Wierd Httpd Requests

Mar 3, 2007

I've just been having a look through my logwatch e-mail, and have seen the following that I've not seen before:

Code:
A total of 3 unidentified 'other' records logged
GET http:/ /74.52.21.101/index.php2?goto=[url]
HTTP/1.0 with response code(s) 2 404 responses
GET http:/ /74.52.21.100/index.php2?goto=[url]
HTTP/1.0 with response code(s) 2 404 responses
GET http:/ /74.52.21.102/index.php2?goto=[url]
HTTP/1.0 with response code(s) 2 404 responses
NB. I've added a space in the URL to break the link.

what is happening here, as this looks to be something dodgy.

View 3 Replies


ADVERTISEMENT

Wierd Issue With PHP

Apr 11, 2007

Yesterday i have upgraded PHP 4.4.6 to 5.x ,then checked all my scripts/pages and everything was fine.

Today i have upgraded MySQL 4 to 5 and recompiled PHP and scripts are working fine but all my Russian langauge pages are broken,i mean plain php pages ,not those that depends on scripts.

Its wierd,when i am opening them in Firefox they are opening with Win1251 encoding as supposed but when i am opening them in IE they are opening with KOI8 encoding and i have to manualy change teh encoding to Win1251 to view the pages.
This has been confirmed by other users.

View 4 Replies View Related

Install A RPM Is Empty In WHM Wierd

Apr 11, 2007

Today i checked my server and when i click in Install a RPM it shows epmty list!

I tried to rebuild rpm databse it rebuilded it without any error but still empty?

any idea?

Also when i click on Apache Build/Upgrade Is ee this

[a fatal error or timeout occurred while processing this directive]There was an error while fetching [url]

View 9 Replies View Related

Wierd Server2003 Error

May 25, 2007

A client is running a server 2003 box with a couple of game servers. Unfortuantly im noticing that something isnt quite right with some of the pings on the server (at times). Went to ping localhost and look at these results.

C:Documents and SettingsAdministrator>ping 127.0.0.1

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=-987ms TTL=128
Reply from 127.0.0.1: bytes=32 time=-987ms TTL=128
Reply from 127.0.0.1: bytes=32 time=-987ms TTL=128
Reply from 127.0.0.1: bytes=32 time=-987ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = -987ms, Maximum = -987ms, Average = 1073740837ms

Sound like a driver issue to anyone?

View 1 Replies View Related

Wierd Error Message : -12263

Apr 11, 2008

I get this message

mysite.com has sent an incorrect or unexpected message. Error Code: -12263

Any reasons what that means/fix it?

View 2 Replies View Related

Wierd IP Allocation From Colo Company

Feb 7, 2007

Our company currently has colo in NY, UK and Geneva and have recently started to rent some space in an Australian datacentre.

In each of our existing centres we have a /26 range of IP addresses assigned to us (62 usable IPs) and we requested the same for our Australian installation.

The colo company has email us today with our IP range allocation and they seem to have chosen to allocate us 12 seperate /29 ranges (6 usable IPs).

This seems really strange to me, is it normal practise? Why not just assign us one /26 as requested.

Also, our WatchGuard firewalls only accept one range in the configuration and then you add in all of the IP aliases seperatly. If I set a the IP range to bigger than the range we own (to cover all 12 seperate ranges we've been issued) would this cause problems for the people that own the other IPs in this large range?

View 10 Replies View Related

Wierd Htaccess Url Rewrite- Rewrites All Index Files

Apr 19, 2008

I have worked with mod_rewrite for years and never encountered this problem. I am converting html pages to a single php file and it works perfectly. I used htaccess the rewrite the urls to appear the same so that no links would be broken or lose SEO value.

The only problem is that my friend who also helped build the sites added different directories and within those directories are index.htm files that serve as a home page for the separate directory. Like /info/index.htm and /help/index.htm within the root directory. The problem is that for some reason my mod_rewrite directs to the main index.htm rewrite even if I include the whole path to the file. In htaccess I have this so far:

RewriteEngine on

RewriteRule index.htm$ index.php [L]
RewriteRule servers.htm$ index.php?action=servers [L]
RewriteRule movies.htm$ index.php?action=movies [L]
However there is a directory named "info" and inside that directory it has an index.htm file and it seems to conflict with my first mod_rewrite. I tried using:

RewriteRule /info/index.htm$ index.php?action=info [L]
and used other methods but none seem to work any ideas?

