Topic: No Access to my SME-Server

[lucaegloff]

Hi
I'm new to this Forum and I apologies for my English.
I'm running a SME 8.0 Server for a while now. I use it primarily as a Calendar-Server with a SOGo-Installation.
Since two Days now, I have no access to this Server via the server-manager, nor the SOGo-Interface. I can log me in on the server, I can reach the web server (under construction), I receive the ping; but no chance with server-manager or an other access.

Can anyone help me?

Greetings
Luca

[CharlieBrady]

What happens when you try to access server-manager? What exactly do you mean by "an[y] other access"?

You will need to have skills at the command line to solve your problem. You will need to log in and look at log files, and use tools such as 'top', 'ps', 'netstat' etc to see what processes are running and what their status is.

There is no simple short answer to your questions.

[Stefano]

Luca, if you are italian, please come to italian language forum too, I will try to help you

[lucaegloff]

What happens when you try to access server-manager? What exactly do you mean by "an[y] other access"?

You will need to have skills at the command line to solve your problem. You will need to log in and look at log files, and use tools such as 'top', 'ps', 'netstat' etc to see what processes are running and what their status is.

There is no simple short answer to your questions.

When I try to access, I get an Timeout!
Other access would be SSH . There too I get a Timeout.
Sure. I'm not really good, but I know these sort of commands.

[janet]

lucaegloff

From a windows workstation behind your sme server, open a browser to grc.com & do a port scan.
This will check to see if required ports are open eg 443 for server manager, 22 (or whatever you use) for ssh etc & so on.

Log in as root at the command line & show output of

service httpd-e-smith status
(Should be something like
run: /service/httpd-e-smith: (pid 2033) 12660s, normally down)

service httpd-admin status
(Should be something like
run: /service/httpd-admin: (pid 2017) 12683s, normally down; run: log: (pid 796) 13157s)

service sshd status

Did you make any changes, install software, upgrade the server etc 2 days or earlier ago ?
If so what changes ?

Can you access the text based server manager ?
To access that, Log in as root to command prompt,
type
console
then select server manager option
Use the tab key & cursor keys or mouse to move around.

Also look in the log files eg /var/log/messages
around the time you try to access services that are timing out

Also look in the specific log files for those services eg httpd-admin

eg cat /var/log/messages

It is a little more difficult to read them without access to the GUI server manager

Try issuing the command
htop
& review the output
this is a good way to list services & their status. You need to see if httpd-admin & sshd are running & so on.

As Charlie says there are many places & things to look at to determine where the problem lies, but got to start somewhere.

[lucaegloff]

Hi Janet

Thank you for your help.

In summ I can tell you:

All needed ports (http; ssh, sogo etc.) are available - mmap says filtered.
httpd-admin and ssh are running. httpd-e-smith is not running.
With top I see that all processes are running.
I did not change anything. That's why I don't understand the problem …

I accessed many times the text based server-manager. All Accounts seem to run ok.

I checked "messages" and found an error on the mysql database.
- mysql.init: Error 1060  (this on several lines)

I checked ssh log at a time, when I tried to log in. It says:
- server listening
- Received signal 15: terminating

If I could print out the log files, it would be easier for me.

Hopes this helps,
Luca

[lucaegloff]

Luca, if you are italian, please come to italian language forum too, I will try to help you

Thanks. Maybe later. I appreciate 
Luca

[lucaegloff]

Something strange happened. I installed the Printer Queue admin on my machine. In the server-manager I found no further informations. Then I tried thru a Webbrowser to access the admin; and it worked! I was able to log in to the Queue admin and analyze my printer.

But the rest is the same …

Thanks for your help
Luca

[Stefano]

please define "printer queue admin", thank you

[lucaegloff]

it's smeserver-print-monitor. But it is not so important.

[Stefano]

how did you install it?

please post the result of

Code: [Select]

history | grep 'yum install'

thank you

[lucaegloff]

I installed following http://wiki.contribs.org/LPRng_print_queue_monitor

[Stefano]

you missed my request

[CharlieBrady]

httpd-e-smith is not running.

