spammers are using my server

Virtualmin
1

Hi,

the mail.log and mail.info files increase in size dramatically fast, and syslog, the mail queue is enormous and the load on the server sometimes shoots up to over 30 before going back to normal levels like 0.5 or so.

I checked the spam mail in the mail queue for the headers, and here’s an example:

Received from User (localhost [127.0.0.1]) by penghosting.nl (Postfix) with SMTP id 00B5BA3E6; Thu, 21 Nov 2013 14:59:14 +0000 (GMT)

From "Wells Fargo"online_security_alert@account.com

Subject Wells Fargo - Unread Secured Message !

Date Thu, 21 Nov 2013 08:59:27 -0600

MIME-Version 1.0

Content-Type text/html; charset=“Windows-1251”

Content-Transfer-Encoding 7bit

X-Priority 3

X-MSMail-Priority Normal

X-Mailer Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE Produced By Microsoft MimeOLE V6.00.2600.0000

Message-Id 20131121145915.00B5BA3E6@penghosting.nl

Now, “penghosting.nl” is the domain that, sorry, can’t remember what it’s called, but it’s the one that rules them all :slight_smile:

The name servers that all other servers use are ns1.penghosting.nl and ns2.penghosting.nl

So I don’t know, if showing ‘penghosting.nl’ in the headers of these spam messages means anything.

I checked all the files on penghosting.nl but don’t see anything weird.

What should I do?

Thanks!

2

Somtimes I get this in my mail from lfd:

Time: Thu Nov 21 14:56:31 2013 +0000 PID: 18209 (Parent PID:3409) Account: postfix Uptime: 109 seconds

Executable:

/usr/lib/postfix/smtp

Command Line (often faked in exploits):

smtp -t unix -u -c

Network connections by the process (if any):

tcp: 88.208.193.145:48578 -> 209.188.88.233:25

Files open by the process (if any):

/dev/null
/dev/null
/dev/null
/var/spool/postfix/pid/unix.smtp
anon_inode:[eventpoll]
/var/spool/postfix/active/EF399A38A

Memory maps by the process (if any):

