Topic: 5.5 Falling like Flys

[ephraims]

I Have recently had all my sme 5.5 dieing. What is going on?? One by one they seam to be falling. What happens is that the network users start having troubles accessing documents and then twiggi will stop working they restart the server and everything ok then one time they will go to start the server and there will be a heap of errors saying the files are read only and the errors will scroll down the screen. I know what you are thinking upgrade to 5.6 or 6 but they are running genuine intel 845 mohterboards and it will not allow you to install 5.6 no matter what I tried it says the install will take 20h. I have tried to adjust hard drive cache and all motherboard setting that I could modify and no luck. If I try to go to 6 it has errors on the upgrade and dumps me out. Are there any patches for 5.5 that will stop this or does anybody have any ideas as to what is going on??

[Anonymous]

I would say that your problems are hardware related not software, especially if they are all using the same hardware and same vintage. Maybe M/B IDE controllers failing or H/D's.

Jon

[compdoc]

Funny, but I had a 5.5 server die recently too. I suspected the hard drive, but after a lot of surface testing, I couldnt find thing wrong with it.

I put it down to being hacked - there was a lot of activity on the external nic.

by the way, there are many systems out there from 1 to 2 years old, that are dying because of bad capacitors on the motherboards and in the power supplies.

search google for "bad capacitors" to read many stories about a stolen formula thats caused it all...

[ephraims]

The hardware is ok i beleive it is hacking or virus related. i have loaded 6 on the servers now and all is ok. Just to test 1 i loaded 5.5 on it and yep after 2 weeks it happend again and yes there was a lot of activity through the lan port. I think the problem gets worse as time goes along it will get slower there will be a few issues then you will turn it on and that is it. no more boot. I recomend everybody with 5.5 to go to 5.6 or 6 soon

[Anonymous]

You can check if someone succeeded installing a rootkit on your machine.

http://www.chrootkit.org

My 5.5 server was compromised. probably due to an SSL vulnerability that is present in SME 5.5

Recommend everyone to upgrade to a newer version.

Regards,
Peter

[Anonymous]

Wrong url above. Correct url = http://www.chkrootkit.org

[Anonymous]

Wrong url above. Correct url = http://www.chkrootkit.org

That's a great link.

I also have a 5.5 server that has been acting suspiciously over the last few weeks. The server seemed to be doing a port scan of my internal machines (only those using DHCP - coincidence, or are these machines somehow visible from the 'net?), but only happened once, and I've never been able to find trojans or viruses using a variety of tools. There is always that nagging doubt though, as the broadband interface light never stops flashing for an instance.

-- Jason

[Anonymous]

There have been a lot of hackings lately with older un updated machines.
Update everything NOW!

[Anonymous]

There have been a lot of hackings lately with older un updated machines.
Update everything NOW!

I think I will - just as soon as I have documented all the hacks I've done. A lot of the contribs I have installed would need ungrading, fixing, purchasing now. I have kept up-to-date with the various security notifications though.

Out of interest, I installed the Netprobe Java app (trial version) following the HOWTO, so see what all that network activity was. It was very revealing! Looks like every server and his dog is trying to connect to my server, but they are all being knocked back.

I also see dozens of broadcast messages from my broadband ISP users every second. I expect that would MS Windows PCs trying to share their files and printers to every other PC on the same broadband sub-net, or they have viruses. Either way, I wouldn't like to be in their shoes!

-- JJ

[PeterG]

Ok I am obviously being a bit thick, I have downloaded the chrootkit and am trying to 'make' it, but it returns the error -

[root@pogo6b3 chkrootkit-0.43]# make sense
gcc -DHAVE_LASTLOG_H -o chklastlog chklastlog.c
make: gcc: Command not found
make: *** [chklastlog] Error 127
[root@pogo6b3 chkrootkit-0.43]#

Which look to my untrained eye like its trying to use a gcc thingy that is not there...

How do I get it to go then?

PeterG.

[mike_mattos]

/usr/bin/make sense    

gives an error but seems to compile OK

BTW, is anyone getting chatter about
 ""Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/site_perl/5.6.1/i386-linux/auto/CGI/Persistent/.packlist /usr/lib/perl5/site_perl/5.6.1/i386-linux/auto/CGI/FormMagick/.packlist , etc "

apart from that the scan is clean.

mike

[PeterG]

Hmmmm....


[root@pogo6b3 chkrootkit-0.43]# /usr/bin/make sense
gcc -DHAVE_LASTLOG_H -o chklastlog chklastlog.c
make: gcc: Command not found
make: *** [chklastlog] Error 127
[root@pogo6b3 chkrootkit-0.43]#
[root@pogo6b3 chkrootkit-0.43]# rpm -q *gcc*
package *gcc* is not installed


Presumably the gcc thingy is a compiler of some sort? (can you tell I am not a programmer type?)

I am surmising that this is not installed by default in the standard SME server iso and its part of the developer add ons that I have seen elsewhere on contribs. So, does anyone know which ones are pertinent to this issue as apparently to install all the developer rpms presents some sort of security risk, apparently.


Cheers

PeterG.

[Michiel]

Presumably the gcc thingy is a compiler of some sort?

Correct. By default it's not installed as it is considered a security risk. Hackers normally need a compiler to further compromise your system and users don't need a compiler as most packages are already available as rpm packages.

Search contribs.org for dev tools and you'll find all the packages you need to get te job done.

Michiel