If that is so, it should be easy to find out why not.

cd /service/httpd-e-smith
sv d $PWD
./run

[lucaegloff]

If that is so, it should be easy to find out why not.

cd /service/httpd-e-smith
sv d .
./run


I typed these commands and get:
[Warn] worker http://127.0.0.1:20000/SOGo/dav is already in use by another worker

I saw this warning also in the messages...

[CharlieBrady]

Something strange happened. I installed the Printer Queue admin on my machine. In the server-manager I found no further informations. Then I tried thru a Webbrowser to access the admin; and it worked! I was able to log in to the Queue admin and analyze my printer.

But the rest is the same …

Your information is confusing and conflicting. I think you are saying that previously you could not access server-manager, but now you can access server-manager. You say "the rest is the same". Please make a list of "the rest". What is working and what is not working? For those which are not working, specify exactly what you mean by "not working".

[lucaegloff]

you missed my request

Yes, I try to type the command, but I can't get the character which comes after history … Although it is on the keyboard and I have the right layout installed.

[Stefano]

any further info (i.e. language and keyboard layout)?

[lucaegloff]

Your information is confusing and conflicting. I think you are saying that previously you could not access server-manager, but now you can access server-manager. You say "the rest is the same". Please make a list of "the rest". What is working and what is not working? For those which are not working, specify exactly what you mean by "not working".

As I wrote before, I can log in to the server-manager, text-based on the Server console. But I can not reach the server-manager thru a Webbrowser on another machine in the local Network.
On the Server I can log in and do what I want (or can). Every Service seems to run - except the https-e-smith, but there I'm not sure … see above.
From another machine in the local Network or over Internet, I can not log in to the server-manager, nor to the SOGo Interface. I was not able to log in via ssh. But I get the index-page of the Webserver (under construction! I have no site running there)

Hope all this was clear

[lucaegloff]

any further info (i.e. language and keyboard layout)?

Language: german
Keyboard: de_CH-latin1

[Stefano]

a fast research with google gives me this

On some keyboards the pipe is hard to find. On a US 101 keyboard the pipe should be available via Shift-\ ("backslash"). On a German keyboard it is on the left together with < and > and the Alt Gr modifier key must be pressed to get the pipe.

be aware that this could not work if you are using a virtual machine (google will tell you more)

[lucaegloff]

a fast research with google gives me this

be aware that this could not work if you are using a virtual machine (google will tell you more)

Sorry, none of this works

[janet]

lucaegloff

Is remote access to server manager & ssh enabled in server manager panels ?
By default they are disabled.
Check using the text based server manager.

As you can access the text based server manager & command line locally on the server or from the local network, then external access appears to be your problem.
What app are you using on a workstation to access ssh on the server, Putty ?

If you can ssh from a workstation to server using Putty, then you can paste commands directly, & copy screen output using the little icon in the top left corner, so if you are not using Putty, then I suggest you install it on your workstation (& configure it correctly).

Are you sure you did not upgrade Sogo or make config changes to Sogo recently ?

Sogo is probably the source of your problems

I suggest you Google your Sogo error message
[Warn] worker http://127.0.0.1:20000/SOGo/dav is already in use by another worker

It seems this is a common problem, but I'm not sure of your exact issue. I don't use Sogo so cannot help.

[janet]

lucaegloff

If I could print out the log files, it would be easier for me

You can view & filter the log files using the (text based) server-manager, View log files panel.
You can Download them too, & then print them if required.

Alternatively do
cat /var/log/messages >> /home/e-smith/files/ibays/ibayname/html/messages20140228.txt

(replace log filename (messages) & output location (ibayname) & filename (messages20140-228.txt) as required)

Then read in a browser or Notepad etc & print if required.
You may need to change ownership permissions on those saved log files

[janet]

lucaegloff

cd /service/httpd-e-smith
sv d .
./run

Charlie asked you to type
cd /service/httpd-e-smith
sv d $PWD
./run

(although he may have edited/corrected his post)

If httpd-e-smith is not running, which you say is not running, then you will not be able to access server manager.