7f8b7b61a000-7f8b7b626000 r-xp 00000000 08:06 222396 /lib/libnss_files-2.11.1.so
7f8b7b626000-7f8b7b825000 —p 0000c000 08:06 222396 /lib/libnss_files-2.11.1.so
7f8b7b825000-7f8b7b826000 r–p 0000b000 08:06 222396 /lib/libnss_files-2.11.1.so
7f8b7b826000-7f8b7b827000 rw-p 0000c000 08:06 222396 /lib/libnss_files-2.11.1.so
7f8b7b827000-7f8b7b831000 r-xp 00000000 08:06 222399 /lib/libnss_nis-2.11.1.so
7f8b7b831000-7f8b7ba30000 —p 0000a000 08:06 222399 /lib/libnss_nis-2.11.1.so
7f8b7ba30000-7f8b7ba31000 r–p 00009000 08:06 222399 /lib/libnss_nis-2.11.1.so
7f8b7ba31000-7f8b7ba32000 rw-p 0000a000 08:06 222399 /lib/libnss_nis-2.11.1.so
7f8b7ba32000-7f8b7ba3a000 r-xp 00000000 08:06 222384 /lib/libnss_compat-2.11.1.so
7f8b7ba3a000-7f8b7bc39000 —p 00008000 08:06 222384 /lib/libnss_compat-2.11.1.so
7f8b7bc39000-7f8b7bc3a000 r–p 00007000 08:06 222384 /lib/libnss_compat-2.11.1.so
7f8b7bc3a000-7f8b7bc3b000 rw-p 00008000 08:06 222384 /lib/libnss_compat-2.11.1.so
7f8b7bc3b000-7f8b7bc53000 r-xp 00000000 08:06 222391 /lib/libpthread-2.11.1.so
7f8b7bc53000-7f8b7be52000 —p 00018000 08:06 222391 /lib/libpthread-2.11.1.so
7f8b7be52000-7f8b7be53000 r–p 00017000 08:06 222391 /lib/libpthread-2.11.1.so
7f8b7be53000-7f8b7be54000 rw-p 00018000 08:06 222391 /lib/libpthread-2.11.1.so
7f8b7be54000-7f8b7be58000 rw-p 00000000 00:00 0
7f8b7be58000-7f8b7be6e000 r-xp 00000000 08:06 219858 /lib/libz.so.1.2.3.3
7f8b7be6e000-7f8b7c06d000 —p 00016000 08:06 219858 /lib/libz.so.1.2.3.3
7f8b7c06d000-7f8b7c06e000 r–p 00015000 08:06 219858 /lib/libz.so.1.2.3.3
7f8b7c06e000-7f8b7c06f000 rw-p 00016000 08:06 219858 /lib/libz.so.1.2.3.3
7f8b7c06f000-7f8b7c071000 r-xp 00000000 08:06 222395 /lib/libdl-2.11.1.so
7f8b7c071000-7f8b7c271000 —p 00002000 08:06 222395 /lib/libdl-2.11.1.so
7f8b7c271000-7f8b7c272000 r–p 00002000 08:06 222395 /lib/libdl-2.11.1.so
7f8b7c272000-7f8b7c273000 rw-p 00003000 08:06 222395 /lib/libdl-2.11.1.so
7f8b7c273000-7f8b7c3f0000 r-xp 00000000 08:06 222397 /lib/libc-2.11.1.so
7f8b7c3f0000-7f8b7c5ef000 —p 0017d000 08:06 222397 /lib/libc-2.11.1.so
7f8b7c5ef000-7f8b7c5f3000 r–p 0017c000 08:06 222397 /lib/libc-2.11.1.so
7f8b7c5f3000-7f8b7c5f4000 rw-p 00180000 08:06 222397 /lib/libc-2.11.1.so
7f8b7c5f4000-7f8b7c5f9000 rw-p 00000000 00:00 0
7f8b7c5f9000-7f8b7c60f000 r-xp 00000000 08:06 222386 /lib/libresolv-2.11.1.so
7f8b7c60f000-7f8b7c80e000 —p 00016000 08:06 222386 /lib/libresolv-2.11.1.so
7f8b7c80e000-7f8b7c80f000 r–p 00015000 08:06 222386 /lib/libresolv-2.11.1.so
7f8b7c80f000-7f8b7c810000 rw-p 00016000 08:06 222386 /lib/libresolv-2.11.1.so
7f8b7c810000-7f8b7c812000 rw-p 00000000 00:00 0
7f8b7c812000-7f8b7c829000 r-xp 00000000 08:06 222392 /lib/libnsl-2.11.1.so
7f8b7c829000-7f8b7ca28000 —p 00017000 08:06 222392 /lib/libnsl-2.11.1.so
7f8b7ca28000-7f8b7ca29000 r–p 00016000 08:06 222392 /lib/libnsl-2.11.1.so
7f8b7ca29000-7f8b7ca2a000 rw-p 00017000 08:06 222392 /lib/libnsl-2.11.1.so
7f8b7ca2a000-7f8b7ca2c000 rw-p 00000000 00:00 0
7f8b7ca2c000-7f8b7cb96000 r-xp 00000000 08:06 226000 /usr/lib/libdb-4.8.so
7f8b7cb96000-7f8b7cd96000 —p 0016a000 08:06 226000 /usr/lib/libdb-4.8.so
7f8b7cd96000-7f8b7cd98000 r–p 0016a000 08:06 226000 /usr/lib/libdb-4.8.so
7f8b7cd98000-7f8b7cd99000 rw-p 0016c000 08:06 226000 /usr/lib/libdb-4.8.so
7f8b7cd99000-7f8b7cdb2000 r-xp 00000000 08:06 227885 /usr/lib/libsasl2.so.2.0.23
7f8b7cdb2000-7f8b7cfb1000 —p 00019000 08:06 227885 /usr/lib/libsasl2.so.2.0.23
7f8b7cfb1000-7f8b7cfb2000 r–p 00018000 08:06 227885 /usr/lib/libsasl2.so.2.0.23
7f8b7cfb2000-7f8b7cfb3000 rw-p 00019000 08:06 227885 /usr/lib/libsasl2.so.2.0.23
7f8b7cfb3000-7f8b7d11b000 r-xp 00000000 08:06 217553 /lib/libcrypto.so.0.9.8
7f8b7d11b000-7f8b7d31b000 —p 00168000 08:06 217553 /lib/libcrypto.so.0.9.8
7f8b7d31b000-7f8b7d328000 r–p 00168000 08:06 217553 /lib/libcrypto.so.0.9.8
7f8b7d328000-7f8b7d340000 rw-p 00175000 08:06 217553 /lib/libcrypto.so.0.9.8
7f8b7d340000-7f8b7d344000 rw-p 00000000 00:00 0
7f8b7d344000-7f8b7d391000 r-xp 00000000 08:06 222411 /lib/libssl.so.0.9.8
7f8b7d391000-7f8b7d590000 —p 0004d000 08:06 222411 /lib/libssl.so.0.9.8
7f8b7d590000-7f8b7d592000 r–p 0004c000 08:06 222411 /lib/libssl.so.0.9.8
7f8b7d592000-7f8b7d598000 rw-p 0004e000 08:06 222411 /lib/libssl.so.0.9.8
7f8b7d598000-7f8b7d5ce000 r-xp 00000000 08:06 230268 /usr/lib/libpostfix-util.so.1.0.1
7f8b7d5ce000-7f8b7d7cd000 —p 00036000 08:06 230268 /usr/lib/libpostfix-util.so.1.0.1
7f8b7d7cd000-7f8b7d7cf000 r–p 00035000 08:06 230268 /usr/lib/libpostfix-util.so.1.0.1
7f8b7d7cf000-7f8b7d7d0000 rw-p 00037000 08:06 230268 /usr/lib/libpostfix-util.so.1.0.1
7f8b7d7d0000-7f8b7d7d1000 rw-p 00000000 00:00 0
7f8b7d7d1000-7f8b7d807000 r-xp 00000000 08:06 230130 /usr/lib/libpostfix-global.so.1.0.1
7f8b7d807000-7f8b7da07000 —p 00036000 08:06 230130 /usr/lib/libpostfix-global.so.1.0.1
7f8b7da07000-7f8b7da0a000 r–p 00036000 08:06 230130 /usr/lib/libpostfix-global.so.1.0.1
7f8b7da0a000-7f8b7da0b000 rw-p 00039000 08:06 230130 /usr/lib/libpostfix-global.so.1.0.1
7f8b7da0b000-7f8b7da0f000 r-xp 00000000 08:06 230126 /usr/lib/libpostfix-dns.so.1.0.1
7f8b7da0f000-7f8b7dc0f000 —p 00004000 08:06 230126 /usr/lib/libpostfix-dns.so.1.0.1
7f8b7dc0f000-7f8b7dc10000 r–p 00004000 08:06 230126 /usr/lib/libpostfix-dns.so.1.0.1
7f8b7dc10000-7f8b7dc11000 rw-p 00005000 08:06 230126 /usr/lib/libpostfix-dns.so.1.0.1
7f8b7dc11000-7f8b7dc20000 r-xp 00000000 08:06 230135 /usr/lib/libpostfix-tls.so.1.0.1
7f8b7dc20000-7f8b7de20000 —p 0000f000 08:06 230135 /usr/lib/libpostfix-tls.so.1.0.1
7f8b7de20000-7f8b7de21000 r–p 0000f000 08:06 230135 /usr/lib/libpostfix-tls.so.1.0.1
7f8b7de21000-7f8b7de22000 rw-p 00010000 08:06 230135 /usr/lib/libpostfix-tls.so.1.0.1
7f8b7de22000-7f8b7de2b000 r-xp 00000000 08:06 230133 /usr/lib/libpostfix-master.so.1.0.1
7f8b7de2b000-7f8b7e02a000 —p 00009000 08:06 230133 /usr/lib/libpostfix-master.so.1.0.1
7f8b7e02a000-7f8b7e02b000 r–p 00008000 08:06 230133 /usr/lib/libpostfix-master.so.1.0.1
7f8b7e02b000-7f8b7e02c000 rw-p 00009000 08:06 230133 /usr/lib/libpostfix-master.so.1.0.1
7f8b7e02c000-7f8b7e04c000 r-xp 00000000 08:06 222388 /lib/ld-2.11.1.so
7f8b7e23a000-7f8b7e243000 rw-p 00000000 00:00 0
7f8b7e249000-7f8b7e24b000 rw-p 00000000 00:00 0
7f8b7e24b000-7f8b7e24c000 r–p 0001f000 08:06 222388 /lib/ld-2.11.1.so
7f8b7e24c000-7f8b7e24d000 rw-p 00020000 08:06 222388 /lib/ld-2.11.1.so
7f8b7e24d000-7f8b7e24e000 rw-p 00000000 00:00 0
7f8b7e24e000-7f8b7e269000 r-xp 00000000 08:06 42188 /usr/lib/postfix/smtp
7f8b7e468000-7f8b7e46b000 r–p 0001a000 08:06 42188 /usr/lib/postfix/smtp
7f8b7e46b000-7f8b7e46c000 rw-p 0001d000 08:06 42188 /usr/lib/postfix/smtp
7f8b7e4fb000-7f8b7e51c000 rw-p 00000000 00:00 0 [heap]
7fff6a6cf000-7fff6a6e4000 rw-p 00000000 00:00 0 [stack]
7fff6a7ff000-7fff6a800000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
3

Howdy,

In the headers, where it says "Received from User " – does it list the actual “User” there?

If so, that likely means that the website belonging to the User was compromised, and that the spammers are sending spam via it.

As a quick fix, you could always disable the site.

But my recommendation would be to review the various web apps they have installed, and to make sure they’re all up to date.

-Eric

4

Ok, I’m in deep troubles now.

In fact, the porblems are bigger because of my own stupid fault. The var partition quickly fille dup, so I checked with ncdu where the big files were. I found some and in stead of quitting ncdu I typed some things I’d normally do in the terminal without looking at the screen. (can’t really type blind. Well I can, but tell that to my eyes.)

Anyway, doing so, I deleted some stuff, for example the var/lib/bind and ar/apt folders.

Now, the server kept on running, I guess it’s all in it’s memory or so. However, today the server wasn’t responding, the var partition at 100%, I had to reboot the server but then the real problems started.

the main domain is “penghosting.nl”, as that does: ns1.penghosting.nl and ns2 for all the other domains.

before rebooting , a couple of days ago, I noticed that the var/lib/bind forlder had gone. So I created a test server to see what a file like that looks like so I could copy it for the servers already on the system. A normal server looks like this:

$ttl 38400 @ IN SOA ns1.penghosting.nl. root.ns1.penghosting.nl. ( 1384611538 10800 3600 604800 38400 ) @ IN NS ns1.penghosting.nl. @ IN NS ns2.penghosting.nl. gran-canaria-info.com. IN A 88.208.193.145 www.gran-canaria-info.com. IN A 88.208.193.145 ftp.gran-canaria-info.com. IN A 88.208.193.145 m.gran-canaria-info.com. IN A 88.208.193.145 localhost.gran-canaria-info.com. IN A 127.0.0.1 webmail.gran-canaria-info.com. IN A 88.208.193.145 admin.gran-canaria-info.com. IN A 88.208.193.145 mail.gran-canaria-info.com. IN A 88.208.193.145 gran-canaria-info.com. IN MX 5 mail.gran-canaria-info.com. gran-canaria-info.com. IN TXT "v=spf1 a mx a:gran-canaria-info.com ip4:88.208.193.145 ?all" autoconfig.gran-canaria-info.com. IN A 88.208.193.145

but now, I can’t even restart apache2, because it can’t find the penghosting.nl something.

It’s a mess and I don’t know what to do.

Am thinking of getting another server and setting it up new and copy sites but hey, that’s going to be a lot of work.

Is there something else I could do to get it up and running again?

Thanks!

5

Forgot to say, can’t get to see virtualmin either, not on the “without domainname” ip address either. I guess the apache for virtualmin can’t start either.

6

Sorry Eric, was so stressed didn’t even properly look at your answer.

Yes, I copied it as it said 100%, didn’t change a word. It says “User”… Not very helpful I guess, is it?

7

Ideally, I’d say reinstall bind and virtualmin: recreate all the zone files

or something like that. But I guess it ain’t that easy…

fking spammers, & fking me as well :wink:

8

Howdy,

Yeah, that does sound like you’re in a bit of a pickle :slight_smile:

As far as BIND goes – one thing you could do to re-create some of those zone files is to disable the BIND DNS Domain feature in Edit Virtual Server -> Enabled Features, and then to re-enable it. That will re-generate that file with the default information.

-Eric

9

But i can’t get into virtualmin just yet…

And how do I do that for, what is it called, the master zone? You know, the one that rest use as ns1. and ns2, in my case: penghosting.nl. How do I recreate that one because I think that’s the main culprit now…

Thanks!

10

What would you do if you had this problem?

Thanks!

At least I still got this, as a reference.

The first one is the one that “rules them all”…

named.conf.local

// // Do any local configuration here //

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include “/etc/bind/zones.rfc1918”;

zone “penghosting.nl” {
type master;
file “/var/lib/bind/penghosting.nl.hosts”;
allow-transfer {
127.0.0.1;
localnets;
};
};
zone “gran-canaria-info.com” {
type master;
file “/var/lib/bind/gran-canaria-info.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
};
};
zone “tek-dek-germany.de” {
type master;
file “/var/lib/bind/tek-dek-germany.de.hosts”;
allow-transfer {
127.0.0.1;
localnets;
};
};
zone “tek-dek-germany.com” {
type master;
file “/var/lib/bind/tek-dek-germany.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “goedkoopnaarspanje.com” {
type master;
file “/var/lib/bind/goedkoopnaarspanje.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “hollandsenieuwe.com” {
type master;
file “/var/lib/bind/hollandsenieuwe.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “girraween.nl” {
type master;
file “/var/lib/bind/girraween.nl.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “allesoversterrenkunde.nl” {
type master;
file “/var/lib/bind/allesoversterrenkunde.nl.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “journalistinturkey.com” {
type master;
file “/var/lib/bind/journalistinturkey.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “journalistinturkije.nl” {
type master;
file “/var/lib/bind/journalistinturkije.nl.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “alternativaslaluna.org” {
type master;
file “/var/lib/bind/alternativaslaluna.org.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “kornesteeg.nl” {
type master;
file “/var/lib/bind/kornesteeg.nl.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “eigenweg.nu” {
type master;
file “/var/lib/bind/eigenweg.nu.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “bloemlezing.nl” {
type master;
file “/var/lib/bind/bloemlezing.nl.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “coledelvalle.org” {
type master;
file “/var/lib/bind/coledelvalle.org.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “doorads.es” {
type master;
file “/var/lib/bind/doorads.es.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “fotogeorgeburggraaff.nl” {
type master;
file “/var/lib/bind/fotogeorgeburggraaff.nl.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “georgefoto.nl” {
type master;
file “/var/lib/bind/georgefoto.nl.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “hansvandenbroek.com” {
type master;
file “/var/lib/bind/hansvandenbroek.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “realcanaryislands.com” {
type master;
file “/var/lib/bind/realcanaryislands.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “alive.net.nz” {
type master;
file “/var/lib/bind/alive.net.nz.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “living-in-trust.com” {
type master;
file “/var/lib/bind/living-in-trust.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “zeelevencoaching.nl” {
type master;
file “/var/lib/bind/zeelevencoaching.nl.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “alivecoaching.nl” {
type master;
file “/var/lib/bind/alivecoaching.nl.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “waterwoorden.nl” {
type master;
file “/var/lib/bind/waterwoorden.nl.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “deining.org” {
type master;
file “/var/lib/bind/deining.org.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “livinglascanteras.com” {
type master;
file “/var/lib/bind/livinglascanteras.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “frederike.nl” {
type master;
file “/var/lib/bind/frederike.nl.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “puravidacanarias.com” {
type master;
file “/var/lib/bind/puravidacanarias.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “tekensvanleven.nl” {
type master;
file “/var/lib/bind/tekensvanleven.nl.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “escort4womengrancanaria.com.disabled” {
type master;
file “/var/lib/bind/escort4womengrancanaria.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “laguetetrailrun.org” {
type master;
file “/var/lib/bind/laguetetrailrun.org.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “peng.es” {
type master;
file “/var/lib/bind/peng.es.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “photosgrancanaria.com” {
type master;
file “/var/lib/bind/photosgrancanaria.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “beterefotosdoorbeterkijken.nl” {
type master;
file “/var/lib/bind/beterefotosdoorbeterkijken.nl.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “heinekencafe.com” {
type master;
file “/var/lib/bind/heinekencafe.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “ceciledumoulin.com” {
type master;
file “/var/lib/bind/ceciledumoulin.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “penggraphics.com” {
type master;
file “/var/lib/bind/penggraphics.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “minigolfyumbo.com” {
type master;
file “/var/lib/bind/minigolfyumbo.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “minigolfjumbo.com” {
type master;
file “/var/lib/bind/minigolfjumbo.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “naturalmentegrancanaria.com” {
type master;
file “/var/lib/bind/naturalmentegrancanaria.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “kurdishmatters.com” {
type master;
file “/var/lib/bind/kurdishmatters.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “kurtisleri.com” {
type master;
file “/var/lib/bind/kurtisleri.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “elangosto.eu.disabled” {
type master;
file “/var/lib/bind/elangosto.eu.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “laspalmaselectricbike.com” {
type master;
file “/var/lib/bind/laspalmaselectricbike.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “canary-content.com” {
type master;
file “/var/lib/bind/canary-content.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “jimmyschmidt.nl” {
type master;
file “/var/lib/bind/jimmyschmidt.nl.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “canarias-ebike.com” {
type master;
file “/var/lib/bind/canarias-ebike.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “grancanariaebike.com” {
type master;
file “/var/lib/bind/grancanariaebike.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “surfhousepozo.com” {
type master;
file “/var/lib/bind/surfhousepozo.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “pozowindsurf.com” {
type master;
file “/var/lib/bind/pozowindsurf.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “windsurfcampgrancanaria.com” {
type master;
file “/var/lib/bind/windsurfcampgrancanaria.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “ursusmarine.nl” {
type master;
file “/var/lib/bind/ursusmarine.nl.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “georgeburggraaff.nl” {
type master;
file “/var/lib/bind/georgeburggraaff.nl.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “georgephoto.com” {
type master;
file “/var/lib/bind/georgephoto.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “hollandpictures.com” {
type master;
file “/var/lib/bind/hollandpictures.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “bandamagolfhotel.com” {
type master;
file “/var/lib/bind/bandamagolfhotel.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “golfhotelbandama.com” {
type master;
file “/var/lib/bind/golfhotelbandama.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “hotelgolfbandama.com” {
type master;
file “/var/lib/bind/hotelgolfbandama.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “bioagaeteculturalsolidario.org” {
type master;
file “/var/lib/bind/bioagaeteculturalsolidario.org.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “lagart.org” {
type master;
file “/var/lib/bind/lagart.org.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “fakesite.org” {
type master;
file “/var/lib/bind/fakesite.org.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “grancanariacongress.com” {
type master;
file “/var/lib/bind/grancanariacongress.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “testwebsite.com” {
type master;
file “/var/lib/bind/testwebsite.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
zone “fotosgrancanaria.com” {
type master;
file “/var/lib/bind/fotosgrancanaria.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
88.208.193.146;
};
};
11

Hmm, yeah, it certainly makes things a bit more difficult if you can’t get into Virtualmin. At least with Virtualmin, you’d be able to perform some restores if you have backups available.

What problem is it that you’re having with Virtualmin at the moment?

And does restarting Webmin help? You can do that with this command:

/etc/init.d/webmin restart

12

That works fine, it stops, then starts, but I get to see nothing. My guess is that apache2 can’t start becuase of it not finding information about the “main” domain of the server, but hey, what do I know, I might be completely wrong :slight_smile:

Is there a log file for the apache that runs webmin?

13

Webmin isn’t run thru Apache, but has its own small webserver called miniserv.pl. Its logs go to /var/webmin.

14

In var/lib/bind are the hosts files for the domains, a ‘normal one’ looks likes this, right:

$ttl 38400 @ IN SOA ns1.penghosting.nl. root.ns1.penghosting.nl. ( 1384611538 10800 3600 604800 38400 ) @ IN NS ns1.penghosting.nl. @ IN NS ns2.penghosting.nl. testwebsite.com. IN A 88.208.193.145 www.testwebsite.com. IN A 88.208.193.145 ftp.testwebsite.com. IN A 88.208.193.145 m.testwebsite.com. IN A 88.208.193.145 localhost.testwebsite.com. IN A 127.0.0.1 webmail.testwebsite.com. IN A 88.208.193.145 admin.testwebsite.com. IN A 88.208.193.145 mail.testwebsite.com. IN A 88.208.193.145 testwebsite.com. IN MX 5 mail.testwebsite.com. testwebsite.com. IN TXT "v=spf1 a mx a:testwebsite.com ip4:88.208.193.145 ?all" autoconfig.testwebsite.com. IN A 88.208.193.145

What does the one for the “main domain” look like, in the above case, the one for penghosting.nl?

Can anybody post an example? Thanks!

15

Thanks!

16

The folder /var/lib/bind only holds the zone files for your BIND domains. It would be easiest to simply toggle the BIND feature in Virtualmin off and on again for all zones, then Virtualmin will recreate all zone files with the proper contents.

You can also do this using the Virtualmin API from a command shell like so:

virtualmin disable-feature --all-domains --dns virtualmin enable-feature --all-domains --dns

provided you actually had DNS enabled for ALL your domains before, otherwise re-enable it individually.

17

I’ve got the first sites up and running, but am having problems with domain names that are aliases for other domains.

Does anybody have a .hosts example for an alias domain?

Thanks!

18

Thanks! I’ll try this now.

19

Thanks Locutus, you saved me a lot of time copying and pasting etc…

The only domains that I’m still having troubles with now are:

server aliases domain (they all seem to point to the default website for an ip in stead of the domain name they’re server to point to if you know what i mean)

websites whose domain name is not 100% the same as the directory in home, for example, fdor my website hollandsenieuwe.com I told virtualmin to use hn as the directory name etc, (login etc), so the website

hollandsenieuwe.com

is found in /home/hn/public_html

These don’t work either, the homepage is found but none of the (relative) links work.

Somebody knows what I shoudl do?

Thanks yet again!

20

Somebody here has the same problem, but through other causes:

https://www.virtualmin.com/node/24981

So I guess I should see if I can get virtualmin up and running somehow, anybody an idea what I could try to get it up and running (restarting webmin works, but I can’t reach it online)?