Apache :: Track Down 2.4 Seg Faults
Jun 16, 2013
I just installed Apache 2.4.4 and it seems to run fine overall. But in my error.log I get about 3 of these every hour or so.error.log:[Sat Jun 15 20:57:44.095961 2013] [core:notice] [pid 31400:tid 16384] AH00052: child pid 1971 exit signal Segmentation fault (11)
track down what causes this? What module? vhost?Otherwise the server seems to run fine. It's on Linux with PHP 5.3.26 and MySQL 5.1.
View 2 Replies
ADVERTISEMENT
Sep 7, 2007
I've been trying to use mod_forensics – [url]-- which has helped on one server track down some one causing the segmentation fault due to trying to abuse FrontPage shtml.dll, but on another server also suffering from regular segmentation faults, this tool has not helped.
What other tools are available to track down the cause(s) of Apache segmentation faults?
View 5 Replies
View Related
Jul 18, 2008
Anytime I've gotten these before, they were stored in:
/var/log/messages
Today (according to logwatch), I got a protection fault in "top".
But when I view /var/log/messages... nothing is there relating to a fault.
The only kernel message that appears is a martian source.
I also hadn't logged into ssh today, isn't "top" an ssh command.
View 9 Replies
View Related
May 25, 2009
Can anyone please tell me how dangerous in fact Apache's TRACE and TRACK functions?
I have read common explanation but would disabling TRACK and TRACE improve my server's ability to fight cross site scripting and similar attacks and make it more secure?
View 1 Replies
View Related
Jun 21, 2008
On and off for a few weeks, I've been getting this showing up in logwatch. Virtually no usable information seems to be on the web about it either:
--------------------- Kernel Begin ------------------------
WARNING: Segmentation Faults in these executables
php-cgi : 3 Time(s)
WARNING: General Protection Faults in these executables
php-cgi : 4 Time(s)
---------------------- Kernel End -------------------------
View 7 Replies
View Related
Apr 7, 2007
My server currently has some problems with DNS/mail, which i can't seem to fix myself. My colocation host offered to help me by giving him root access, but i don't know him very well yet. Is there some kind of script/logtool so i can track everything he did on the server? I don't want him snooping around through my webfiles and databases...
View 13 Replies
View Related
Mar 23, 2009
I'm small hosting provider. On one dedicated server I have around 100 cPanel accounts.
That server is under constant, although not powerful DoS attack.
Since my company domain is not targeted on another server I believe that it is not me but one of my customers that attack is against.
Is there a way, tool, service provider than can help me pin down which account is being hit?
All accounts are on server main shared IP.
Would spreading them on another IPs help? Or would I still see attacks only on main shared IP?
View 7 Replies
View Related
Jun 27, 2009
I'd like to know, is there any way to know about hosting provider, if we have only ip address of the server. i.e.
66.63.181.74 - this is the ip address of my website server, how can i trace the service provider who is giving this hosting service?
View 6 Replies
View Related
Oct 29, 2009
I have a few shred hosting servers I run. One of them keeps getting listed on CBL. It is very frustrating. Does anyone have an tools, tips, or tricks on finding the compromised?
So far I have confirmed that a script is using PHP to send mail out bypassing the MTA. It is faking the HELO and impersonating a well known ISP.
I used a combination of tshark and netstat. tshark can show me the HELO and EHLO. When I see the wrong entry I cross check that with netstat to see what. So Netstat only shows that it was PHP not the script path.
Here are the commands I'm running:
Code:
nohup netstat -c -p -n -e | grep -i ":25" > /var/log/monitor/netstat-smtp.log &
nohup tshark -f "port 25 and src host XX.XX.XX.XX" > /var/log/monitor/tshark-smtp.log &
Then I grep for what I'm looking for:
grep -i "HELO" /var/log/monitor/tshark-smtp.log
Is there a way to get Netstat to show the script path or complete command that is establishing the connection? Currently these scripts are eating up memory to a point that other process or getting killed off.
I also tried to force all mail through the MTA, but When I enable SMTP_BLOCK in my firewall config I get and error:
*WARNING* Cannot use SMTP_BLOCK on this VPS as the Monolithic kernel does not support the iptables module ipt_owner - SMTP_BLOCK disabled.
If there is a better way I'm game. Maybe some IDS that can tell me more of what is going on with the server?
View 14 Replies
View Related
Oct 2, 2008
I am currently developing a web application on a WAMP server. Once complete my client will have some in-house "programmers" make changes to the code as they are needed.
My client wants to track all changes made to the source files (ie- who made the change, when it was made, what files were modified, and what specific lines were added/removed/modified). Also, the program must run on the server and not the programmers computers.
I've searched high and low and only found a couple programs that scratch the surface of what they want.
View 4 Replies
View Related
Aug 10, 2008
how exactly email works. For example, I set my mx record to google apps in order to use google mail with my own domain. Thing is, I can sent from google mail now with my domain email address but cannot send. Furthermore, login to my website email bij www.domain.com/webmail is possible but receiving is impossible and even sending email from that place will not work.
Thinking about it it seems that email is lost
google can send but not receive
from my domain webmail i cannot receive nor send.
View 9 Replies
View Related
Aug 29, 2007
Is there a way I can track the HTTP traffic to which domain is running with high traffic. Due to traffic load I/O wait is increasing. I want to suspend the domain that have the large traffic to avoid down time.
View 4 Replies
View Related
Feb 8, 2007
I've done plenty of searching on DDoS attacks and from what I've found so far it seems that it's "very difficult" track down the person(s) responsible for the attack.
My question is this - could someone actually do it if they were qualified enough? Would a hacker who is well versed in the techniques used be able to find the person(s)? Or is it just simply impossible sometimes?
View 3 Replies
View Related
Sep 28, 2006
I'm working on setting something up for monitoring my bandwidth/traffic on multiple interfaces. I have setup interface aliases so I have eth0, eth0:0, eth0:1 and the issue I'm running into is that it seems snmp cannot tell the diff between the aliased interfaces. I've found references in the cacti forums of using ipchains rules to track the bandwidth, but I've not found a good howto that explains what I need to get going on this.
Any clues/hints?
View 0 Replies
View Related
Oct 7, 2007
What script/application can I install on my linux box to track the bandwidth per each domain?
I currently have no CP, on lighttpd.
View 2 Replies
View Related
May 19, 2008
I have FreeBsd with Cpanel.someone is running attacking perl script from my server.Below is information about that script but it shows / path in command lsof -p 30251 | grep cwd.
PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND
29018 root 96 0 35968K 30528K select 0:03 2.71% 2.69% perl
newinst# lsof -p 30251 | grep cwd
lsof: WARNING: compiled for FreeBSD release 5.5-STABLE; this is 5.3-RELEASE.
perl 29018 root cwd VDIR 4,12 1024 2 /
newinst# ls -la / | more
total 22413
drwxr-xr-x 25 root wheel 1024 May 16 03:23 .
drwxr-xr-x 25 root wheel 1024 May 16 03:23 ..
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .black
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .black.bak
-rw-r--r-- 2 root wheel 801 Nov 5 2004 .cshrc
-rw-r--r-- 1 root wheel 355 Feb 21 2007 .new
-rw-r--r-- 2 root wheel 251 Nov 5 2004 .profile
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .rbl.db
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .rbl.db.bak
drwxrwxr-x 2 root operator 512 Jul 19 2005 .snap
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .uribl.db
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .uribl.db.bak
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .white
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .white.bak
-r--r--r-- 1 root wheel 6184 Nov 5 2004 COPYRIGHT
drwx--x--x 3 root wheel 512 Aug 20 2005 backup
drwxr-xr-x 2 root wheel 1024 Dec 28 2006 bin
drwxr-xr-x 5 root wheel 512 Jul 19 2005 boot
drwxr-xr-x 2 root wheel 512 Jul 19 2005 cdrom
lrwxr-xr-x 1 root wheel 10 Jul 19 2005 compat -> usr/compat
-rw-r--r-- 1 root wheel 177 Dec 5 12:15 cpgd.c
dr-xr-xr-x 4 root wheel 512 May 16 16:23 dev
drwxr-xr-x 2 root wheel 512 Jul 19 2005 dist
-rw------- 1 root wheel 4096 May 13 15:58 entropy
drwxr-xr-x 28 root wheel 4608 May 19 11:57 etc
drwx--x--x 501 root wheel 9216 May 19 01:33 home
drwxr-xr-x 3 root wheel 1024 Jul 19 2005 lib
drwxr-xr-x 2 root wheel 512 Jul 19 2005 libexec
drwxr-xr-x 2 root wheel 512 Nov 5 2004 mnt
drwxr-xr-x 3 root wheel 512 Jul 21 2005 nonexistent
drwxr-xr-x 8 root wheel 512 Oct 30 2007 opt
-rw------- 1 root wheel 22786048 May 16 04:51 perl.core
dr-xr-xr-x 1 root wheel 0 May 19 11:57 proc
drwxr-xr-x 2 root wheel 2560 Jul 19 2005 rescue
drwxr-xr-x 13 root wheel 1024 May 19 01:33 root
drwxr-xr-x 2 root wheel 2560 Jul 19 2005 sbin
drwxr-xr-x 5 root wheel 13824 May 19 01:22 scripts
drwxr-xr-x 4 root wheel 1024 Jul 19 2005 stand
lrwxrwxrwx 1 root wheel 11 Jul 19 2005 sys -> usr/src/sys
drwxrwxrwt 9 root wheel 31744 May 19 11:57 tmp
drwxr-xr-x 21 root wheel 512 Dec 5 12:12 usr
drwxrwxrwx 24 root wheel 512 May 16 16:24 var
where it is localted at/path.
View 10 Replies
View Related
May 18, 2007
I'd like to track the email user agents that our clients use. Basically, I'd like to have something that looks like that:
[url]
View 3 Replies
View Related
May 29, 2007
Logwatch says I send out about 3k emails each day and that is a ridiculous amount. I use postfix and do not run any sort of relay, even for myself. I have IPB 2.2.2, Wordpress 2.0.4, and Gallery 2.x.
How can I track down where these messages are originating from? Or perhaps I am reading my LogWatch file incorrectly?
Quote:
--------------------- postfix Begin ------------------------
17999281 bytes transferred
2460 messages sent
26 messages expired and returned to sender
145 messages removed from queue
Top ten senders:
24 messages sent by:
apache (uid=48):
2 messages sent by:
root (uid=0):
View 4 Replies
View Related
Aug 9, 2007
I'm wondering if theres anything I can install on the server that will either filter or track outgoing spam. I don't want to limit the number of emails sent per hour or anything, I just want to be able to maybe search through some flagged emails or something. Or if they send the exact same email more than x times it can disable their account... I'm not sure
View 1 Replies
View Related
Jul 16, 2008
Often when it comes to choosing or recommending a host, I tend to favor the ones that are larger, and more established such as Hotgator or Downtown Host. But in some other threads, I have seen plenty of people swear by some smaller hosts. Are there some good examples of small hosts that have been around for 3 or more years and have a great reputation?
View 12 Replies
View Related
Sep 6, 2013
I know it's not specifically a plesk issue, but as I use plesk to resell webs and many users install (manually) wordpress, I thought I'll ask around.I would like to know if this can be done with a single sql select or if I would have to use a script to do this:
- track all mysql databases on my server
- find the proper table in each database (as the prefix can be customized, the start of the table name will probably never be the same in two WP installations)
- find the proper field in that table and check the WP version and administrator email
and then what I will do is send an email to those adresses advising them to update WP
View 4 Replies
View Related
Nov 15, 2013
Server Version: Apache/2.2.22 (Unix)
On our production service, we've been getting numerous malformed POST requests to some of our CGI scripts that are showing up as 500 errors in our logs. They are malformed in the sense that the actual content length doesn't match the Content-Length specified in the request.
Here's the most trivial example I can come up with that reproduces the problem for us:
POST /some_valid_alias HTTP/1.1
Host: example.org
User-Agent: Arbitrary/1.0
Content-Type: multipart/form-data; boundary=---------------------------41184676334
Content-Length: 769
-----------------------------41184676334
In addition to the 500 error in the access log, we see the corresponding error in the error log:
(70014)End of file found: Error reading request entity data
Based on the nature of the POST request and the error response, it does appear that Apache is doing the right thing here.
The POST never actually makes it as far as the script being targeted (/some_valid_alias in the above example); in other words, Apache returns 500 to the client, writes the error to the error log and never executes the script.
Is there a way to capture/avoid internal Apache errors like 70014, and return some other HTTP status besides 500 (like 403)? It's particularly annoying in our case, because our server sends us an email for all 500 errors.
So far, our best "defense" against these 500 errors is to disallow POST for these aliases, which normally just ignore the POST data anyway (when the request is not malformed):
RewriteCond %{REQUEST_METHOD} ^POST$
RewriteRule ^/(some_valid_alias)(.*)$ $1$2 [R]
But this won't work for all our scripts, because in some cases we do want to permit POST.
View 2 Replies
View Related
Jul 23, 2007
I've had this problem a long time now with my hosting network and decided to ask here hoping I get some good solutions, or if someone is willing to looking at this (I'll pay if they want).
Here's what I mean:
[url]
Problem is as you can see apache processes constantly rise infinitely, at least until I restart apache (/etc/init.d/httpd restart). The point of restart is shown in red lines.
And after restart, it goes down again for X amount of hours then eventually rises again infinitely until it's restarted again.
But the fact that after restart it remains down, it means it had the potential to be down all along.
So my question is: what could be causing this and does anyone have solution to keep them low at all times (as per graphs)?
View 14 Replies
View Related
May 28, 2008
The Linux Server got down when the MaxClients 256 is reached.
Error Log:
"server reached MaxClients setting, consider raising the MaxClients setting"
So that I have tried to increased the MaxClients Value to 500, after changed the value in httpd.conf and restart I get following error message.
" [notice] SIGHUP received. Attempting to restart
WARNING: MaxClients of 500 exceeds ServerLimit value of 256 servers,
lowering MaxClients to 256. To increase, please see the ServerLimit
directive."
So that I tried changed the Server limit in /usr/local/apache/include/httpd.h header file. but it seems like there is no entry.
Apache Version : 2.2.8
So I have added the ServerLimit 500 entry in httpd.conf file and restart the httpd service. But still shows the same warning mesg. Please help me regarding this.
We have the Dedicated server for Flash Game Server with following configuration.
RHEL4 OS
2GB RAM
Intel(R) Xeon(R) X3210 @ 2.13GHz
Cpanel Installed.
Apache 2.2.8
PHP 5.2.4
MySQL 4.1.2 (MySQL Server is working in differend server)
View 7 Replies
View Related
Mar 22, 2008
I have the following Apache redirect code in .htaccess:
RewriteRule ^sap-latest-news/([0-9]*)/([A-Za-z0-9_-.]*).htm$ /domain.com/app/modules/content/latestNews.php?id=$1 [L]
This redirect works fine on Apache 2.2.8, but doesn't work on Apache 1.3.41
The following is the entry from error_log:
RewriteRule: cannot compile regular expression '^sap-latest-news/([0-9]*)/([A-Za-z0-9_-.]*).htm$'
A simple Rewrite is working fine in Apache 1.3, but the above regualar expression doesn't seem to be working on Apache 1.3. Does anyone know whether Apache 1.3 doesn't support it?
View 3 Replies
View Related
Jun 1, 2007
I am having an issue where I have a server that Directadmin is installed on. I go to the a url that is on the server and all i see is the default page of apache saying congrats, it is installed. Although there is no file like that in the public_html any longer and I can see my files in the public_html folder of that specific site.
View 6 Replies
View Related
Jan 3, 2008
I've been searching around with google regarding how to downgrade the Apache 2.2 which comes with CentOS 5 to Apache 1.3.39.
View 2 Replies
View Related
Jan 12, 2008
I'm building a new server for a predominantly php5/mysql5 website and was wondering which version of apache to put on. I know there are some issues with PHP and Apache in MPM, but what's the performance comparison between Apache 1.3 and Apache 2 Prefork?
View 4 Replies
View Related
Aug 6, 2008
I am trying to install dedicated web server on my Slackware 12.0.0 machine. I am a novice in Linux, but succeeded in MySQL & proFTPd installation. The problem now in httpd compiling.
I downloaded the latest Apache 2.2.9, but it needs Apache Portable Runtime 1.3.2 installed. I downloaded 1.3.2 version and run ./configure
1. checking size of size_t... 4
2. checking which format to use for apr_size_t... %u
3. checking size of off_t... 4
4. checking for mmap64... yes
5. checking for sendfile64... yes
6. checking for sendfilev64... no
7. checking for mkstemp64... yes
8. checking for readdir64_r... yes
9. checking which type to use for apr_off_t... off64_t
10. checking whether ino_t and unsigned long are the same... yes
11. configure: using unsigned long for ino_t
12. checking size of pid_t... 4
13. checking whether byte ordering is bigendian... no
14. checking size of struct iovec... 8
15. checking for strnicmp... no
16. checking for strncasecmp... yes
17. checking for stricmp... no
18. checking for strcasecmp... yes
19. checking for strdup... yes
20. checking for strstr... yes
21. checking for memchr... yes
22. checking for strtoll... yes
23.
24. Checking for DSO...
25. checking for dlopen... no
26. checking for dlopen in -ldl... yes
27. adding "-ldl" to LIBS
28. checking for dlsym... yes
29.
30. Checking for Processes...
31. checking for waitpid... yes
32. checking for Variable Length Arrays... yes
33. checking struct rlimit... yes
34.
35. Checking for Locking...
36. checking for semget... yes
37. checking for semctl... yes
38. checking for flock... yes
39. checking for semaphore.h... (cached) yes
40. checking OS.h usability... no
41. checking OS.h presence... no
42. checking for OS.h... no
43. checking for library containing sem_open... none required
44. checking for sem_close... yes
45. checking for sem_unlink... yes
46. checking for sem_post... yes
47. checking for sem_wait... yes
48. checking for create_sem... no
49. checking for working sem_open... yes
50. checking for union semun in sys/sem.h... no
51. checking for LOCK_EX in sys/file.h... yes
52. checking for F_SETLK in fcntl.h... yes
53. checking for SEM_UNDO in sys/sem.h... yes
54. checking for POLLIN in poll.h sys/poll.h... yes
55. checking for PTHREAD_PROCESS_SHARED in pthread.h... yes
56. checking for pthread_mutexattr_setpshared... yes
57. checking for working PROCESS_SHARED locks... yes
58. checking for robust cross-process mutex support... yes
59. decision on apr_lock implementation method... SysV IPC semget()
60. checking if all interprocess locks affect threads... no
61. checking if POSIX sems affect threads in the same process... no
62. checking if SysV sems affect threads in the same process... no
63. checking if fcntl locks affect threads in the same process... no
64. checking if flock locks affect threads in the same process... no
65. checking for entropy source... /dev/urandom
66.
67. Checking for File Info Support...
68. checking for struct stat.st_blocks... yes
69. checking for struct stat.st_atimensec... no
70. checking for struct stat.st_ctimensec... no
71. checking for struct stat.st_mtimensec... no
72. checking for struct stat.st_atim.tv_nsec... yes
73. checking for struct stat.st_ctim.tv_nsec... yes
74. checking for struct stat.st_mtim.tv_nsec... yes
75. checking for struct stat.st_atime_n... no
76. checking for struct stat.st_ctime_n... no
77. checking for struct stat.st_mtime_n... no
78. checking for inode member of struct dirent... d_fileno
79. checking for file type member of struct dirent... d_type
80.
81. Checking for OS UUID Support...
82. checking uuid.h usability... no
83. checking uuid.h presence... no
84. checking for uuid.h... no
85. checking uuid/uuid.h usability... yes
86. checking uuid/uuid.h presence... yes
87. checking for uuid/uuid.h... yes
88. checking for library containing uuid_create... no
89. checking for library containing uuid_generate... -luuid
90. checking for uuid_create... no
91. checking for uuid_generate... yes
92. checking for os uuid usability... yes
93.
94. Checking for Time Support...
95. checking for struct tm.tm_gmtoff... yes
96. checking for struct tm.__tm_gmtoff... no
97.
98. Checking for Networking support...
99. checking for type in_addr... yes
100. checking if fd == socket on this platform... yes
101. checking style of gethostbyname_r routine... glibc2
102. checking 3rd argument to the gethostbyname_r routines... char
103. checking style of getservbyname_r routine... glibc2
104. checking if TCP_NODELAY setting is inherited from listening sockets... yes
105. checking if O_NONBLOCK setting is inherited from listening sockets... no
106. checking whether TCP_NODELAY and TCP_CORK can both be enabled... yes
107. checking for TCP_CORK in netinet/tcp.h... yes
108. checking for TCP_NOPUSH in netinet/tcp.h... no
109. checking for SO_ACCEPTFILTER in sys/socket.h... no
110. checking whether SCTP is supported... no
111. checking for struct ip_mreq... yes
112. checking for set_h_errno... no
113.
114. Checking for IPv6 Networking support...
115. checking for library containing getaddrinfo... none required
116. checking for library containing gai_strerror... none required
117. checking for library containing getnameinfo... none required
118. checking for gai_strerror... yes
119. checking for working getaddrinfo... yes
120. checking for negative error codes for getaddrinfo... yes
121. checking for working getnameinfo... yes
122. checking for sockaddr_in6... yes
123. checking for sockaddr_storage... yes
124. checking for working AI_ADDRCONFIG... yes
125. checking if APR supports IPv6... yes
126. checking langinfo.h usability... yes
127. checking langinfo.h presence... yes
128. checking for langinfo.h... yes
129. checking for nl_langinfo... yes
130.
131. Restore user-defined environment settings...
132. restoring CPPFLAGS to ""
133. setting EXTRA_CPPFLAGS to "-DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE"
134. restoring CFLAGS to ""
135. setting EXTRA_CFLAGS to "-g -O2 -pthread"
136. restoring LDFLAGS to ""
137. setting EXTRA_LDFLAGS to ""
138. restoring LIBS to ""
139. setting EXTRA_LIBS to "-luuid -lrt -lcrypt -lpthread -ldl"
140. restoring INCLUDES to ""
141. setting EXTRA_INCLUDES to ""
142. configure: creating ./config.status
143. config.status: creating Makefile
144. config.status: creating include/apr.h
145. config.status: creating build/apr_rules.mk
146. config.status: creating build/pkg/pkginfo
147. config.status: creating apr--config
148. config.status: WARNING: 'apr-config.in' seems to ignore the --datarootdir setting
149. config.status: creating apr.pc
150. config.status: creating test/Makefile
151. config.status: creating test/internal/Makefile
152. config.status: creating include/arch/unix/apr_private.h
153. config.status: executing default commands
154. config.status: include/apr.h is unchanged
155. config.status: include/arch/unix/apr_private.h is unchanged
After that I am trying make and have error at the end:
make[1]: Entering directory `/root/build/apr-1.3.2'
/bin/sh /root/build/apr-1.3.2/libtool --silent --mode=link gcc -g -O2 -pthread -DHAVE_CONFIG_H -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -.....
View 0 Replies
View Related