Enable it using
service httpd-e-smith start

(although the earlier command given should have started it)
Check status (ie is it running) again
service httpd-e-smith status

& show us the output rather than just saying it's running, you can write it down easily.

Then try accessing server manager again, assuming of course you have Remote access enabled from specific IPs in the server manager panel (if accessing remotely).

[lucaegloff]

lucaegloff

Is remote access to server manager & ssh enabled in server manager panels ?     Yes
By default they are disabled.
Check using the text based server manager.   Did It

As you can access the text based server manager & command line locally on the server or from the local network, then external access appears to be your problem.   Right
What app are you using on a workstation to access ssh on the server, Putty ? No. I use Terminal (On Mac OS X)

If you can ssh from a workstation to server I can not, as I wrote earlier using Putty, then you can paste commands directly, & copy screen output using the little icon in the top left corner, so if you are not using Putty, then I suggest you install it on your workstation (& configure it correctly).

Are you sure you did not upgrade Sogo or make config changes to Sogo recently ? The last update before the problems appeared, I made one month ago. I did the last update, after the problems emerged

Sogo is probably the source of your problems

I suggest you Google your Sogo error message
[Warn] worker http://127.0.0.1:20000/SOGo/dav is already in use by another worker

It seems this is a common problem, but I'm not sure of your exact issue. I don't use Sogo so cannot help. I googled the Problem. It appears often on forums, but It seems not to be a problem, normally. I'm on ...

[lucaegloff]

lucaegloff

You can view & filter the log files using the (text based) server-manager, View log files panel. Yes, I mentioned above, what I found in the log files. But I will try to filter this logs better an search more specific
You can Download them too, & then print them if required.

Alternatively do
cat /var/log/messages >> /home/e-smith/files/ibays/ibayname/html/messages20140228.txt

(replace log filename (messages) & output location (ibayname) & filename (messages20140-228.txt) as required)
This is a very clever trick. Thanks. I have to install an iBay before, cause I have none till now.
Then read in a browser or Notepad etc & print if required.
You may need to change ownership permissions on those saved log files  Will tell you…  Thanks

[lucaegloff]

lucaegloff

Charlie asked you to type
cd /service/httpd-e-smith
sv d $PWD
./run

(although he may have edited/corrected his post)

If httpd-e-smith is not running, which you say is not running, then you will not be able to access server manager. I messed up. Sorry! It is running. The status shows: run: /service/httpd-e-smith: (pid 3601) 106s, normally down) - I just restarted the server.


Enable it using
service httpd-e-smith start

(although the earlier command given should have started it)
Check status (ie is it running) again
service httpd-e-smith status

& show us the output rather than just saying it's running, you can write it down easily.

Then try accessing server manager again, assuming of course you have Remote access enabled from specific IPs in the server manager panel (if accessing remotely). Remote access is granted. No access!

[lucaegloff]

Hi to all

I was able to generate some files with the logs. I redirected to a file and then put with ftp to another Linux machine I have …
The Pipe seems not to work. All other characters are no problem … I took the broken Pipe and this worked like the Pipe.

@Stefano - The history you asked:

   25  yum install smeserver-sogo --enablerepo=nethsme --enablerepo=sogo
   26  yum install memcached
   30  yum install memcached.i386
   34  yum install smeserver-sogo --enablerepo=nethsme --enablerepo=sogo
  137  yum install make
  191  yum install smeserver-print-monitor --enablerepo=smecontribs


The log of the sshd is simple:

@40000000530de5ec23281194 Received SIGHUP; restarting.
@40000000530de5ec23281964 Server listening on 192.168.1.44 port 22.
@40000000530f1d551e1e904c Received signal 15; terminating.
@40000000530f1de32b93b93c Server listening on 192.168.1.44 port 22.
@40000000530f65ce050047f4 Server listening on 192.168.1.44 port 22.
@40000000530f6a5b06d8b55c Server listening on 192.168.1.44 port 22.
@40000000530f79dc37f5dfd4 Received signal 15; terminating.
@4000000053103e4e1d6c8dfc Server listening on 192.168.1.44 port 22.


I hope you can find something. I try to get more Infos about Sogo on another forum.

Thanks to all
Greetings
Luca

[lucaegloff]

Hi again

In a Sogo-Group a user told me:
"If you can't login ssh then something has seriously gone wrong with the network stack and the box needs to be rebooted for sure."

Is that right?
I tried to log in from the console and get a "permission Denied". At least it's an answer! from a remote host, I receive no answer.
Hope this helps.

Luca

[lucaegloff]

Hi again 

Did I say some thing wrong, or can nobody help me? 

Greetings
Luca

[lucaegloff]

Hi

From an older log file of the sshd I copied this:

@4000000051b4243138b4edfc reverse mapping checking getaddrinfo for ras.beamtele.net failed - POSSIBLE BREAK-IN ATTEMPT!
@4000000051b424340dd684c4 Failed password for root from 183.82.140.11 port 58688 ssh2
@4000000051b42434185d53dc Received disconnect from 183.82.140.11: 11: Bye Bye
@4000000051b4243529b2ef34 reverse mapping checking getaddrinfo for ras.beamtele.net failed - POSSIBLE BREAK-IN ATTEMPT!
@4000000051b424372afb9bd4 Failed password for root from 183.82.140.11 port 58771 ssh2
@4000000051b424373515be9c Received disconnect from 183.82.140.11: 11: Bye Bye
@4000000051b424390b1eac0c reverse mapping checking getaddrinfo for ras.beamtele.net failed - POSSIBLE BREAK-IN ATTEMPT!
@4000000051b4243b19387584 Failed password for root from 183.82.140.11 port 58854 ssh2
@4000000051b4243b2356c69c Received disconnect from 183.82.140.11: 11: Bye Bye
@4000000051b4243c3527ac74 reverse mapping checking getaddrinfo for ras.beamtele.net failed - POSSIBLE BREAK-IN ATTEMPT!
@4000000051b4243e2878c184 Failed password for root from 183.82.140.11 port 58933 ssh2
@4000000051b4243e32aef3e4 Received disconnect from 183.82.140.11: 11: Bye Bye
@4000000051b424400a03cdfc reverse mapping checking getaddrinfo for ras.beamtele.net failed - POSSIBLE BREAK-IN ATTEMPT!
@4000000051b4244129d9208c Failed password for root from 183.82.140.11 port 59004 ssh2
@4000000051b4244134294f44 Received disconnect from 183.82.140.11: 11: Bye Bye
@4000000051b4244309cd7004 reverse mapping checking getaddrinfo for ras.beamtele.net failed - POSSIBLE BREAK-IN ATTEMPT!
@4000000051b424450641e3fc Failed password for root from 183.82.140.11 port 59071 ssh2
@4000000051b4244510684b64 Received disconnect from 183.82.140.11: 11: Bye Bye
@4000000051b4244621c170fc reverse mapping checking getaddrinfo for ras.beamtele.net failed - POSSIBLE BREAK-IN ATTEMPT!
@4000000051b4244822fea034 Failed password for root from 183.82.140.11 port 59144 ssh2
@4000000051b424482d132194 Received disconnect from 183.82.140.11: 11: Bye Bye
@4000000051b4244a041f07e4 reverse mapping checking getaddrinfo for ras.beamtele.net failed - POSSIBLE BREAK-IN ATTEMPT!
@4000000051b4244c126c1274 Failed password for root from 183.82.140.11 port 59215 ssh2
@4000000051b4244c1cbd46e4 Received disconnect from 183.82.140.11: 11: Bye Bye
@4000000051b4244d2ff853ac reverse mapping checking getaddrinfo for ras.beamtele.net failed - POSSIBLE BREAK-IN ATTEMPT!
@4000000051b4244f2f170fb4 Failed password for root from 183.82.140.11 port 59296 ssh2
@4000000051b4244f396b3224 Received disconnect from 183.82.140.11: 11: Bye Bye
@4000000051b424510ec7e5bc reverse mapping checking getaddrinfo for ras.beamtele.net failed - POSSIBLE BREAK-IN ATTEMPT!
@4000000051b424532e7cbfcc Failed password for root from 183.82.140.11 port 59361 ssh2
@4000000051b42453389874ec Received disconnect from 183.82.140.11: 11: Bye Bye
@4000000051b424550e8a9e3c reverse mapping checking getaddrinfo for ras.beamtele.net failed - POSSIBLE BREAK-IN ATTEMPT!
@4000000051b42457136eb564 Failed password for root from 183.82.140.11 port 59442 ssh2
@4000000051b424571d907d34 Received disconnect from 183.82.140.11: 11: Bye Bye
@4000000051b4245910079d64 reverse mapping checking getaddrinfo for ras.beamtele.net failed - POSSIBLE BREAK-IN ATTEMPT!
@4000000051b4245b0e0f4fd4 Failed password for root from 183.82.140.11 port 59517 ssh2
@4000000051b4245b187e495c Received disconnect from 183.82.140.11: 11: Bye Bye
@4000000051b4245c2908d83c Invalid user  from 183.82.140.11
@4000000051b4245c291a8794 reverse mapping checking getaddrinfo for ras.beamtele.net failed - POSSIBLE BREAK-IN ATTEMPT!
@4000000051b4245c291cdd3c input_userauth_request: invalid user
@4000000051b4245c33254cc4 Failed none for invalid user  from 183.82.140.11 port 59601 ssh2
@4000000051b4245d019981fc Received disconnect from 183.82.140.11: 11: Bye Bye
@4000000051b43a641962e8b4 Received signal 15; terminating.
@40000000525d726e0e2d3814 Server listening on 192.168.1.44 port 22.
@40000000525d7273015b678c Invalid user lucaegloff from 192.168.1.60
@40000000525d7273016a731c input_userauth_request: invalid user lucaegloff
@40000000525d727b00cb0e6c Failed password for invalid user lucaegloff from 192.168.1.60 port 56840 ssh2
@40000000525d7281239a8a44 Failed password for invalid user lucaegloff from 192.168.1.60 port 56840 ssh2
@40000000525d728f2f307f6c Failed password for invalid user lucaegloff from 192.168.1.60 port 56840 ssh2
@40000000525d728f2f308b24 Disconnecting: Too many authentication failures for lucaegloff
@40000000525d7296170d5824 Invalid user lucaegloff from 192.168.1.60
@40000000525d72961714979c input_userauth_request: invalid user lucaegloff
@40000000525d729d2c8719ec Failed password for invalid user lucaegloff from 192.168.1.60 port 56841 ssh2
@40000000525d72a52c0f694c Failed password for invalid user lucaegloff from 192.168.1.60 port 56841 ssh2
@40000000525d72ad146c89dc Failed password for invalid user lucaegloff from 192.168.1.60 port 56841 ssh2
@40000000525d72ad146c91ac Disconnecting: Too many authentication failures for lucaegloff
@40000000525d72af15ebfa04 Invalid user lucaegloff from 192.168.1.60
@40000000525d72af15fbc114 input_userauth_request: invalid user lucaegloff
@40000000525d72b50158333c Failed password for invalid user lucaegloff from 192.168.1.60 port 56844 ssh2
@40000000525d72b935fa4e54 Failed password for invalid user lucaegloff from 192.168.1.60 port 56844 ssh2
@40000000525d72c53a125734 Failed password for invalid user lucaegloff from 192.168.1.60 port 56844 ssh2
@40000000525d72c53a1262ec Disconnecting: Too many authentication failures for lucaegloff
@40000000525d72c924333c1c Invalid user lucaegloff from 192.168.1.60
@40000000525d72c924431e84 input_userauth_request: invalid user lucaegloff
@40000000525d72cd15f1e5a4 Failed password for invalid user lucaegloff from 192.168.1.60 port 56849 ssh2
@40000000525d72d426479944 Failed password for invalid user lucaegloff from 192.168.1.60 port 56849 ssh2
@40000000525d72d913c46eb4 Failed password for invalid user lucaegloff from 192.168.1.60 port 56849 ssh2
@40000000525d72d913c47684 Disconnecting: Too many authentication failures for lucaegloff
@40000000525e2bea20d5828c Invalid user lucaegloff from 192.168.1.60
@40000000525e2bea20e5ca84 input_userauth_request: invalid user lucaegloff
@40000000525e2bf818e0d3ec Failed none for invalid user lucaegloff from 192.168.1.60 port 58053 ssh2
@40000000525e2c0028957cfc Failed password for invalid user lucaegloff from 192.168.1.60 port 58053 ssh2
@40000000525e2c071f428e4c Failed password for invalid user lucaegloff from 192.168.1.60 port 58053 ssh2
@40000000525e2c071f42961c Disconnecting: Too many authentication failures for lucaegloff
@40000000525e2c173882f8ec Accepted password for root from 192.168.1.60 port 58054 ssh2
@40000000525e2c8137348f8c Received disconnect from 192.168.1.60: 11: disconnected by user
@40000000525e2c910fd07c1c Failed password for admin from 192.168.1.60 port 58075 ssh2
@40000000525e2c9f1a0dedf4 Accepted password for admin from 192.168.1.60 port 58075 ssh2
@40000000525e2d533542356c Server listening on 192.168.1.44 port 22.

Seems, as if someone has done some damage to my system ...

[lucaegloff]

And from the messages log file I copied this:

Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 108: Duplicate column name 'File_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 114: Duplicate column name 'Grant_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 115: Duplicate column name 'Grant_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 116: Duplicate column name 'Grant_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 127: Duplicate column name 'ssl_type'
Mar  3 15:55:32 lupra mysql.init: ERROR 1061 (42000) at line 138: Duplicate key name 'Grantor'
Mar  3 15:55:32 lupra mysql.init: ERROR 1054 (42S22) at line 164: Unknown column 'Type' in 'columns_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 186: Duplicate column name 'type'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 196: Duplicate column name 'Show_db_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 213: Duplicate column name 'max_questions'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 223: Duplicate column name 'Create_tmp_table_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 226: Duplicate column name 'Create_tmp_table_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 320: Duplicate column name 'Create_view_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 323: Duplicate column name 'Create_view_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 326: Duplicate column name 'Create_view_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 332: Duplicate column name 'Show_view_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 335: Duplicate column name 'Show_view_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 338: Duplicate column name 'Show_view_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 355: Duplicate column name 'Create_routine_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 358: Duplicate column name 'Create_routine_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 361: Duplicate column name 'Create_routine_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 367: Duplicate column name 'Alter_routine_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 370: Duplicate column name 'Alter_routine_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 373: Duplicate column name 'Alter_routine_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 376: Duplicate column name 'Execute_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 379: Duplicate column name 'Execute_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 392: Duplicate column name 'max_user_connections'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 401: Duplicate column name 'Create_user_priv'
Mar  3 15:55:32 lupra mysql.init: ERROR 1060 (42S21) at line 423: Duplicate column name 'Routine_type'
Mar  3 15:55:33 lupra mysql.init: @hadGrantPriv:=1
Mar  3 15:55:33 lupra mysql.init: 1
Mar  3 15:55:33 lupra last message repeated 4 times
Mar  3 15:55:33 lupra mysql.init: @hadShowDbPriv:=1
Mar  3 15:55:33 lupra mysql.init: 1
Mar  3 15:55:33 lupra last message repeated 4 times
Mar  3 15:55:33 lupra mysql.init: @hadCreateViewPriv:=1
Mar  3 15:55:33 lupra mysql.init: 1
Mar  3 15:55:33 lupra last message repeated 4 times
Mar  3 15:55:33 lupra mysql.init: @hadCreateRoutinePriv:=1
Mar  3 15:55:33 lupra mysql.init: 1
Mar  3 15:55:33 lupra last message repeated 4 times
Mar  3 15:55:33 lupra mysql.init: @hadCreateUserPriv:=1
Mar  3 15:55:33 lupra mysql.init: 1
Mar  3 15:55:33 lupra last message repeated 4 times
Mar  3 15:55:33 lupra mysql.init: waiting for mysqld to restart
Mar  3 15:55:33 lupra noip2[3992]: supra….  was already set to 85….
Mar  3 15:55:35 lupra last message repeated 2 times
Mar  3 15:55:38 lupra esmith::event[4151]: Processing event: local 
Mar  3 15:55:38 lupra esmith::event[4151]: Running event handler: /etc/e-smith/events/actions/generic_template_expand
Mar  3 15:55:38 lupra esmith::event[4151]: expanding /etc/sysconfig/kernel 
Mar  3 15:55:38 lupra esmith::event[4151]: expanding /boot/grub/grub.conf 
Mar  3 15:55:38 lupra esmith::event[4151]: generic_template_expand=action|Event|local|Action|generic_template_expand|Start|1393858538 153826|End|1393858538 665951|Elapsed|0.512125
Mar  3 15:55:38 lupra esmith::event[4151]: Running event handler: /etc/e-smith/events/local/S50clear-pptp-interfaces
Mar  3 15:55:38 lupra esmith::event[4151]: S50clear-pptp-interfaces=action|Event|local|Action|S50clear-pptp-interfaces|Start|1393858538 666213|End|1393858538 726987|Elapsed|0.060774
Mar  3 15:55:38 lupra esmith::event[4151]: Running event handler: /etc/e-smith/events/actions/adjust-services
Mar  3 15:55:38 lupra esmith::event[4151]: adjusting supervised yum (once) 
Mar  3 15:55:38 lupra esmith::event[4151]: adjust-services=action|Event|local|Action|adjust-services|Start|1393858538 727276|End|1393858538 810183|Elapsed|0.082907


I don't know how this was produced. Can anyone help?

Greetings
Luca

[lucaegloff]

Hi to all

It seems, that there was Hacker attack. I couldn't repair the database. So I had to install all from scratch.
Thanks for your help.
Greetings
Luca

[Stefano]

Hi to all

It seems, that there was Hacker attack. I couldn't repair the database. So I had to install all from scratch.
Thanks for your help.
Greetings
Luca

in this case you should keep up to date the web apps you expose on wan side

[CharlieBrady]

in this case you should keep up to date the web apps you expose on wan side

Disable ssh access whenever possible. Use RSA keys for authentication, in preference to passwords. Use only very good passwords.

[Charles2008]

I am a bit surprised by this thread.

Here is a user who has concluded that his SME Server has been compromised by hacker attack.

Isn't security one of the key strengths of SME Server?

lucaegloff - do you have any idea how this breach of your server occurred?
Which apps are you running and are they up-to-date (ref. Stefano's suggestion)? 
Are you using "very good passwords" (ref. CharlieBrady's suggestion)?

Disable ssh access whenever possible. Use RSA keys for authentication, in preference to passwords

Charlie, for clarification - are you suggesting that SSH access be disabled totally (WAN and LAN), or only from WAN-side. Also, I am assuming that you are saying that if you have to use SSH from WAN then strongly suggest RSA-keys for authentication.

Is SSH (RSA-key authentication) the most secure/robust option that SME-users now have for remote access?

By the way, I came across this website that explains very well 'password strength' for anyone interested:
https://www.grc.com/passwords.htm
https://www.grc.com/haystack.htm

[janet]

Charles2008

ssh key access has been recommended standard practice for many many years, see
http://wiki.contribs.org/SSH_Public-Private_Keys

[CharlieBrady]

Charlie, for clarification - are you suggesting that SSH access be disabled totally (WAN and LAN), or only from WAN-side.

I am saying *whenever possible*. So disable completely if possible, and disable WAN if that is possible.

Isn't security one of the key strengths of SME Server?

Sure it is. But it isn't a magic bullet. If a user enables WAN password-authenticated ssh access with weak passwords then the system will be broken. Ditto if the user installs additional software which has security flaws. Even without those things, it's not perfect. Nobody ever claimed that it was flawless or unbreakable. Sorry to disillusion you.