Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: httpd-e-smith won't start
« previous next »
Pages: [1]   Go Down

httpd-e-smith won't start

  • 7 Replies
  • 838 Views

David Davis

httpd-e-smith won't start
« on: September 04, 2003, 08:16:05 AM »
I'm running 5.5, update 6.  Today I noticed webmail had quit working.  I restarted the httpd-e-smith service and it FAILED to restart.  Httpd also fails to start.  Aside from these services, everything else seems to be working fine.  I can still retrieve mail with a POP3 client no problem.  I'm sort of stuck as to what to do next.  Any suggestions would be greatly appreciated.

Best Regards,
David
Logged

Chris Parker

Re: httpd-e-smith won't start
« Reply #1 on: September 04, 2003, 09:35:55 AM »
Have a look in the /var/log/messages and httpd logs to try and narrow down the problem. It may also pay to re-expand the templates
Logged

David Davis

Re: httpd-e-smith won't start
« Reply #2 on: September 04, 2003, 07:38:25 PM »
Hre is an excerpt from my var/log/httpd/error_log.  I can't figure out what is going on.  Can any of you make sense of it?

error_log~01011200  [B---] 88 L:[10081+18 10099/20975] *(1138038/2324665b)
[Tue Sep  2 17:15:05 2003] [notice] child pid 7152 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:05 2003] [error] mod_ssl: SSL handshake failed (server www.saberdata.com:443, client 62.23.193.67) (OpenSSL library error follows)
[Tue Sep  2 17:15:05 2003] [error] OpenSSL: error:1406908F:lib(20):func(105):reason(143)
error_log~01011200  [B---] 87 L:[10129+32 10161/20975] *(1144713/2324665b)= [ 91 5bH
[Tue Sep  2 17:15:06 2003] [error] OpenSSL: error:1406908F:lib(20):func(105):reason(143)
[Tue Sep  2 17:15:06 2003] [error] mod_ssl: SSL handshake failed (server www.saberdata.com:443, client 62.23.193.67) (OpenSSL library error follows)
[Tue Sep  2 17:15:06 2003] [error] OpenSSL: error:1406908F:lib(20):func(105):reason(143)
[Tue Sep  2 17:15:06 2003] [error] mod_ssl: SSL handshake failed (server www.saberdata.com:443, client 62.23.193.67) (OpenSSL library error follows)
[Tue Sep  2 17:15:06 2003] [error] OpenSSL: error:1406908F:lib(20):func(105):reason(143)
[Tue Sep  2 17:15:06 2003] [error] mod_ssl: SSL handshake failed (server www.saberdata.com:443, client 62.23.193.67) (OpenSSL library error follows)
[Tue Sep  2 17:15:06 2003] [error] OpenSSL: error:1406908F:lib(20):func(105):reason(143)
[Tue Sep  2 17:15:06 2003] [error] mod_ssl: SSL handshake failed (server www.saberdata.com:443, client 62.23.193.67) (OpenSSL library error follows)
[Tue Sep  2 17:15:06 2003] [error] OpenSSL: error:1406908F:lib(20):func(105):reason(143)
[Tue Sep  2 17:15:06 2003] [error] mod_ssl: SSL handshake failed (server www.saberdata.com:443, client 62.23.193.67) (OpenSSL library error follows)
[Tue Sep  2 17:15:06 2003] [error] OpenSSL: error:1406908F:lib(20):func(105):reason(143)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7241 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7240 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7225 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7224 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7223 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7222 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7221 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7220 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7219 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7218 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7217 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7216 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7215 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7214 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7211 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7209 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7208 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7207 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7206 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7205 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 7204 exit signal Segmentation fault (11)
[Tue Sep  2 17:15:06 2003] [notice] child pid 22454 exit signal Segmentation fault (11)
Logged

David Davis

Re: httpd-e-smith won't start - Hackers!
« Reply #3 on: September 04, 2003, 09:41:00 PM »
The best I can tell, someone has hacked my network and somehow disabled or damaged the httpd service.  The logs show dozens of attempts to access my network right before all of my web services quit working.  I'm trying to figure out the easiest way to get this all up and running again.  I was thinking of upgrading to 5.6 to see if that will fix the problem.  Any thought from any of the linux gutus out there.

Thanks in advance for your help.
David Davis
Logged

Dan Brown

Re: httpd-e-smith won't start - Hackers!
« Reply #4 on: September 04, 2003, 10:04:06 PM »
It is unlikely that you were actually hacked, but if you suspect you were, contact smesecurity@mitel.com with detailed information about what happened.
Logged

Dan Brown

Re: httpd-e-smith won't start - Hackers!
« Reply #5 on: September 04, 2003, 10:04:48 PM »
BTW, a segfault doesn't indicate that you've been hacked; it suggests hardware (probably memory) problems.
Logged

David Davis

Re: httpd-e-smith won't start - Hackers!
« Reply #6 on: September 04, 2003, 10:15:59 PM »
Thanks Dan.  I had a couple of power outages recently that required repairing the filesystem.  I have since bought a UPS for my server so it shouldn't happen again.  Do you think this may be the culprit?

As for whether I was hacked, I traced the IP in my logs to France.  There is no reason someone from France should be trying to get into my network.  That's why I suspected it had been hacked.  A hardware problem does seem much more plausible.

Any suggestions to help get me up and running again?

David
Logged

Charlie Brady

Re: httpd-e-smith won't start - Hackers!
« Reply #7 on: September 04, 2003, 11:24:25 PM »
David Davis wrote:
>
> The best I can tell, someone has hacked my network and
> somehow disabled or damaged the httpd service.  The logs show
> dozens of attempts to access my network right before all of
> my web services quit working.

You say that you were running 5.5 update 6. Did you reboot (or at least restart apache) after applying the update? If not, then you were still vulnerable, and your system may have been compromised.

> I was
> thinking of upgrading to 5.6 to see if that will fix the
> problem.

If your system has been compromised, you will need to do more than upgrade to 5.6. See, for example, CERT's advice:

http://www.cert.org/tech_tips/win-UNIX-system_compromise.html

Charlie
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: httpd-e-smith won't start