| View previous topic :: View next topic |
| Author |
Message |
jtp755
l33t
Joined: 01 Sep 2003
Posts: 691
Location: USA
|
 Posted: Wed Mar 31, 2004 12:42 am Post subject: Server hacked/Gone bizirk....??? |
 |
|
I just typed a really long post and it got messed up and not posted. yay! NOT 
Heres a summed up version:
This afternoon my server and websites all worked great. I delete a vhost adn reload apache2. Every page on my server only shows the source code to the page now. I updated apache2 a few days ago but i didnt not stop the process or restart it after the update. i think the changes went into effect today when i reloaded the config files. im not sure if thats what caused it or not. I have looked at my config files and they look normal. I am doing my weekly update now and its going to update php. When that gets done i am going to re-emerge apache2 to see if it works. I have also rebooted my server and restarted apache multiple times to no avail.
I have pretty much ruled out being hacked but thats always a possibility. I have looked through my logs and dont see anything suspicious but then again i dont know everything to look for. I am running chkrootkit as i am typing this. There is one question tho....why does the error log for apache keep showing everyone when they goto my sites trying to get the file favicon.gif? It doesnt exist and never has but has always been an error. just curious.
Has this happened to anyone before? How can i fix it? Why did it happen? how can i prevent it in the future? TIA
_________________
www.EternalFireProof.com
Registered Linux User #334610 |
|
| Back to top |
|
 |
schism39401
Tux's lil' helper
Joined: 13 Mar 2003
Posts: 130
|
| Posted: Wed Mar 31, 2004 12:56 am Post subject: |
|
|
when you updated Apache2 did you replace your apache2.conf? If not , are your pages in php? if so check your /etc/conf.d/apache2 and make sure you see
| Code: | | APACHE2_OPTS="-D SSL -D PHP4" |
at least the php part....
HTH
Last edited by schism39401 on Wed Mar 31, 2004 2:58 pm; edited 1 time in total |
|
| Back to top |
|
|
jtp755
l33t
Joined: 01 Sep 2003
Posts: 691
Location: USA
|
| Posted: Wed Mar 31, 2004 1:01 am Post subject: |
|
|
they are in php and that is in my conf. It wasnt until it popped in my head earlier and i added it and restarted apache but it didnt make any differance.
_________________
www.EternalFireProof.com
Registered Linux User #334610 |
|
| Back to top |
|
|
trooper82
n00b
Joined: 15 Mar 2003
Posts: 57
|
| Posted: Wed Mar 31, 2004 2:03 am Post subject: |
|
|
Doesn't the new apache2 (2.0.49) place the conf files in a new location? I think it is in /usr/lib/apache2/conf ? I remember reading that the old directories need to be deleted if doing the upgrade. Hope this helps.
_________________
The band is just fantastic
That's really what I think
Oh, by the way, which one's PINK? |
|
| Back to top |
|
|
jtp755
l33t
Joined: 01 Sep 2003
Posts: 691
Location: USA
|
|
| Back to top |
|
|
dvc5
Guru
Joined: 06 Dec 2003
Posts: 433
Location: Sunnyvale, California
|
| Posted: Wed Mar 31, 2004 2:43 am Post subject: |
|
|
| trooper82 wrote: | | Doesn't the new apache2 (2.0.49) place the conf files in a new location? I think it is in /usr/lib/apache2/conf ? I remember reading that the old directories need to be deleted if doing the upgrade. Hope this helps. |
The conf files stay in the same /etc/apache2/conf/ folder, but the "ServerRoot" folder has changed to /usr/lib/apache2 to get rid of the need for symbolic links to the modules, logs, etc.
_________________
#define NULL rand() /*heh heh heh */
Green Is Good |
|
| Back to top |
|
|
trooper82
n00b
Joined: 15 Mar 2003
Posts: 57
|
| Posted: Wed Mar 31, 2004 2:49 am Post subject: |
|
|
oh ok, my bad.....
_________________
The band is just fantastic
That's really what I think
Oh, by the way, which one's PINK? |
|
| Back to top |
|
|
jtp755
l33t
Joined: 01 Sep 2003
Posts: 691
Location: USA
|
| Posted: Wed Mar 31, 2004 2:58 am Post subject: |
|
|
then its probably good i am emerging apache right now 
Ive lost all my config files tho....i had a ton of vhosts and settings in my apache config. it fits in with my luck today.......
_________________
www.EternalFireProof.com
Registered Linux User #334610 |
|
| Back to top |
|
|
jtp755
l33t
Joined: 01 Sep 2003
Posts: 691
Location: USA
|
| Posted: Wed Mar 31, 2004 3:56 am Post subject: |
|
|
| Quote: |
>>> original instance of package unmerged safely.
* The INI file for this build is /etc/php/cli-php4/php.ini
* The dev-php/php-core package is now obsolete. You should unmerge
* it, and re-merge >=dev-php/php-4.3.4-r2 afterwards to ensure
* your PHP installation is consistant.
* This is a CLI only build.
* You cannot use it on a webserver.
md5sum: //root/.pearrc: No such file or directory
* Caching service dependencies...
>>> dev-php/php-4.3.5 merged.
>>> clean: No packages selected for removal.
|
What does that mean about CANNOT use on a webserver? If i cant use it then what do i use? i still have php-core 4.3.4 installed. do i need to unmerge it? willmy pages still work since it says it cant be used on a webserver? what does the CLI verion do differantly?
_________________
www.EternalFireProof.com
Registered Linux User #334610 |
|
| Back to top |
|
|
dvc5
Guru
Joined: 06 Dec 2003
Posts: 433
Location: Sunnyvale, California
|
| Posted: Wed Mar 31, 2004 4:08 am Post subject: |
|
|
| jtp755 wrote: | | Quote: |
>>> original instance of package unmerged safely.
* The INI file for this build is /etc/php/cli-php4/php.ini
* The dev-php/php-core package is now obsolete. You should unmerge
* it, and re-merge >=dev-php/php-4.3.4-r2 afterwards to ensure
* your PHP installation is consistant.
* This is a CLI only build.
* You cannot use it on a webserver.
md5sum: //root/.pearrc: No such file or directory
* Caching service dependencies...
>>> dev-php/php-4.3.5 merged.
>>> clean: No packages selected for removal.
|
What does that mean about CANNOT use on a webserver? If i cant use it then what do i use? i still have php-core 4.3.4 installed. do i need to unmerge it? willmy pages still work since it says it cant be used on a webserver? what does the CLI verion do differantly? |
That's fine, the php.ini file you want to edit is in /etc/php/apache2-php4/. The other one, as the message points out, is obsolete and not needed for apache2. I'm guessing that you don't have your "apache2" flag set when you built php, and that's why it's telling you that it's a "CLI only build." Here's the USE flags I used for building php and mod_php:
| Code: | loznet conf # emerge -vp php mod_php
These are the packages that I would merge, in order:
Calculating dependencies ...done!
[ebuild R ] dev-php/php-4.3.4-r4 -X +berkdb +crypt -curl -doc -fdftk -firebird -flash -freetds +gd -gd-external +gdbm -gmp -imap -informix +ipv6 +java +jpeg -ldap -mcal -memlimit +mysql +ncurses +nls -oci8 -odbc +pam +pdflib +png -postgres -qt +readline -snmp +spell +ssl -tiff +truetype +xml2 -yaz 0 kB
[ebuild R ] dev-php/mod_php-4.3.4-r4 -X +apache2 +berkdb +crypt -curl -doc -fdftk -firebird -flash -freetds +gd -gd-external +gdbm -gmp -imap -informix +ipv6 +java +jpeg -ldap -mcal -memlimit +mysql +nls -oci8 -odbc +pam +pdflib +png -postgres -qt -snmp +spell +ssl -tiff +truetype +xml2 -yaz 0 kB
Total size of downloads: 0 kB
loznet conf # |
_________________
#define NULL rand() /*heh heh heh */
Green Is Good |
|
| Back to top |
|
|
jtp755
l33t
Joined: 01 Sep 2003
Posts: 691
Location: USA
|
| Posted: Wed Mar 31, 2004 4:29 am Post subject: |
|
|
i DO have the apache2 use flag set and i havent had ne problems updating php til now. what versions of php and mod_php do you have on your server? should i have both mod_php and php on my server now or is php still needed even tho it says its obselete? im out for the night...too frustrated wiht problems and bad luck.
