[00:37] <ScottK> kirkland: Looking at it now.
[00:50] <ScottK> kirkland: Uploaded.  Thank you for your contributioin to Ubuntu.
[01:27] <kirkland> ScottK: :-D  cheers
[01:27] <MatBoy> does someone know anything about advetisements in /etc/motd ?
[01:38] <jmarsden> MatBoy: Read http://www.sabi.co.uk/Notes/linuxHelpAsk.html and avoid "Does someone..." ?  What is your real question?
[01:39] <MatBoy> jmarsden: I just heard from someone about such an advertisement in /etc/modt
[01:39] <jmarsden> That's not a question... what are you trying to do or to fix or ...?
[01:39] <MatBoy> it goes about canonball (or how I type it) ads
[01:39] <MrWGW> specifically
[01:39] <MatBoy> jmarsden: they guy wants it removed :)
[01:39] <MrWGW> it was alleged by someone in #nexenta
[01:40] <MrWGW> that Ubuntu Server, if you do a dpkg-update, IIRC
[01:40] <MrWGW> will replace, every hour, /etc/motd, with a plug for Landscape
[01:40] <Deeps> urrr, lol
[01:41] <MatBoy> Deeps: no fun at all ;)
[01:41] <jmarsden> MatBoy: You can edit the file /etc/motd yourself to remove anything in there.  I'd be very surprised if anyt official package from Ubuntu would mess with it.
[01:41] <jmarsden> MatBoy: Dowe know which package or packages "someone" thinks does this?
[01:41] <ScottK> kirkland: ^^^ I'm not a big fan of the advert for landscape myself.
[01:42] <MatBoy> jmarsden: ask MrWGW he came up with it in different channel and I thought, I will ask :)
[01:42] <MrWGW> indeed
[01:42] <jmarsden> MrWGW: OK... do we know which package is doing this?
[01:42] <MrWGW> actually it was dotwaffle in #nexenta who levied the allegation
[01:42] <MrWGW> they're saying its update-motd
[01:43] <jmarsden> This appears to be related to bug 268447
[01:44] <MrWGW> ok good, so its a bug
[01:44] <MrWGW> whew
[01:44] <Kira> Telnet is not installed/enabled by default on Ubuntu Hardy server, right?
[01:44] <MrWGW> because if you were doing this deliberately I would be pissed
[01:44] <jmarsden> Read the bug, Mark Shuttleworth thinks it is OK, from what I read.  And BTW I am not Canonical, so the "you" is misdirected  :-)
[01:45] <MrWGW> ahh so its not a bug?
[01:45] <MrWGW> woo
[01:46] <jmarsden> MrWGW: Looks like if you remove the landscape-client package you will solve the "problem".  DO you need/use landscape-client?
[01:47] <MrWGW> oh I don't even use Ubuntu Server, I was just curious if this was actually the case
[01:47] <jmarsden> OK, then read all about it in bug 268447 -- end of thread.
[01:48] <MrWGW> hep
[01:48] <MrWGW> yep
[01:48] <MrWGW> rather
[02:22] <jmarsden> MrWGW: I just added a comment to that bug describing one way to remove the ad.
[02:32] <kirkland> jmarsden: MrWGW: ScottK: sudo apt-get remove landscape-common
[02:36] <jmarsden> kirkland: That prevents me from getting the stats in motd; I prefer my way of removing the ad, see comment added to bug 268447
[03:04] <ScottK> kirkland: Sure.  If it's appropriate for Canonical to advertise their proprietary offerings, then it's appropriate for others too.  I'd rather we don't head down that path, but if we do, we do.
[03:14]  * Kamping_Kaiser didnt notice adverts in motd as part of the landscape discussion ;)
[03:14]  * Kamping_Kaiser wonders if his posts were moderated through
[03:37]  * Kamping_Kaiser goes to find out what happened to that thread - not seen it recently
[03:39] <Kamping_Kaiser> heh. i killed it
[03:39] <Kamping_Kaiser> :S'
[04:43] <Sausage> My server has 3 IP addresses, and I want to use something other than the default for opening a new connection under one user or process, can someone help me?
[04:50] <ropetin> Sausage: I'm not sure how much help I can give, but...  Are they all on the same subnet or different ones?
