Stats

Discussion in 'General' started by ivomendonca, Apr 27, 2010.

  1. ivomendonca

    ivomendonca Banned

    Stats user/password are not working for new site in last version.
    And yes i tried admin user.
    No error message to.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    They work for me in 3.0.2.1. Are there any pending jobs in the jobqueue?
     
  3. ivomendonca

    ivomendonca Banned

    Nothing, no error no password combination (that why i write here), maybe i create using admin and then changed to client name and the .htaccess dont have the right permissions.
    I will see that.

    The pain is because the site is in production and is hard to remove and create the site again.

    Is an update from .16 and the old sites work 100%
     
    Last edited: Apr 27, 2010
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    No, thats not related. Which messages appeared in the system log after you had turned on debugging and set a new stats password?

    Please check if the admin user is in the .htpassword_stats file in the root of the website (not the web folder).
     
  5. ivomendonca

    ivomendonca Banned

    the .htpassowrd_stats have admin user.
    The error log only have this stange error.

    [Mon Apr 26 14:15:57 2010] [error] [client 63.246.133.44] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)

    sorry this error more.
    [Fri Apr 16 21:48:26 2010] [error] [client 85.245.7.65] (2)No such file or directory: Could not open password file: /var/www/clients/client4/web20/.htpasswd_stats
     
    Last edited: Apr 27, 2010
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    If the admin line is in that file, then it has been written correctly. Make sure that you did not use any special characters in the password.
     
  7. ivomendonca

    ivomendonca Banned

    yes i have special caracters in my password, never got any problems => the caracter is an ( .
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Please set a new password and use just a-z, A-Z and 0-9 to be sure that it works.
     
  9. yoplait

    yoplait Member

    And you should use a iptables firewall to stop the wootwoot ;) (It is just an advice !)
     
  10. ivomendonca

    ivomendonca Banned

    By hand ? how can i stop that
     
  11. yoplait

    yoplait Member

    there's a lot of howto on internet, but here is my wootwoot line :
    Code:
    /sbin/iptables  -I INPUT -d xx.xx.xx.xx -p tcp --dport 80 -m string --to 70 --algo bm --string 'GET /w00tw00t.at.ISC.SANS.' -j DROP
    
    with xx.xx.xx.xx as your server's ip.
    You can use this command to see what your firewall is doing :
    Code:
    iptables -L
    
    If you don't have any iptables for the moment, think about it for the security of your server !
     
  12. ivomendonca

    ivomendonca Banned

    I have fail2ban for security.

    Yes but the problem is that only work until next reboot, is not right ?
    And Needs to be added manualy again ?
    What i asked if somewone can make that work with fail2ban for example or some other tool.
    Mostly autoban.
    Thanks :)
     
    Last edited: Apr 29, 2010
  13. yoplait

    yoplait Member

    It's just an advice, you can do as you want of course ! ;)

    To do it automaticaly, you can, for example, create a "firewall" file in /etc/init.d/, you can use ever update-rc.d to say when you want it to be execute.
    In this file, you write all the iptables lines you want, and it will be execute for each reload of your server.

    The problem with fail2ban (which is good for a lot of things !), is that the packets have to comme several times to be stopped, but this "wootwoot" uses different IP... with iptables, you stop them, just before they want to come.
     
    Last edited: Apr 29, 2010

Share This Page