_________________
www.EternalFireProof.com
Registered Linux User #334610 |
|
| Back to top |
|
|
dvc5
Guru
Joined: 06 Dec 2003
Posts: 433
Location: Sunnyvale, California
|
| Posted: Wed Mar 31, 2004 4:34 am Post subject: |
|
|
I have php-4.3.4-r4 and mod_php-4.3.4-r4, haven't had any problems with upgrading. Are you sure you don't have some conflicting configuration in your apache2.conf or commonapache2.conf? Also when you do:
| Code: | | ps -aux | grep apache2 |
You should have a bunch of lines like this:
| Code: | | root 21556 0.0 1.4 19356 7512 ? S 13:17 0:00 /usr/sbin/apache2 -k start -D PHP4 -D SSL |
_________________
#define NULL rand() /*heh heh heh */
Green Is Good |
|
| Back to top |
|
|
jtp755
l33t
Joined: 01 Sep 2003
Posts: 691
Location: USA
|
| Posted: Wed Mar 31, 2004 11:02 am Post subject: |
|
|
I dont have to -D SSL and -D PHP4 in those lines but it is enable in /etc/conf.d/apache2
and i have php 4.3.5 and mod_php 4.3.5. Should i unmerge both and emerge the older one (4.3.4-r4)? also php-core is not install since i removed it last night. do i need it with php 4.3.4-r4?
How can i figure out if i do have a config conflict? and what it is?
I think i am going to DG php and mod_php because it wont work still after a fresh install of apache, php, and mod_php. i think the unstable 4.3.5 version is messed up or something. not sure but i am emerging the 4.3.4-r4 versions now.
_________________
www.EternalFireProof.com
Registered Linux User #334610 |
|
| Back to top |
|
|
Jesore
Apprentice
Joined: 17 Jul 2002
Posts: 232
Location: Nürnberg Germany
|
| Posted: Wed Mar 31, 2004 1:22 pm Post subject: |
|
|
| jtp755 wrote: | | Quote: |
>>> original instance of package unmerged safely.
* The INI file for this build is /etc/php/cli-php4/php.ini
* The dev-php/php-core package is now obsolete. You should unmerge
* it, and re-merge >=dev-php/php-4.3.4-r2 afterwards to ensure
* your PHP installation is consistant.
* This is a CLI only build.
* You cannot use it on a webserver.
md5sum: //root/.pearrc: No such file or directory
* Caching service dependencies...
>>> dev-php/php-4.3.5 merged.
>>> clean: No packages selected for removal.
|
What does that mean about CANNOT use on a webserver? If i cant use it then what do i use? i still have php-core 4.3.4 installed. do i need to unmerge it? willmy pages still work since it says it cant be used on a webserver? what does the CLI verion do differantly? |
The php package can't be used on a webserver (except with CGI) as it is the normal command line interpreter. mod_php is the package that builds the php support for apache. It is perfetly normal that "php" says it is not for webserver use, cause it isn't.
No sign of a problem there.
Jesore |
|
| Back to top |
|
|
jtp755
l33t
Joined: 01 Sep 2003
Posts: 691
Location: USA
|
|
| Back to top |
|
|
rmalolepszy
Apprentice
Joined: 01 Jan 2004
Posts: 167
|
| Posted: Wed Mar 31, 2004 2:34 pm Post subject: |
|
|
Here are a couple things to look for.
In your apache2.conf make sure you have this line.
| Code: | | Include conf/modules.d/*.conf |
Then make sure you have a mod_php module in that directory.
| Code: | | /etc/apache2/conf/modules.d/70_mod_php.conf |
That file should specify your mime types, mime types are what tell an application what type of data a file is (in this case it tells apache how to handle extensions php, phtml, php3, php4 and phps).
| Code: |
<IfModule mod_mime.c>
AddType application/x-httpd-php .php
AddType application/x-httpd-php .phtml
AddType application/x-httpd-php .php3
AddType application/x-httpd-php .php4
AddType application/x-httpd-php-source .phps
</IfModule>
|
I am running net-www/apache-2.0.49, of course there may be some slight differences, but everything should be similar.
NOTE: This is the basic apache2 install, i did not have to change anything, therefore if one of your directories is incomplete, then do not manually change it unless you know what you're doing.
Instead just -
| Code: | | emerge -v apache mod_php |
_________________
Cheers,
Ryan |
|
| Back to top |
|
|
dvc5
Guru
Joined: 06 Dec 2003
Posts: 433
Location: Sunnyvale, California
|
| Posted: Wed Mar 31, 2004 3:45 pm Post subject: |
|
|
| jtp755 wrote: | I dont have to -D SSL and -D PHP4 in those lines but it is enable in /etc/conf.d/apache2
and i have php 4.3.5 and mod_php 4.3.5. Should i unmerge both and emerge the older one (4.3.4-r4)? also php-core is not install since i removed it last night. do i need it with php 4.3.4-r4?
How can i figure out if i do have a config conflict? and what it is?
I think i am going to DG php and mod_php because it wont work still after a fresh install of apache, php, and mod_php. i think the unstable 4.3.5 version is messed up or something. not sure but i am emerging the 4.3.4-r4 versions now. |
For a webserver, I would stick to stable-only packages. You will have less problems in the long run. As for the -D SSL and -D PHP4, for some reason your init script isn't using the configuration you're passing to it, so maybe try the command manually and see if you can get it to work then. If so, we can try to figure out why your init script is ignoring your configuration.
_________________
#define NULL rand() /*heh heh heh */
Green Is Good |
|
| Back to top |
|
|
jtp755
l33t
Joined: 01 Sep 2003
Posts: 691
Location: USA
|
| Posted: Wed Mar 31, 2004 5:14 pm Post subject: |
|
|
i tried manually starting it (/usr/sbin/apache2 and APACHE2_OPTS="-D SSL -D PHP4" apache2) and neither worked. This is gettin extremly aggrivating and frustrating. Where do i have to define the php mime type or something like that?
_________________
www.EternalFireProof.com
Registered Linux User #334610 |
|
| Back to top |
|
|
dvc5
Guru
Joined: 06 Dec 2003
Posts: 433
Location: Sunnyvale, California
|
| Posted: Wed Mar 31, 2004 5:18 pm Post subject: |
|
|
| jtp755 wrote: | | i tried manually starting it (/usr/sbin/apache2 and APACHE2_OPTS="-D SSL -D PHP4" apache2) and neither worked. This is gettin extremly aggrivating and frustrating. Where do i have to define the php mime type or something like that? |
| Code: | | /usr/sbin/apache2 -k start -D PHP4 -D SSL |
Try that command and see what error it spits out. You shouldn't have to define the mime types, the default configuration should work properly for that. Your problem is that apache isn't starting with PHP support to begin with.
_________________
#define NULL rand() /*heh heh heh */
Green Is Good |
|
| Back to top |
|
|
jtp755
l33t
Joined: 01 Sep 2003
Posts: 691
Location: USA
|
|
| Back to top |
|
|
dvc5
Guru
Joined: 06 Dec 2003
Posts: 433
Location: Sunnyvale, California
|
| Posted: Wed Mar 31, 2004 5:33 pm Post subject: |
|
|
| jtp755 wrote: | | that worked great man. your a life saver...now to figure out why it is nt starting right. |
Here's my /etc/init.d/apache2 runscript, maybe diff it with yours and try it out to see if it works:
| Code: | #!/sbin/runscript
# Copyright 1999-2003 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
# $Header: /home/cvsroot/gentoo-x86/net-www/apache/files/2.0.49/apache2.initd,v 1.2 2004/03/26 08:45:49 robbat2 Exp $
opts="${opts} reload"
[ "x${STARTUPERRORLOG}" != "x" ] && APACHE2_OPTS="${APACHE2_OPTS} -d ${STARTUPERRORLOG}"
[ "x${CONFIGFILE}" != "x" ] && APACHE2_OPTS="${APACHE2_OPTS} -f ${CONFIGFILE}"
[ "x${STARTUPERRORLOG}" != "x" ] && APACHE2_OPTS="${APACHE2_OPTS} -E ${STARTUPERRORLOG}"
# set a default for PIDFILE/RESTARTSTYLE for those that FAILED to follow
# instructiosn and update the conf.d/apache2 file.
# (bug #38787)
[ -z "${PIDFILE}" ] && PIDFILE=/var/run/apache2.pid
[ -z "${RESTARTSTYLE}" ] && RESTARTSTYLE="graceful"
checkconfig() {
local myconf="/etc/apache2/conf/apache2.conf"
if [ "x${CONFIGFILE}" != "x" ]; then
if [ ${CONFIGFILE:0:1} = "/" ]; then
myconf="${CONFIGFILE}"
else
myconf="${SERVERROOT:-/usr/lib/apache2}/${CONFIGFILE}"
fi
fi
if [ ! -r "${myconf}" ]; then
eerror "Unable to read configuration file: ${myconf}"
return 1
fi
if [ -z "${PIDFILE}" ]; then
eerror "\$PIDFILE is not set!"
eerror "Did you etc-update /etc/conf.d/apache2?"
return 1
fi
if [ -z "${RESTARTSTYLE}" ]; then
eerror "\$RESTARTSTYLE is not set!"
eerror "Did you etc-update /etc/conf.d/apache2?"
return 1
fi
/usr/sbin/apache2 -t ${APACHE2_OPTS} 1>/dev/null 2>&1
ret=$?
if [ $ret -ne 0 ]; then
eerror "Apache2 has detected a syntax error in your configuration files:"
/usr/sbin/apache2 -t ${APACHE2_OPTS}
fi
return $ret
}
depend() {
need net
use mysql dns logger netmount
after sshd
}
start() {
checkconfig || return 1
ebegin "Starting apache2"
[ -f /var/log/apache2/ssl_scache ] && rm /var/log/apache2/ssl_scache
env -i PATH=$PATH /sbin/start-stop-daemon --quiet \
--start --startas /usr/sbin/apache2 \
--pidfile ${PIDFILE} -- -k start ${APACHE2_OPTS}
eend $?
}
stop() {
ebegin "Stopping apache2"
/usr/sbin/apache2ctl stop >/dev/null
start-stop-daemon -o --quiet --stop --pidfile ${PIDFILE}
eend $?
}
reload() {
# restarting apache2 is much easier than apache1. The server handles most of the work for us.
# see http://httpd.apache.org/docs-2.0/stopping.html for more details
ebegin "Restarting apache2"
/usr/sbin/apache2 ${APACHE2_OPTS} -k ${RESTARTSTYLE}
eend $?
} |
_________________
#define NULL rand() /*heh heh heh */
Green Is Good |
|
| Back to top |
|
|
jtp755
l33t
Joined: 01 Sep 2003
Posts: 691
Location: USA
|
|
| Back to top |
|
|
dvc5
Guru
Joined: 06 Dec 2003
Posts: 433
Location: Sunnyvale, California
|
| Posted: Wed Mar 31, 2004 5:54 pm Post subject: |
|
|
| jtp755 wrote: | | its the same file....i checked side by side each other. What else can i try? |
Are you sure you're killing all apache processes before trying to run the init script?
| Code: | killall -9 apache2
/etc/init.d/apache2 zap
/etc/init.d/apache2 start |
_________________
#define NULL rand() /*heh heh heh */
Green Is Good |
|
| Back to top |
|
|
slestak
Tux's lil' helper
Joined: 13 Jun 2003
Posts: 115
|
| Posted: Wed Mar 31, 2004 6:38 pm Post subject: |
|
|
Also make sure if you kill it, that the stale pid file is removed. I had difficulties restarting apache earlier when making some config changes.
BTW, nice site, EternalFireProof.com... |
|
| Back to top |
|
|
jtp755
l33t
Joined: 01 Sep 2003
Posts: 691
Location: USA
|
| Posted: Wed Mar 31, 2004 6:45 pm Post subject: |
|
|
it seems to work fine now....im not sure why though. maybe the init script got in a bind but i had killed all processed yesterday before i posted and tried and it wouldnt start it gave me [!!] so im not sure exactly what was up...everything seems to work now...except my all my vhosts and all that i lost when i deleted the conf dir y/day...should have had a back up Between today being my girlfriend and I's 2 year anniversary and yall helping me get this problem worked out it has been a very good day thanks alot. Nething else i could look for maybe in the future?
_________________
www.EternalFireProof.com
Registered Linux User #334610
Last edited by jtp755 on Wed Mar 31, 2004 6:58 pm; edited 1 time in total |
|
| Back to top |
|
|
|
Networking & Security
