EACCES at errnoException (net.js:904:11) at Server._listen2 (net.js:1023:19) at listen (net.js:1064:10) at Server.listen (net.js:1138:5) at Function.app.listen (/home/lucas/node/nodetest1/node_modules/express/lib/applicati on.js:532:24) at Object.<anonymous> (/home/lucas/node/nodetest1/bin/www:7:18) at Module._compile (module.js:456:26) at Object.Module._extensions..js (module.js:474:10) at Module.load (module.js:356:32) at Function.Module._load (module.js:312:12) npm ERR! [email protected] start: `node ./bin/www` npm ERR! Exit status 8 npm ERR! npm ERR! Failed at the [email protected] start script. npm ERR! This is most likely a problem with the nodetest1 package, npm ERR! not with npm itself. npm ERR! Tell the author that this fails on your system: npm ERR! node ./bin/www npm ERR! You can get their info via: npm ERR! npm owner ls nodetest1 npm ERR! There is likely additional logging output above. npm ERR! System Linux 3.13-0.bpo.1-amd64 npm ERR! command "/usr/local/bin/node" "/usr/local/bin/npm" "start" npm ERR! cwd /home/lucas/node/nodetest1 npm ERR! node -v v0.10.28 npm ERR! npm -v 1.4.9 npm ERR! code ELIFECYCLE npm ERR! npm ERR! Additional logging details can be found in: npm ERR! /home/lucas/node/nodetest1/npm-debug.log npm ERR! not ok code 0 And sudo netstat -lnp does not return any matching port 80's: [lucas@ecoinstance]~/node/nodetest1$ sudo netstat -lnp [48/648] Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Progr am name tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 29160/mon god tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1976/sshd tcp6 0 0 :::22 :::* LISTEN 1976/sshd udp 0 0 0.0.0.0:49948 0.0.0.0:* 1604/dhcl ient udp 0 0 0.0.0.0:68 0.0.0.0:* 1604/dhcl ient udp 0 0 10.240.241.116:123 0.0.0.0:* 2076/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 2076/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 2076/ntpd udp6 0 0 :::12151 :::* 1604/dhcl ient udp6 0 0 :::123 :::* 2076/ntpd Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 405680 22814/ssh-agent /tmp/ssh-K dkxJfFLpKTC/agent.22813 unix 2 [ ACC ] STREAM LISTENING 408230 24049/ssh-agent /tmp/ssh-o fUeNNEwAqtP/agent.22243 unix 2 [ ACC ] STREAM LISTENING 416227 29160/mongod /tmp/mongo db-27017.sock unix 2 [ ACC ] SEQPACKET LISTENING 3692 284/udevd /run/udev/ control unix 2 [ ACC ] STREAM LISTENING 5318 1798/acpid /var/run/a cpid.socket unix 2 [ ACC ] STREAM LISTENING 16170 5177/tmux /tmp//tmux -1000/default unix 2 [ ACC ] STREAM LISTENING 414450 28213/dbus-daemon /var/run/d bus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 404225 22324/1 /tmp/ssh-9 TlDmu4bjl/agent.22324

    Read the article

  • Non-Blocking I/O Made Possible in Java

    Java SE7 "Dolphin" release is nearing and we're chomping at the bit. So let's dig in and review non-blocking IO, a feature of java.nio (New I/O) package that is a part of Java v1.4, v1.5 and v1.6 and we'll also take a peek at the java.nio.file (NIO.2) package.

    Read the article

  • Non-Blocking I/O Made Possible in Java

    Java SE7 "Dolphin" release is nearing and we're chomping at the bit. So let's dig in and review non-blocking IO, a feature of java.nio (New I/O) package that is a part of Java v1.4, v1.5 and v1.6 and we'll also take a peek at the java.nio.file (NIO.2) package.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >