Hi there,

I have a VPS with Debian Squeeze and Apache2, Mysql and PHP5 on it. It has recently (the last two or three days) been freshly rebuilt after a little crash last week caused by spiking IO, ooming, overloaded Mysql database and something else.

I followed all of the quick start guides in the library, including securing your server, monitoring your server, backing up etc. So I have all the basics installed including munin and monit.

To help me get a visual overview, I installed Openpanel on my freshly rebuilt VPS yesterday. I got the mail server running on it and a couple of mail accounts too.

After having had a few problems on the last build of my VPS, I also uploaded three wordpress web sites back to the server and simply added name based virtual hosts with a index.html page for the rest of my domains. They also worked fine yesterday.

Between last night and this morning (I am in Europe) something happened and there was nothing to see this morning. No sites. Nothing loaded. So I rebooted my server and the sites came back online.

However Openpanel is no longer accessible. The mail server and accounts I set up are no longer working either. I am not sure if this (openpanel's problem) caused my VPS to go down.

I have logwatch coming into my mailbox daily. This morning I had a look at what activity had transpired.

Before I rebuilt my VPS, I saw in my logs that I had a lot of attention from illegal logins and activity in china, france and italy. I still have a lot of attention from someone trying to ilelgally login from china.

I am not sure if their activites last night contributed to my VPS content disappearing from online view. I really dont have a lot of data on the disk. I am only using 8% and I have a 1024 Linode (free upgrade).

Here is some info in the logwatch:

--------------------- SSHD Begin ------------------------


SSHD Killed: 1 Time(s)

SSHD Started: 2 Time(s)

Illegal users from:
211.144.85.58 (reserve.cableplus.com.cn): 5 times
223.4.241.4 (ip223.hichina.com): 318 times

Users logging in through sshd:
trollkyrka:
81.191.63.152 (c983FBF51.dhcp.as2116.net): 57 times


Received disconnect:
11: disconnected by user : 3 Time(s)

SFTP subsystem requests: 53 Time(s)

**Unmatched Entries**
reverse mapping checking getaddrinfo for ip223.hichina.com [223.4.241.4] failed - POSSIBLE BREAK-IN ATTEMPT! : 318 time(s)
reverse mapping checking getaddrinfo for reserve.cableplus.com.cn [211.144.85.58] failed - POSSIBLE BREAK-IN ATTEMPT! : 10 time(s)

---------------------- SSHD End -------------------------

and

--------------------- pam_unix Begin ------------------------

pure-ftpd:
Password Failures:
user unknown: 344 Time(s)
Unknown Entries:
authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=graphology rhost=8.243.33.120.broad.pt.fj.dynamic.163data.com.cn : 172 Time(s)
authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=graphologyorgau rhost=8.243.33.120.broad.pt.fj.dynamic.163data.com.cn : 172 Time(s)


---------------------- pam_unix End -------------------------

and

--------------------- Named Begin ------------------------


Received control channel commands
reload: 3 Time(s)
stop -p: 1 Time(s)

**Unmatched Entries**
adjusted limit on open files from 1024 to 1048576: 2 Time(s)
built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS=': 2 Time(s)
generating session key for dynamic DNS: 2 Time(s)
reading built-in trusted keys from file '/etc/bind/bind.keys': 5 Time(s)
set up managed keys zone for view _default, file 'managed-keys.bind': 2 Time(s)
using default UDP/IPv4 port range: [1024, 65535]: 5 Time(s)
using default UDP/IPv6 port range: [1024, 65535]: 5 Time(s)
using up to 4096 sockets: 2 Time(s)

---------------------- Named End -------------------------

and under

--------------------- Connections (secure-log) Begin ------------------------

Changed password expiry for users:
bind : 1 Time(s)
postfix : 1 Time(s)

**Unmatched Entries**
groupadd: group added to /etc/group: name=bind, GID=112: 1 Time(s)
groupadd: group added to /etc/group: name=openpanel-admin, GID=1004: 1 Time(s)
groupadd: group added to /etc/group: name=openpanel-authd, GID=1002: 1 Time(s)
groupadd: group added to /etc/group: name=openpanel-core, GID=1003: 1 Time(s)
groupadd: group added to /etc/group: name=openpaneluser, GID=1001: 1 Time(s)
groupadd: group added to /etc/group: name=postdrop, GID=111: 1 Time(s)
groupadd: group added to /etc/group: name=postfix, GID=110: 1 Time(s)
groupadd: group added to /etc/gshadow: name=bind: 1 Time(s)
groupadd: group added to /etc/gshadow: name=openpanel-admin: 1 Time(s)
groupadd: group added to /etc/gshadow: name=openpanel-authd: 1 Time(s)
groupadd: group added to /etc/gshadow: name=openpanel-core: 1 Time(s)
groupadd: group added to /etc/gshadow: name=openpaneluser: 1 Time(s)
groupadd: group added to /etc/gshadow: name=postdrop: 1 Time(s)
groupadd: group added to /etc/gshadow: name=postfix: 1 Time(s)
useradd: add 'openpanel-admin' to group 'openpaneluser': 1 Time(s)
useradd: add 'openpanel-admin' to shadow group 'openpaneluser': 1 Time(s)
usermod: change user 'bind' password: 1 Time(s)
usermod: change user 'openpanel-admin' password: 1 Time(s)
usermod: change user 'postfix' password: 1 Time(s)

---------------------- Connections (secure-log) End -------------------------


I am not sure if the above 'unmatched entries' are indication of illegal attempts to access or change something within openpanel or not?

I have spent the last week working on my site everyday to fix the problems that I had with the last build. I am a little at my wits end to know what more I can do to prevent my sites from going down. I am a learner when it comes to servers but I wouldn't say clueless. I would appreciate if anyone can offer some help or tips. I would really like to stop the problems that keep coming up.

This is normally where openpanel is: https://176.58.103.37:4089/ but nothing happens now when I click on this link.

Before I installed openpanel I was thinking to install ISPconfig. Well, right now, if I cannot make openpanel work or appear again, then I guess I will try ISPconfig.

Please, is there anyone who can offer me some suggestions or assistance. I greatly appreciate any feedback.

Greetings,
Jasmin

Ah yes I would like to add that yesterday my www.graphology.org.au web site was working beautifully.

But now I cannot access the blog page: www.graphology.org.au/blog, it keeps coming up with a permission denied. This was never a problem before on this web site or with wordpress. But now, suddenly it has become one after last night.

I previously posted an SOS concerning permission denied to the blog folder on wordpress and thought I had fixed it myself. But now it comes up again. Have already read through and asked on wordpress forums about this problem, but to no avail. So trying again here this time.

Thank you!

The reason for using Openpanel is because I have other people's sites on my VPS and I want them to be able to easily setup mail, ftp accounts, and overview their part of the pie.