Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I own an Apache webserver on a Debian 8 VPS, and i got errors like this in my error log
What kind of attack is that? Is there any solution against?
[Sat Feb 02 07:05:49.618301 2019] [:error] [pid 7679] [client RANDOM_IP_ADDRESS:58746] script '/var/www/html/info1.php' not found or unable to stat
[Sat Feb 02 07:05:49.876335 2019] [:error] [pid 7679] [client RANDOM_IP_ADDRESS:58746] script '/var/www/html/aaaaaa1.php' not found or unable to stat
[Sat Feb 02 07:05:50.134024 2019] [:error] [pid 7679] [client RANDOM_IP_ADDRESS:58746] script '/var/www/html/up.php' not found or unable to stat
[Sat Feb 02 07:05:50.392310 2019] [:error] [pid 7679] [client RANDOM_IP_ADDRESS:58746] script '/var/www/html/test123.php' not found or unable to stat
(and other 300+ errors with random path)
Probably looking for exploitable scripts, perhaps that take GET arguments, etc. to maybe do a mysql injection or something.
Since it is your VPS, you could do something like install/configure fail2ban and have it watch for excessive 404 errors from a specific IP, at which point it will block it via iptables
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I am trying to start apache2 services by running-
sudo service apache2 start
But it is resulting in-
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.
I tried-
sudo systemctl status apache2.service
and it's showing-
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2020-12-08 11:17:18 IST; 7min ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 30529 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
Dec 08 11:17:18 dk systemd[1]: Starting The Apache HTTP Server...
Dec 08 11:17:18 dk apachectl[30535]: chown: invalid user: 'dk'
Dec 08 11:17:18 dk systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
Dec 08 11:17:18 dk systemd[1]: apache2.service: Failed with result 'exit-code'.
Dec 08 11:17:18 dk systemd[1]: Failed to start The Apache HTTP Server.
I am assuming the problem is with invalid user: dk. How can i resolve this?
Also I recently removed one user account which already had LAMP stack installed. Is that the reason why it's showing invalid user?
In new systems, e.g. ubuntu 20 * LTS, the configuration file is /etc/apache2/envvars
look for APACHE_RUN_USER and APACHE_RUN_GROUP.
You must see in the file:
/etc/apache2/apache2.conf
or
/etc/apache2/httpd.conf
what is the entered user and what group
normally it is:
User www-data
Group www-data
or maybe in your case it is "dk"
in addition, you may have specified in the server file that the site location is in a directory owned by "dk".
Check the server configuration with the command:
apachectl configtest
or
sudo apachectl configtest
I am getting this in my apache error_log and I am using AWS
[Mon Oct 31 08:24:47.120132 2016] [:error] [pid 8216] [client 95.213.177.126:34294] script '/var/www/html/azenv.php' not found or unable to stat, referer: https://proxyradar.com/
I wanted to know what does that mean.
It looks like a request was made for /var/www/html/azenv.php, which was not found. That's a standard 404 error, when a request has been made for a non-existent file.
As to WHY the request was made, that's for the sender to determine.
See Apache access log full of unauthorized and suspicious requests, how to take action, which suggests that it is automated scripts looking for vulnerabilities of unpatched servers.
The fact that the file was not found should give you some comfort, because that's one vulnerability to which you were not vulnerable.
I'm new in PHP and I'm facing some problems.
I'm using EasyPHP (DevServer 14.1 -> PHP 5.5.8 and Apache 2.4.7) and CakePHP (2.5.1).
Well, if I put the CakePHP files at "C:\Program Files\EasyPHP\data\localweb\" (then it would be "C:\Program Files\EasyPHP\data\localweb\cake_2_0..." for example), it works fine, as it should.
The problem is: I would like to use alias on EasyPHP, for I don't want to develop at "C:\Program Files...". But when I put the CakePHP files on my application root ("C:\myapps\myproject..." for example, with an alias set on EasyPHP), then I get a "Error 404". Now, I found that if I remove the .htaccess file from root, it works. But I'm sure this file is there for some reason, so I don't feel right just removing it - it might give me more problems later.
Does anyone know anything about it? Can I use alias on EasyPHP if I want to use CakePHP?
Thanks in advance.
Edited
This is my apache_alias.conf (C:\Program Files\EasyPHP-DevServer-14.1VC11\data\conf):
Alias "/cakeblogtutorial" "C:/Programacao/PHP/workspace/CakeBlogTutorial"
<Directory "C:/Programacao/PHP/workspace/CakeBlogTutorial">
Options FollowSymLinks Indexes
AllowOverride All
Order deny,allow
Allow from 127.0.0.1
Deny from all
Require all granted
</Directory>
This is my .htaccess (C:\Programacao\PHP\workspace\CakeBlogTutorial):
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ app/webroot/ [L]
RewriteRule (.*) app/webroot/$1 [L]
</IfModule>
On my httpd.conf (C:\Program Files\EasyPHP-DevServer-14.1VC11\binaries\conf_files), regarding to mod_rewrite (in other words, uncommented):
LoadModule rewrite_module modules/mod_rewrite.so
Last lines on error.log (C:\Program Files\EasyPHP-DevServer-14.1VC11\binaries\apache\logs):
[Mon Jun 02 14:27:48.093057 2014] [:error] [pid 4284:tid 848] [client 127.0.0.1:62831] script 'C:/Program Files/EasyPHP-DevServer-14.1VC11/data/localweb/index.php' not found or unable to stat
[Mon Jun 02 14:34:59.319532 2014] [mpm_winnt:notice] [pid 1992:tid 312] AH00424: Parent: Received restart signal -- Restarting the server.
[Mon Jun 02 14:34:59.982390 2014] [mpm_winnt:notice] [pid 1992:tid 312] AH00455: Apache/2.4.7 (Win32) PHP/5.5.8 configured -- resuming normal operations
[Mon Jun 02 14:34:59.982390 2014] [mpm_winnt:notice] [pid 1992:tid 312] AH00456: Apache Lounge VC11 Server built: Nov 21 2013 20:13:01
[Mon Jun 02 14:34:59.982390 2014] [core:notice] [pid 1992:tid 312] AH00094: Command line: 'C:\\PROGRA~1\\EASYPH~1.1VC\\binaries\\apache\\bin\\eds-httpd.exe -d C:/Program Files/EasyPHP-DevServer-14.1VC11/binaries/apache'
[Mon Jun 02 14:34:59.988391 2014] [mpm_winnt:notice] [pid 1992:tid 312] AH00418: Parent: Created child process 6588
[Mon Jun 02 14:35:01.279844 2014] [mpm_winnt:notice] [pid 6588:tid 364] AH00354: Child: Starting 64 worker threads.
[Mon Jun 02 14:35:01.523147 2014] [mpm_winnt:notice] [pid 4284:tid 364] AH00364: Child: All worker threads have exited.
Last lines on access.log (C:\Program Files\EasyPHP-DevServer-14.1VC11\binaries\apache\logs):
127.0.0.1 - - [02/Jun/2014:15:09:50 -0300] "GET /cakeblogtutorial HTTP/1.1" 301 242
127.0.0.1 - - [02/Jun/2014:15:09:50 -0300] "GET /cakeblogtutorial/ HTTP/1.1" 404 1156
I guess I found the answer - and if so, the RewriteBase is the correct thing to do. From the CakePHP WebSite (http://book.cakephp.org/2.0/en/installation/url-rewriting.html):
For many hosting services (GoDaddy, 1and1), your web server is actually being served from a user directory that already uses mod_rewrite. If you are installing CakePHP into a user directory (http://example.com/~username/cakephp/), or any other URL structure that already utilizes mod_rewrite, you’ll need to add RewriteBase statements to the .htaccess files CakePHP uses (/.htaccess, /app/.htaccess, /app/webroot/.htaccess).
The error message I gen when I try to access the web page server "192.168.50.29/cgi-bin/tinyPL.cgi"; looks like this:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, root#localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/2.2.11 (Fedora) Server at 192.168.50.29 Port 80
Error_log :
[Sat Oct 24 21:30:47 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sat Oct 24 21:30:47 2009] [notice] Digest: generating secret for digest authentication ...
[Sat Oct 24 21:30:47 2009] [notice] Digest: done
[Sat Oct 24 21:30:48 2009] [notice] Apache/2.2.11 (Unix) DAV/2 PHP/5.2.9 mod_ssl/2.2.11 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations
[Sat Oct 24 21:30:50 2009] [error] [client 192.168.50.69] (13)Permission denied: exec of '/var/www/cgi-bin/tinyPL.cgi' failed
[Sat Oct 24 21:30:50 2009] [error] [client 192.168.50.69] Premature end of script headers: tinyPL.cgi
Could any one help me on this!
Your log file will have more details regarding the error, but an Internal Server error on a CGI script usually means that when the server tried to execute your CGI program the expected headers was not present.
In a perl script, that would be (for example):
use CGI qw(:standard);
print header();
Which will print out something like:
Content-type: text/html
Try and run your CGI script from the commandline and see if prints out those lines. The other problem might be due to access permissions. Apache might not be able to execute your script.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I was reviewing the logs for my companies servers today and I discovered that there appears to be an error 336027900 logged every 5 minutes. This is what the log shows:
[Wed Mar 25 15:10:19 2009] [info] [client 127.0.0.1] Connection to child 3 established (server localhost:443)
[Wed Mar 25 15:10:19 2009] [info] Seeding PRNG with 656 bytes of entropy
[Wed Mar 25 15:10:19 2009] [info] [client 127.0.0.1] SSL library error 1 in handshake (server localhost:443)
[Wed Mar 25 15:10:19 2009] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!?
[Wed Mar 25 15:10:19 2009] [info] [client 127.0.0.1] Connection closed to child 3 with abortive shutdown (server localhost:443)
[Wed Mar 25 15:10:20 2009] [info] [client 127.0.0.1] Connection to child 12 established (server localhost:443)
[Wed Mar 25 15:10:20 2009] [info] Seeding PRNG with 656 bytes of entropy
[Wed Mar 25 15:10:20 2009] [info] [client 127.0.0.1] SSL library error 1 in handshake (server localhost:443)
[Wed Mar 25 15:10:20 2009] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!?
[Wed Mar 25 15:10:20 2009] [info] [client 127.0.0.1] Connection closed to child 12 with abortive shutdown (server localhost:443)
Our hosts are all behind a single proxy that is properly setup to handle SSL requests. I verified all of our vhost files have the ports setup appropriately. I have searched Google for this error message and found nothing of use. Any help would be greatly appreciated.
Thanks,
James Armes
Do you have a monitoring application that connects to the server at 5 minute intervals?
That error looks familiar; I believe it occurs when a client connects but attempts to speak HTTP rather than HTTPS.
By the way, if you are doing a reverse proxy, you should look into letting the reverse proxy do the SSL instead of Apache. Clients hit the reverse proxy using SSL on 443, and the reverse proxy decrypts the whole thing and forwards it off to your apache server, who doesn't know a thing about SSL.
Both squid and nginx support it. That way you dont have to mess around with getting SSL working on apache.
this looks like an "Internal Dummy Connection"
here is some more info on it:
http://wiki.apache.org/httpd/InternalDummyConnection
I think Jeff is right...
Some software is connecting to your servers without using ssl, maybe the proxy is sending some packages or some control messages, or you have any monitoring software, that connects each 5 minutes but doesnt take in account the SSL thing.
I've seen this error when attempting to connect with a browser that only has SSLv2 enabled.
The every five minutes thing sounds like Pingability.com (or the like) is hitting you.