[04:50] <Sausage> Different ones
[04:51] <Sausage> 64.79.197.221, 67.223.236.193 and 209.59.207.58
[04:51] <Sausage> I want to use one to connect a friend to an IRC server using his domain instead of mine.
[04:51] <ropetin> Cool, that helps.  Will any other user or process ever need to connect to the IP(s) that you want to connect to?
[04:51] <Sausage> Well I made him change his domains to use 67.223.236.193 instead, so yes.
[04:52] <ropetin> Hmm, I was going to suggest setting a static route for the destination IP going through the specific device
[04:52] <ropetin> But I guess that won't work
[04:52] <Sausage> If it's possible to change all connections from his account to that IP it would be awesome :(
[04:52] <ropetin> Would an IRC Bouncer helP?
[04:52] <Sausage> I'm using an IRC bouncer.
[04:52] <Sausage> Right now he's using the same one I'm on though.
[04:53] <Sausage> So he's Wolfdog!sausage@tehsausage.com for now
[04:53] <ropetin> And you'd rather he show as @somethingelse?
[04:53] <Sausage> Pretty much.
[04:53] <ropetin> See, I KNEW I wouldn't be much help!
[04:54] <Sausage> XD
[04:54] <Sausage> Still waiting for the DNS changes to kick in though, so it doesn't matter how long I take.
[04:54] <ropetin> :D
[04:54] <Deeps> Sausage: muh and psybnc both allow you to specify an outbound ip
[04:54] <Sausage> Really? I wonder if znc does then.
[04:54] <Sausage> I just dropped psyBNC for being screwy with openvpn (and being hard to set up =[)
[04:54] <Deeps> sbnc does as well i believe
[04:55] <Sausage> Do you know how they actually do it? bind() before connect() or something?
[04:56] <Sausage> Well, that doesn't make sense XD
[04:56] <Deeps> no idea, you're in luck though, they're all open source
[04:56] <Sausage> But something like that.
[04:56]  * Sausage gets the psybnc source
[04:56] <ropetin> Yeah, I just checked, psyBNC seems to allow you to set different vHosts for different users
[04:56] <Sausage> Anyway, looks like znc has no option for that :x
[04:57] <Sausage> I might have to switch back to psyBNC if there's no way.
[04:57] <Sausage> I need to fix mysql too, that's failing since I rebooted XD
[04:57] <Sausage> 081123  4:57:30 [ERROR] mysqld: Can't create/write to file '/var/run/mysqld/mysqld.pid' (Errcode: 2)
[04:57]  * Sausage investigates
[04:58] <Sausage> Directory disappeared, oh well XD
[05:02] <ropetin> It's not your day, is it Sausage?
[05:02] <ropetin>  :D
[05:02] <Sausage> Meh, not so bad
[05:03] <Sausage> I upgraded my VPS, double RAM, bandwidth etc.
[05:03] <ropetin> Which provider?
[05:05] <Sausage> vpslink
[05:05] <Sausage> http://tehsausage.com/bc.txt
[05:05] <Sausage> I don't think I'll be hitting any of those limits any time soon
[05:07] <Sausage> VHost - This is a list of allowed vhosts. It is used by the webadmin module for users to select one. (Set different vhosts in "Settings" on your Webadmin-Interface first - one per line - to make them appear in users configs afterwards)
[05:07] <Sausage> That's in the znc docs, might be able to after all.
[05:18] <Sausage> w00t
[05:18] <Sausage> Wolfdog (wolfdog@daIRC-411416E4.net) has joined #eohax
[05:18] <Sausage> It's cloaked but I can tell what that is :P
[05:21] <ropetin> :D
[06:13] <MrWGW> very good stuff re: that advert
[06:13] <bugfixes> hello all
[06:18] <jmarsden> MrWGW: Yes. Now you (or whoever it was really had the issue on their server) have multiple ways to get rid of the ad :)
[11:50] <AnRkey> my imap server is set to use tls, how can i turn this off? I am using postfix, dovecot-imap, promail, and fetchmail
[11:50] <AnRkey> procmail soz
[11:52] <AnRkey> ok never mind, found it. in /etc/dovecot/dovecot.conf i changed disable_plaintext_auth = yes to no
[14:12] <Santolina> hello ... I am a complete newbie ... I have a Ubuntu server with no graphical environment, and for some reason a couple of hours ago the images folder content (several subfolders with hundreds of jpegs) has DISSAPEARED ... the rest seems to be OK (Apache conf, PHP scripts and MySQL tables) ... any clues of which log files should I check in order to know if somebody has hacked my server?
