Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Lame server resolving errors

Discussion in 'General Discussion' started by mikemikeee, May 24, 2018.

  1. mikemikeee

    mikemikeee Registered

    Joined:
    May 24, 2018
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    đà nẵng
    cPanel Access Level:
    Website Owner
    Hello all,

    Have some wierdness in my logs, wondering if someone can enlighten me as to why, I'm regularly seeing extracts like the following:

    Code:
    Oct 25 11:01:05 box named[14994]: lame server resolving 'tests.so' (in 'so'?): 1.2.3.4#53
    Oct 25 11:01:05 box named[14994]: lame server resolving 'zendextensionmanager.so' (in 'so'?): 1.2.3.4#53
    Oct 25 11:01:05 box named[14994]: lame server resolving '4.so' (in 'so'?): 1.2.3.4#53
    Oct 25 11:01:05 box named[14994]: lame server resolving 'pdf.so' (in 'so'?): 1.2.3.4#53
    Oct 25 11:01:05 box named[14994]: lame server resolving 'geoip.so' (in 'so'?): 1.2.3.4#53
    Oct 25 11:01:05 box named[14994]: lame server resolving 'mailparse.so' (in 'so'?): 1.2.3.4#53

    These are all PECL so's, most of which I dont actually have on the server that is doing it which makes it even wierder.

    I have checked over the machine is question thoroughly, and cant find anything, anywhere, in any logs mentioning these modules (have spent hours manually rummaging through the exim logs, syslogs and apache domlogs/error logs etc)

    I have checked through all the listening process on the server and nothing abnormal shows there, rkhunter and chkrootkit are coming back clean so I am lost as to what is causing this.

    The only potential cause I can see for this is some form of XSS attack, but I cant find anything at all in the logs to back this up, so wondering if anyone has any ideas?
     
    #1 mikemikeee, May 24, 2018
    Last edited by a moderator: May 25, 2018
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,672
    Likes Received:
    1,788
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The "lame server resolving" message indicates your server is not authoritative for the domain names referenced in the message. It's difficult to know for sure where the connection attempt is coming from for those requests (e.g. geoip.so, pdf.so), but the log entry itself doesn't suggest the system is vulnerable. You may want to contact a system administrator to review your system and verify there are no security issues:

    System Administration Services | cPanel Forums

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice