Today we encountered a problem on one of our servers. Phpmyadmin did not want to launch and our customers had difficulties logging in to our application.

After some research, I found that the problem lies in the /var/log folder.
Just get rid of all unneeded .gz / .bz2 files and the issue should be resolved.

Also, we have put on our to do list : check why on earth we are creating that many log files

Recently we started getting spam complaints for mails that were sent from our server, obviously not deliberately.

Now since we have a whole bunch of sites running on our server, finding out which one was hacked, promised to be a tedious job.
Until… we found this post : How To Log Emails Sent With PHP’s mail() Function To Detect Form Spam

This script will write out all sites using the PHP sendmail function into a log file, making it very easy to find out where the spam is coming from.
It saved us from a very very long night!
We have put the whole content of the wonderful article by till on our blog and made some minor modifications to the explanation.

Hope it helps!

1 Installing the wrapper script

Create a new file that will contain the script:

touch /usr/local/bin/phpsendmail

Use nano, vi or your favorite text editor to edit the file you just created and enter this script:

#!/usr/bin/php
<!--?php 
 
/**
  This script is a sendmail wrapper for php to log calls of the php mail() function.
  Author: Till Brehm, www.ispconfig.org
  (Hopefully) secured by David Goodwin <david @ _palepurple_.co.uk-->
*/
 
$sendmail_bin = '/usr/sbin/sendmail';
$logfile = '/var/log/mail_wrapper.log';
 
//* Get the email content
$logline = '';
$pointer = fopen('php://stdin', 'r');
 
while ($line = fgets($pointer)) {
        if(preg_match('/^to:/i', $line) || preg_match('/^from:/i', $line)) {
                $logline .= trim($line).' ';
        }
        $mail .= $line;
}
 
//* compose the sendmail command
$command = 'echo ' . escapeshellarg($mail) . ' | '.$sendmail_bin.' -t -i';
for ($i = 1; $i &lt; $_SERVER['argc']; $i++) {
        $command .= escapeshellarg($_SERVER['argv'][$i]).' ';
}
 
//* Write the log
file_put_contents($logfile, date('Y-m-d H:i:s') . ' ' . $_ENV['PWD'] . ' ' . $logline, FILE_APPEND);
//* Execute the command
return shell_exec($command);
?&gt;

If you use a different Linux distribution than Debian, the sendmail binary might be in a different location than /usr/sbin/sendmail and you have to change the sendmail path in the line $sendmail_bin = ‘/usr/sbin/sendmail’; of the script.

Now make the script executable…

chmod +x /usr/local/bin/phpsendmail

… and create the logfile and make it writable:

touch /var/log/mail_wrapper.log
chmod ugo+w /var/log/mail_wrapper.log

2 Modifying the php.ini

Now we reconfigure PHP so that it uses our wrapper script to send the emails.

Open the php.ini file…

vi /etc/php5/apache2/php.ini

… and uncomment the sendmail_path line and put the path to the script we created

; For Unix only.  You may supply arguments as well (default: "sendmail -t -i").
sendmail_path = /usr/local/bin/phpsendmail

If you use php as cgi, with suphp or as fcgi, then change the same lines in the file /etc/php5/cgi/php.ini, too.

Restart the Apache webserver to apply the changes.

/etc/init.d/apache2 restart

3 Test the setup

To test this setup, create a new php file with the name mailtest.php in one of your websites with the content:

Then open the file in a webbrowser to execute it. The test message should be logged now into the logfile. Check this with the command:

cat /var/log/mail_wrapper.log

Off course, don’t forget this wonderful command:

tail -f /var/log/mail_wrapper.log

i found this post on the ubuntu forums… works like a charm! kudos to sweisler!

Here’s a synopsis of my VPN setups. I have proven this to work on both x86 and x64 for all 3 VPN types.

Important note/disclaimer: I tested these configurations on VMware Workstation 7 VM’s and a Dell Vostro 220. All installations were fresh installs, not upgrades. Also, please notice that I detail what type of firewall/VPN I am connecting to for each VPN type. There are so many variations on these VPN implementations that it is extremely difficult to generalize a known-good configuration for each.

1. Install various VPN components
a. PPTP

• pptp-linux
• network-manager-pptp

b. VPNC

• vpnc
• network-manager-vpnc

c. OpenConnect

• openconnect
• network-manager-openconnect

2. Reboot

3. PPTP VPN Configuration – This setup works for connecting to ISA 2004/2006 PPTP VPNs. It should work for connecting to MS PPTP VPN implementations in general. I can’t speak for other PPTP VPN implementations.
a. Create new PPTP connection

• VPN Tab Settings

• Set Connection name
• Set Gateway
• Set username (for domain-based user accounts, use domain\username)
• DO NOT SET PASSWORD
• DO NOT SET NT DOMAIN

• PPTP Advanced Options (Advanced button)

• uncheck all auth methods EXCEPT MSCHAPv2
• check “Use Point-to-Point encryption (MPPE)”
  • leave Security set at “All Available (Default)”
  • trying to force encryption level causes this option to become unset
• check “Allow stateful inspection”
• uncheck “Allow BSD Data Compression”
• uncheck “Allow Deflate Data Compression”
• uncheck “Use TCP Header Compression”
• uncheck “Send PPP Echo Packets” (although connection works either checked or unchecked)

• save configuration

b. Initial Connection attempt

• enter password in login box
• DO NOT check either password save box at this time
• once connection establishes, verify remote connectivity – ping, rdp, ssh, etc.
• disconnect VPN session

c. 2nd connection attempt

• enter password in login box
• check both password save option boxes
• once again verify remote connectivity
• disconnect VPN session

d. Subsequent connection attempts

• VPN session should automatically connect using saved auth credentials

4. VPNC VPN Configuration – This setup works connecting to an ASA5510 – software version 8.2(1). I didn’t have any other Cisco devices to test against.
a. Create new VPNC connection

• set connection name
• set Gateway
• set Group Name
• set User Password to “Saved” and enter password
• set Group Password to “Saved” and enter password
• set username
• set domain (if applicable)
• leave Encryption Method at “Secure (Default)”
• set NAT traversal to “NAT-T”
• save configuration

b. Initial Connection attempt

• open VPNC connection
• if prompted, select “Always Allow” if you want connection to be automatic
• verify remote connectivity – ping, rdp, ssh, etc.
• disconnect VPN session

c. Subsequent connection attempts

• open VPNC connection – session should automatically connect

5. OpenConnect VPN Configuration – This setup works connecting to an ASA5510 – software version 8.2(1). I didn’t have any other Cisco devices to test against.
a. Create new OpenConnect connection

• set connection name
• set Gateway
• set Authentication type to “Password/SecurID”
• no need to set username, OpenConnect won’t store it yet
• save configuration

b. Initial connection attempt

• open VPN connection
• check “Automatically start connecting next time”
• click Close
• you will get the “No Valid VPN Secrets” VPN failure message

c. 2nd connection attempt

• open VPN connection
• accept certificate (if prompted)
• change Group (if necessary)
• enter username (may need to be domain\username)
• enter password
• click Login
• if VPN connection fails, see note below
• verify remote connectivity – ping, rdp, ssh, etc.
• disconnect session

d. Subsequent connection attempts

• open VPN connection
• enter password
• session should connect

Note: If you get the “Login Failed” message, cancel and wait 15-30 minutes before attempting to connect again. Also, I ended up having to use the NT style domain\username pair for authentication, even though a Cisco AnyConnect client connecting to the same ASA only requires username.
More Detail: OpenConnect has been brutal to get connected. I got failed attempt after failed attempt. When I checked the NPS (IAS) log and the Security Event log on the W2K8 domain controller, I could see my user account authenticating properly via RADIUS from the ASA. Yet the OpenConnect client came back with a “Login Failed” message. I’m not an ASA expert, so I have no idea what to check in the ASA configuration to troubleshoot this problem, other than the basic AAA configuration. But I believe the problem lies in the ASA configuration because when I get the OpenConnect “Login Failed” message, the AnyConnect client from my Windows laptop fails as well. I think it may be a ridiculously short timeout or max failure setting. Whatever the issue is, I have to wait for some length of time (~15-30 minutes) for whatever the problem is to reset.

However, once I finally get the OpenConnect client to successfully connect, it worked from then on. (Just don’t mess with the connection configuration, or you will get to go thru this whole process again.)
—————————–

P.S. Please leave me feedback for what worked and didn’t work for you. Also, if you can, please post a short description documenting what firewall/VPN device you were connecting to and any modifications you may have made to the VPN connection configuration. Maybe we can make this a thread for known-good configurations.

Thanks.