[14:15] <Santolina> how can I see if somebody has run a rm command recently?
[14:17] <Santolina> which log files should I check in order to know if somebody has hacked my server?
[14:18] <joerlend> if someone has broken your password by brute force, then you'll probably see lots of entries in auth.log
[14:18] <joerlend> however, if someone has taken advantage of a hole in a service, then it might not be possible to see it.
[14:19] <joerlend> if the rm command required root access, then you can see it in auth log too, as all sudo commands are logged. If it didn't, I don't think it's really possible, though you could inspect their history.
[14:23] <Santolina> so my first check should be auth.log?  where is it stored?
[14:25] <Santolina> is there any way a folder content can be deleted for any reason ... and the rest of the disk not?  I have no idea ... a full disk?? this is very strange since I was not logged in when it happened, I just detected it when accessing the web server from home
[14:26] <Deeps> logs for most applications and services can be found in /var/log
[14:26] <Santolina> the only explanation I can see is that somebody deliberately deleted the images folder
[14:27] <joerlend> to delete that folder, would you need to use sudo before the rm command? If so, it will have been logged.
[14:27] <Santolina> no ... I have entered a command to let root login
[14:27] <Deeps> all sudo commands get logged by default!?
[14:28] <joerlend> yes.
[14:28] <Santolina> I don't remember the command, I was tired of typing sudo at any time
[14:28] <Deeps> where?
[14:28] <joerlend> auth.log
[14:28] <Deeps> oh i seee
[14:29] <Santolina> how can I restore the original situation ... forcing me to type sudo before deleting /var/www/images/  ?
[14:30] <Santolina> right now, I can log in as root
[14:30] <Santolina> but at the beginning I could not ... I needed to login as myname and then type sudo before deleting folders outside /home/myname
[14:31] <Deeps> unforuntately, if you have been hacked, the only really safe course of action would be to wipe and start again
[14:32] <Santolina> are there any known holes in Apache2 letting somehow delete folders remotely?
[14:33] <Deeps> the problem wont be in apache, it'll more likely be in your php application
[14:33] <Deeps> (if the attack vector used was via web)
[14:34] <Deeps> poorly coded php websites lead to easy exploits
[14:34] <Santolina> you mean showing PHP errors ?
[14:34] <Santolina> I have set error messages to none
[14:35] <Deeps> well, for starters, you've mentioned php and mysql, have you protected your code against sql injection attacks?
[14:36] <Santolina> you mean escaping ' and " ?
[14:36] <Deeps> there's a bit more to it than that, but that's a good start
[14:37] <Santolina> where can I read about problems that could arise this way?
[14:37] <Deeps> google
[14:38] <Santolina> ok thanks
[14:38] <Santolina> a lto
[14:38] <Santolina> a lot  ;)
[14:40] <Santolina> but ... I supose this way you can run malicious SQL queries ... but is there a way to delete folders by sql injection?
[15:21] <wazon> hi
[15:22] <wazon> could someone tell me how to put my old mail in a dovecot server?
[15:22] <wazon> I've tried creating ".old", but it doesn't appear in squirrelmail
[17:06] <Rob123> anyone here with any webmin experience?
[17:08] <Rob123> I've installed Webmin on a VPS and and now trying to figure out how to create a CSR for an SSL certificate (not sure if I need Virtualmin for this?)
[17:44] <Rob123> hello?
[20:03] <mindframe-> is there another way to create a virtual IP address besides creating a virtual interface?
[20:03] <mindframe-> this situation is causing issues with bandwidth monitoring
[20:03] <mindframe-> since kernel doesnt really create statistics on the virtual interfaces
[23:55] <marshall> hey guay
[23:55] <marshall> *guys
[23:56] <marshall> i've installed apache, php and mysql in my LAMP installation. I also installed phpMyAdmin and Its not allowing me to login as a normal user or as root. it keeps saying access denied for user
[23:56] <marshall> why can't i login to phpMyAdmin?