View 1 Replies View Related

Is It A Hacking Attempt.. Request Of Wierd Files Along With Unwanted SSL Handshake

Mar 30, 2009

I see following errors in my server ie. httpd error logs:

Code:
[Mon Mar 30 07:23:55 2009] [error] mod_ssl: SSL handshake failed (server localhost:443, client 79.132.204.192) (OpenSSL library error follows)
[Mon Mar 30 07:23:55 2009] [error] OpenSSL: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
[Mon Mar 30 07:23:55 2009] [error] mod_ssl: SSL handshake failed (server localhost:443, client 60.63.241.18) (OpenSSL library error follows)
[Mon Mar 30 07:23:55 2009] [error] OpenSSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol [Hint: speaking not SSL to HTTPS port!?]
[Mon Mar 30 07:23:56 2009] [error] [client 114.224.169.0] File does not exist: /var/www/html/XRkVCfvCJ/GzTk/ChDbhf/-YSDDv/1Sch/2hfMMf/-M0DO/ACDEzXMEM/CYSkGFj/SGXtEUX0W/0KMV/RKJ2fTUDC/bFT/SX00/VtJVht/D1XvJBgHP/5lll.gif
[Mon Mar 30 08:46:42 2009] [error] server reached MaxClients setting, consider raising the MaxClients setting
In last you can see that MySQL reached maximum allowed client ..and it crashed

Also, at regular intervals I see such requests:
/var/www/html/XRkVCfvCJ/GzTk/ChDbhf/-YSDDv/1Sch/2hfMMf/-M0DO/ACDEzXMEM/CYSkGFj/SGXtEUX0W/0KMV/RKJ2fTUDC/bF/SX00/VtJVht/D1XvJBgHP/5lll.gif

Also I see SSL handshake failure notices while I do not have any SSL cert or SSL running site on this server.

View 4 Replies View Related

Over 200 Requests Per Second From The Same 5 IPs

Oct 19, 2009

I block them in htaccess but their repeated attacks is making my server load crazy.

I installed AFP but it doesn't do anything, where do I set rules on automatic blocking?

View 14 Replies View Related

SQL Server Using Maxmimum Httpd Connection On My Httpd Server

Feb 6, 2007

i am using seperate server for sql .But my httpd server failed many time when i checked maximum number of httpd connection then my sql server using too many connection what is the reason of this problem . Is my sql server using as a slave in a ddos attack or sql server need http connection?

View 2 Replies View Related

HTTP Requests With Crontab?

Apr 20, 2005

I set up a cron to run every minute & I'm running a PHP script by way of cron like

wget http://example.com/some_script.php

Now does each request of Cron is a seperate HTTP Request or what? Say my script takes more than 1 minute to execute completely but before its completed, its called again. So, will that effect the PHP script running because of previous HTTP Request or will it create a new HTTP Request & let the previous request finish its operation? Technically, it shouldn't block/affect the previous request, but I'm not sure!!

View 6 Replies View Related

Should I Block Ping Requests

Jul 25, 2009

Should I block ping request to my servers from WAN?

View 12 Replies View Related

Server Sending Bad Requests

Jul 25, 2008

my server is still effed up from the MPack attack that I received.

I just received the following email, does anyone know what this means or how it could be done? The client IP is mine, so some how my server is sending that request?

72.233.79.2 (malwarebytes.org) Server Log:

[Thu Jul 24 13:05:07 2008] [error] [client 72.55.184.144] mod_security:
Access denied with code 403. Pattern match ".../" at THE_REQUEST
[id "300006"] [rev "1"] [msg "Bogus Path denied"] [severity "CRITICAL"]
[hostname "www.malwarebytes.org"] [uri
"/errors.php?error=[url][unique_id "tNAGeH8AAAEAAEsfD7wAAAAO"]
[Thu Jul 24 13:05:07 2008] [error] [client 72.55.184.144] mod_security:
Access denied with code 403. Pattern match ".../" at THE_REQUEST
[id "300006"] [rev "1"] [msg "Bogus Path denied"] [severity "CRITICAL"]
[hostname "www.malwarebytes.org"] [uri
"/forums/errors.php?error=[url][unique_id
"tNAPAn8AAAEAAD7mqWQAAAAl"]

[url]is the RKHunter scan log
[url]is the ChkRootKit scan log.

I'm going through this thread right now:
[url]("How-to detect a possible intruder?") and I've come across a handful of hidden directories:

/home/mifbody/public_html/vbulletin/arcade/images/. /. /xh
/home/mifbody/public_html/vbulletin/arcade/images/. /. /xhide.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/convertxdccfile.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_admin.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_dccchat.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_display.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_main.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_md5.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_misc.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_statefile.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_transfer.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_upload.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /obj/iroffer_utilities.o
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/convertxdccfile.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_admin.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_config.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_dccchat.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_defines.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_display.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_globals.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_headers.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_main.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_md5.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_md5.h
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_misc.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_statefile.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_transfer.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_upload.c
/home/mifbody/public_html/vbulletin/arcade/images/. /. /src/iroffer_utilities.c

I was able to successfully delete all the files, but how do I now get rid of the directories themselves? When I do:
rm -fr "/arcade/images/. /"
and then locate ". "
I still get:

/home/mifbody/public_html/vbulletin/adserver/banners/.
/home/mifbody/public_html/vbulletin/alice/src/admin/.
/home/mifbody/public_html/vbulletin/arcade/images/.

View 2 Replies View Related

Pending Requests To Mellowhost

Oct 31, 2008

I think mellowhost has gone now,

I have some pending request and helps request.

there is nothing to reply.

even the ffmpeg services have some error and they only 3mb allow to upload file.

i dont know happen to this company...

I post here not for bad reviews, otherwise to call their attentions.

because even i use the forums for mellowhost, and submit some tickets. nothing response from them.

View 4 Replies View Related

Over 1000 Http Requests

Jan 12, 2008

Quote:

netstat -anpl|grep 80|grep 74.xx.179.xxx|wc -l
990

I observed too many http requests into the server, so just wonder how your guys twaek server to accept over 1000 request and more?

View 8 Replies View Related

Way To Block Too Many POST Requests

Apr 17, 2007

if there is a rule to add to firewall or mod_security to ban any IP which is sending more xx number of POST requests to the same URL?

View 6 Replies View Related

What Else Would Be Blocking HTTP Requests

Jan 19, 2007

I have a guy who can't get to any of the 100 or so virtual hosts on my RHEL3 server.

It's running the latest Apache RPM from RedHat. I also have mod_evasive and mod_security running.

Here's what I know. The guy *CAN* connect via SSH and FTP. The guy *CAN* see the default web page when he hits the IP in his web browser (e.g. he types [url]into the address bar on IE). But when he uses any of the host names on the server he *CAN NOT* see anything. He gets timeout errors.

His IP in NOT in ANY error logs, it's not in mod_evasive or mod_security, it's not in IPTABLES, it's not anywhere I can see.

I must be missing something. Anyone have any ideas?

What would be in front of Apache blocking his requests?

View 5 Replies View Related

# Of Apache Requests - Modify

Feb 8, 2007

I have a dedicated box with softlayer and I have noticed at varying times the past few months that with sites we host, sometimes the connection times out (I'll try to access like 5 or 6 sites within 30 seconds or so and they all drop, then a minute later they load fine).

I opened a support ticket and they said it usually has to do with the # of requests Apache can handle, and that this can be modified. They stated they could: "tweak the apache configuration file in this server that can make it possible to handle more requests."

So my question is what should the # of requests be set to? (I'm not sure what it is now, but I assume whatever the default # is).

View 6 Replies View Related

QMail Sending All Requests As Spam

Mar 28, 2008

I have a Qmail server that is using relays.ordb.org

As you probaly know this shut down two years ago. But is now sending all requests as spam. No one is recieving there emails.

this a Standard Qmail,with a hacked qmail-send witch intergrates with Mysqld.

is not installed with qmailroks, or supervise. Can't find the config text file.

how can we remove traces or referrences to relays ordb.org

View 11 Replies View Related

Block GET Requests To Specific Files

Apr 12, 2009

I am getting a lot of GET requests from different IPs to 4 nonexistent PHP files on my server. Is there any way to block the requests to avoid the resources use of apache that these requests are generating?

I have installed mod_security but Im not sure about how the block rule should be.

The requests are going to images/log.php, images/log2.php, images/log3.php and images/logi.php of one of the sites hosted on the server, is there any way to block there requests for a specific domain or path?

View 3 Replies View Related

Is There Any Software That Monitors Speed Of Requests

Jun 26, 2009

We're trying to optimize the speed of our website. It's hosted on its own box.

We're looking for software that will monitor/aggregate the time it takes for certain requests -- For example, we would like to see which files it takes the longest to serve.

Is there server-side software that will take care of this?

Linux/Apache/PHP/SQL

View 8 Replies View Related

Lots Of Keepalive Requests In Apache

Mar 31, 2008

I have been experiencing a lot of Keepalive requests for a particular image on a particular domain. please see the lines below.

0-11233931/63/63K 0.15100.40.030.03 195.68.185.13mydomain.comGET http://mydomain.com//images/logo.jpg HTTP/1.1
1-11233941/77/77K 0.18100.40.050.05 122.164.58.63mydomain.comGET http://mydomain.com//images/logo.jpg HTTP/1.1
2-11233951/42/42K 0.76000.40.170.17 89.139.214.74mydomain.comGET http://mydomain.com//images/logo.jpg HTTP/1.1
3-11233971/57/57K 0.04000.40.020.02 82.199.98.229mydomain.comGET http://mydomain.com//images/logo.jpg HTTP/1.1
4-11233981/46/46K 0.27000.40.040.04 217.150.55.41mydomain.comGET http://mydomain.com//images/logo.jpg HTTP/1.1

These are just a few lines from the top.

How can i prevent this from happening.. it seems as a SYN Flood, or maybe a DDoS.

View 3 Replies View Related

Blocking External Servlet Requests

Aug 8, 2008

I maintain Java servlet applications on my hosting platform [hosting-q.com] and access the applications from another site [wiredpages.qisoftware.com]. Today, there was a demand problem which caused the hosting server to block access to requests from the other domain.

Do you know if there is an .htaccess directive that can perform this blocking or some sort of system trigger?

The thing is-- only the servlets requested from the external domain and not requests from the originating domain [or hosting domain] were blocked.

View 0 Replies View Related

All Http Requests To My Server Redirected

Oct 8, 2007

There seems to be some problem with my server, none of the websites hosted on my server are accessible, the http requests either return a blank page or a page with a red quare on the upper left hand corner.

I am not sure if this is some kind of infection or DNS problem or a problem with memory apache is taking up
as i have thousands of virtualhost entries in my access log accumulated over the years out of which only a few 100 websites i am serving presently, but never deleted the non-exitent virtualhost blocks.

At times the websites are opening but most of the times they are not. And when they do not open my http requets are not logged in apacha access log.

Even the customers have reported the same problem.

Also, just four days back i had a strange issue where all
http requests to my server would take me to [url].

I can SSH to server, and everything else is working fine.

View 3 Replies View Related

Virtual Host Redirects All Requests

Dec 31, 2007

I just went with Steadcom's VPS and they are great. I am setting things up and it's going pretty well, I have to dust off my linux/server knowledge that I haven't used in a couple of years.

Anyway I'm creating a virtual host.. I will have about 10 in the end, but right now I only have one domain IP Pointing to my new server. My registrar is NamesDirect.

When I create the virtual host, I can no longer access subdirectories directly. My Virtual Host directory is, say, /var/www/html/newdir

If I try to reach http://www.domainname.com which has been configued as a virtual host, that comes up correctly from the directory /var/www/html/newdir and works fine.

But if I try to reach http://myipaddress/newdir I get a 404 page not found error. Looking at the log, it's trying to reach /var/www/html/newdir/newdir so it's putting in the virtual host redirect even for just hitting the subdirectory directly.

Is this normal? Do I have something configured wrong? I have another domain that I have changed to IP Point to the VPS but until it propogates I won't be able to test having 2 virtual hosts.

Also.. I have not set up DNS on my VPS. I don't really understand it, and IP Pointing has always worked for me when I ran my own server form my home so I was just going to do that. But I wonder if this could be one of the problems.

View 1 Replies View Related

Apache :: Can Forward Requests To Different Servers?

Sep 16, 2014

We have an Apache acting as a reverse-proxy and listening on the Internet ("Our URL" on port 443).

We would have two ways of accessing this reverse-proxy:

-From a mobile app (authentication would be based on a corporate certificate)
-From any browser (authentication would be a login form)

The question is: can Apache forward requests to either server 1 or server 2, depending on whether a certificate is sent by the client?

