Hi my Ubuntu 8.04 LTS, perfect server guide, has been working like a charm except for a few minor troubles. Today, 24th, the mail is down users can receive but end (SMTP is down or very busy). The server is really slow, no ssh, no login, just like: http://www.howtoforge.com/forums/showthread.php?t=50559 No idea if is a hacking because cannot see the logs but after reading the forum it seem so. I'd a big and expensive firewall so I cannot really know what´s happening. So I'll probably need a way to move all data to another server, but there's no easy way to do that. I'd moved the server to another room and rechecked, but still seems too slow, the last change I'd made is change MAXPERIP from 20 to 80 and MAXDAEMONS from 40 to 80. The server is a Dual Core with 2 GB RAM. Any help?. Update: I've disconnected the server from LAN/WAN is very slow at booting jutst before showing " Starting ISPConfig systemm..." and "/root/ispconfig/httpd/bin/apachectl startssl: httpd started" and after that. No user asked. Normally the server could boot in less than 5 mins now it takes several hours. The HDD led activity is really busy so I know that computer is really working. Btw heavy CPU and RAM using, no process showed at top so it must be a Daemon, tried with imapd, postfix, it seems MySQL related because shows an error with mysql stop (ERROR 1045 (28000) : aCCESS DENIED FOR USER ROOT'@'LOCALHOST') and mysqld shows unable to lock ./ibdata1 error: 11... It could be hacked?
Still very slow, I'm going to change my server for remote hosting. Damn my server was really useful. Any help?.
Daemons show up with top as well. If you have a high load but no processes show up, then you should scan your server with chkrootkit and rkhunter to rsure that It is not hacked.
Chkrootkit says I have 2 hidden process from ps command and a possible LKM Trojan. I'll need to stop those process, surely they are wasting the CPU, to exstract all the info and make a new server. RKHunter shows warnings /usr/sbin/adduser /usr/sbin/groups /usr/bin/ldd /usr/bin/lwp-request /bin/which RKHunter shows no rootkit, just those warnings......
The server is still very busy so I'm installing another server, which files should I copy to restore the emails?.
You can use imapsync to restore your emails: http://www.howtoforge.com/how-to-migrate-mailboxes-between-imap-servers-with-imapsync
Thanx, trouble is server 1 is down, I cannot make a backup less try to sync the data. I'm going extract the HDD and connect to another computer to read the files, but I need to know which ones.
I'm using the perfect server guide so no idea. I'd tried imapsync but I got rejected at destination server, strange but is a vmware virtual machine, I'll dig a real one and install ISPConfig 3 and retry. Btw if I make a backup from ISPConfig 2, how do I restore it?, can I restore the backup in ISPConfig 3?
Wow, server started to work, CPU is OK and everything works, I need to move all data to another server, BCK does not copy emails, so what now?
The message is about the supported authentication at destination server. None of the methods are available. So my idea is keep the server running and make an ISPConfig 3 server and then migrate all the data using imapsync if there is not other way available.
