Web Hosting Talk






PDA

View Full Version : Critical - Third time v-sites are not accessible

BooBoo
09-23-2002, 10:46 AM
This is getting monotonous. I have a server that is working fine, then all of a sudden, the v-sites are no longer accessible. I can access the Admin GUI, I can ssh in, but the sites are not accessible.

From error log in httpd
[Mon Sep 23 05:32:40 2002] [warn] child process 25111 did not exit, sending another SIGHUP
[Mon Sep 23 05:32:49 2002] [warn] child process 25103 did not exit, sending another SIGHUP
[Mon Sep 23 05:32:49 2002] [warn] child process 25104 did not exit, sending another SIGHUP


[Mon Sep 23 05:32:51 2002] [warn] child process 25111 still did not exit, sending a SIGTERM
[Mon Sep 23 05:32:51 2002] [warn] child process 25103 still did not exit, sending a SIGTERM
[Mon Sep 23 05:32:51 2002] [warn] child process 25104 still did not exit, sending a SIGTERM


[Mon Sep 23 05:32:56 2002] [error] child process 25111 still did not exit, sending a SIGKILL
[Mon Sep 23 05:32:56 2002] [error] child process 25103 still did not exit, sending a SIGKILL
[Mon Sep 23 05:32:56 2002] [error] child process 25104 still did not exit, sending a SIGKILL


[Mon Sep 23 05:32:57 2002] [notice] SIGHUP received. Attempting to restart
[Mon Sep 23 05:33:03 2002] [notice] Apache/1.3.20 Sun Cobalt (Unix) mod_ssl/2.8.4 OpenSSL/0.9.6b PHP/4.1.2 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.25 configured -- resuming normal operations
[Mon Sep 23 05:33:03 2002] [error] (32)Broken pipe: accept: (client socket)


[Mon Sep 23 05:33:04 2002] [crit] (98)Address already in use: make_sock: could not bind to address xx.xx.xx.xx port 443


[Mon Sep 23 06:23:12 2002] [notice] caught SIGTERM, shutting down
[Mon Sep 23 06:28:55 2002] [notice] Apache/1.3.20 Sun Cobalt (Unix) mod_ssl/2.8.4 OpenSSL/0.9.6b PHP/4.1.2 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.25 configured -- resuming normal operations
[Mon Sep 23 06:36:02 2002] [notice] child pid 581 exit signal Segmentation fault (11)


This is getting serious. Any ideas as to what is happening? After I reboot the server, everything appears to be fine. httpd restart does not work, I have not tried admserver restart yet.
cyrusTvirus
09-23-2002, 11:08 AM
Man,

your config is way out of date

<QUOTE>
Apache/1.3.20 Sun Cobalt (Unix) mod_ssl/2.8.4 OpenSSL/0.9.6b PHP/4.1.2 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.25 configured -- resuming normal operations
</QUOTE>

Are you sure you havent been hacked

php is vurn.
SSL is not upgraded and screaming to the world OWN ME OWN ME

Do this to see if you havent been hit by the linux slapper worm

1. Locate and kill the worm process.

netstat -anp | grep 4156 | grep -i UDP
pstree -p
kill -9

2. Locate and kill the backdoor process.

ps -aux | grep update | grep apache
pstree -p
kill -9

HTH Pm me if more support is needed.

Robbert