View 10 Replies View Related

Apache :: SSL Requests Stop Working After A While

Sep 29, 2013

I have Apache 2.4.2, OpenSSL/1.0.1c, on Windows Web Server 2008 R2 (64 bits)

After 12 hours of heavier load, the SSL requests stopped working/being answered. However if you requested the same page via http instead of https, it worked fine. Restarting the Apache server fixes this, for a while. Again after a few hours of traffic, the https requests stopped working again. I checked the logs, and nothing notable, the mod_ssl entries just...

The site is called only by client developed with Delphi 2007 (CodeGear user-agent). Delphi client use THTTPRIO for sending HTTPS request to SOAP.

View 9 Replies View Related

Apache :: 2.4.3 - SSL Requests Stop Working After A While

Dec 13, 2012

So I just upgraded Apache 2.2.22 to Apache 2.4.3 and made sure to go through all the options that had changed and update the conf file accordingly. This included adding the cache module for SSL and changing the SSLMutex option over to Mutex default ssl-cache. We also turned off SSLCompression due to the CRIME attack vulnerability.

We use apache strictly as a loadbalancer to 2 tomcat servers via mod_jk. Apache serves no static content at this time.

After being deployed, everything worked fine until later in the day. After 3 hours of heavier load (our site only takes significant traffic during business hours), the SSL requests stopped working/being answered. However if you requested the same page via http instead of https, it worked fine.

Restarting the Apache server fixes this, for a while. Again after a few hours of traffic, the https requests stopped working again. This time I turned the loglevel up to debug and restarted the Apache server.

As traffic slowed down it took another 6 or 7 hours before SSL requests stopped working again. I checked the logs, and nothing notable, the mod_ssl entries just... stopped. (I don't know for sure its ammount of traffic related, it just seems that way)

I have tried reproducing this in a lab, but have not been able to get it to happen on the lab server.

OS: Windows Server 2008 R2
Apache: 2.4.3 vc9 build with OpenSSL 0.9.8 downloaded from apachelounge.org
Mod_JK Version 1.2.37 vc9 also downloaded from apachelounge.

View 10 Replies View Related

Apache :: Server IP Making GET Requests

Apr 12, 2014

I've spent the last several months working on a huge upgrade of a couple dozen websites. The upgrades include modifying Apache so that visitors who arrive at links pointing to mysite/World/New_York are redirected to mysite/world/new-york. In other words, all my links now default to lower case, and underscores are replaced with dashes.

Unfortunately, publishing it has been an endless series of disasters. My websites are now all crashed, and the server is unbelievably slow. It takes pages forever to load (if they load at all), and I can scarcely publish files online.So the following notice sent to me by my webhost got my attention.

IT appears your own server IP is making GET requests to Apache, causing excessive loading and causing service failures. On today's date, your IP made almost 6,000 connections to Apache:<br><br>

[root@host ~]# grep 64.91.229.106 /usr/local/apache/domlogs/mysite.org | wc -l 5924 [root@host ~]#<br><br>

These were all the same request:<br><br>

64.91.229.106 - - [12/Apr/2014:08:10:10 -0400] "GET /404.php HTTP/1.0" 200 14294 "-" "-"<br><br>
And that made up the total of requests:<br><br>
[root@host ~]# grep 64.91.229.106 /usr/local/apache/domlogs/mysite.org | grep "GET /404.php HTTP/1.0" | wc -l 5924 [root@host ~]#<br><br>

View 1 Replies View Related

Apache :: Unable To Serve More Requests

May 25, 2015

I have a little problem (on my Raspberry) with the maximum concurrent connections.When I open multiple tabs of a webpage which keeps persistent connections, apache is unable to serve more requests.Here is the (shortened) mod_info output (which also takes some time till there is a process kind enough to serve the request):

Code:
Server Version: Apache/2.4.10 (Raspbian) OpenSSL/1.0.1k
Server MPM: prefork
5 requests currently being processed, 9 idle workers

.___W____WWW_..W_...............................................
................................................................
......................

Srv PID Acc M CPU SS Req Conn Child Slot Client VHost Request

[Code] ....

When I understood it correctly, apache should spawn new processes (up to MaxRequestWorkers=150)

But there are idle???? processes, so it wont add new ones?

I dont think it has to do with mod_proxy (used for the webpage) since the mod_info output is affected as well...

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved