1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Message Log "OverLoad", results; mail/mysql stoppage.

Discussion in 'Plesk for Linux - 8.x and Older' started by miklr, Feb 27, 2006.

  1. miklr

    miklr Guest

    0
     
    Can anyone give me any Ideas as to how to eliminate the constant problem of the message log file in the/var/log directory , becoming so large from brute force attempts logging errors, that it immobilizes my (dv) due to server drive space limits?

    thanks (in advance) for any help,

    miq.r.
     
  2. wagnerch

    wagnerch Guest

    0
     
    What OS are you running? If it is a RH flavor then logrotate will rotate the messages logfile out on a weekly basis.

    Also what are they attacking, ssh? Personally, I would move ssh to a non-standard port. I don't know about you, but I never give users access via ssh -- so I just changed the port.
     
  3. miklr

    miklr Guest

    0
     
    Thanks for the reply,

    I am running RedHat.

    The only problem with rotating log files, is the message log spins up within an hour, and locks up services, way before any rotation would solve it.

    Changing the ssh port is a good solution, but not quite sure how to do that.

    miq.r.
     
  4. wagnerch

    wagnerch Guest

    0
     
    It sounds like you have a deliberate attack. is it all consistently on one service? is it all from one particular IP?

    If it is coming from the same user then firewall them. For sshd, you would modify /etc/ssh/sshd_config and change the ListenAddress to 0.0.0.0:2322 (or whatever port you want to use). ListenAddress may be commented out. You would need to restart sshd for it to take effect.
     
  5. miklr

    miklr Guest

    0
     
    thanks 'wagnerch', think I'll try just setting my logrotate config file, to rotate after it reaches a size limit.

    miq.r.
     
Loading...