Topic: Can not access Server Manager (maybe compromised?)

[dilligaf]

I can not access the server manager from Internet Explorer, or the console.
===================================
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /server-manager.

Reason: Could not connect to remote machine: Connection refused
===================================
This is all on a server that has worked great for 2 years.
Any tips on what to start with?

[jsk]

Try to reboot your server.

[dilligaf]

Thanks,
That was the first thing we tried.
No success.
Dan

[cc_skavenger]

what version of sme / e-smith?

[dilligaf]

5.6 all updates.
I know, upgrade to 6.x.
But it has worked perfect for the last 2years

[RavenIV]

can you ping your SME?
what about ssh?
does the httpd (apache) run?

check this and tell the results.

cheers

[dilligaf]

can you ping your SME? YES, internally and externally.
what about ssh? Yes
does the httpd (apache) run? Yes,
Like I said all is working I just can not get in on the server-manager as per theerror listed in initial post.
Dan

[dilligaf]

When I use console to access the server manager and enter the password it just goes immediately back to the console.
I exit the console, and scroll back and see the following:

[root@nebula7653 root]# su admin
Looking up  'localhost' first

Looking up localhost first
Looking up localhost:980
localhost:980
Making HTTP connection to localhost:980
Alert!: Unable to connect to remote host.

lynx: Can't access startfile http://localhost:980/common/noframes
[root@nebula7653 root]#

[marsa_matruh]

Are you sure your hard disk is not full?

Try in console :
df -h

[dilligaf]

Lots of room left.

[root@nebula7653 root]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/hda6              36G  7.4G   26G  22% /
/dev/hda1              15M  2.6M   11M  18% /boot
[root@nebula7653 root]#

[guest22]

Any chance you updated/upgraded samba ?

RequestedDeletion

[dilligaf]

I have changed nothing.
I have installed and updated RKHUNTER, no issues, full scan etc no issues.
Dan

[smeghead]

.. post a copy of the contents of your squid.conf file as I have seen similar beaviour when squid fails to load or freezes.

Also try running:

service squid status

and post the response.

[dilligaf]

squid.conf
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localsrc src 127.0.0.1 192.168.55.0/255.255.255.0
acl localdst dst 127.0.0.1 192.168.55.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535 980
acl CONNECT method CONNECT
acl webdav method PROPFIND TRACE PURGE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK

#-----------------------------------
# Force Direct Connection for Domains
# ACL Statements
#-----------------------------------

append_domain .willcraft.com
cache_mgr admin@willcraft.com
ftp_user nobody@willcraft.com
http_access allow manager localsrc
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localsrc
http_access deny all

httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
icp_access allow all
miss_access allow all

store_avg_object_size 3 KB
always_direct allow webdav

#-----------------------------------
# Force Direct Connection for Domains
# Always Direct Statements
#-----------------------------------
always_direct allow all_direct

always_direct allow all

[dilligaf]

[root@nebula7653 squid]# service squid status
squid (pid 5038 5035) is running...
2004/11/19 10:36:51| squid.conf line 49: always_direct allow all_direct
2004/11/19 10:36:51| aclParseAccessLine: ACL name 'all_direct' not found.
2004/11/19 10:36:51| squid.conf line 49: always_direct allow all_direct
2004/11/19 10:36:51| aclParseAccessLine: Access line contains no ACL's, skipping
[root@nebula7653 squid]#

[smeghead]

Hmm, this is mine (from V6.0 heavily patched):

redirect_program /etc/squid/redirect/redir.pl
redirect_children 3
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localsrc src 127.0.0.1 192.168.0.0/255.255.255.0 172.16.17.0/255.255.255.0 192.168.0.0/255.255.255.0
acl localdst dst 127.0.0.1 192.168.0.0/255.255.255.0 172.16.17.0/255.255.255.0 192.168.0.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 21 70 80 81 119 210 443 563 980 1024-65535
acl CONNECT method CONNECT
acl webdav method PROPFIND TRACE PURGE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK
append_domain .?????.com.au
cache_mgr admin@?????.com.au
ftp_user nobody@?????.com.au
http_access allow manager localsrc
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localsrc
http_access deny all

httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
icp_access allow all
miss_access allow all

store_avg_object_size 3 KB

cache_mem 96 MB
cache_dir ufs /var/spool/squid 500 16 256
maximum_object_size 65535 KB
minimum_object_size 0 KB

always_direct allow webdav
always_direct allow all

The only significant diff I can see (except for those based on extra contribs I have running) is related to those always_direct errors you got from the squid status command.

Rem these commands out of the squid.conf file and restart squid as a test - if it works we can change the template to male it permanent.

HTH

[gregswallow]

try this:

Code: [Select]

service httpd-admin restart

[dilligaf]

[root@nebula7653 squid]# service restart httpd-admin
restart: unrecognized service
[root@nebula7653 squid]#

try this:

Code: [Select]

service restart httpd-admin

[gregswallow]

 you are too fast  -I didn't have time to fix my typo - i edited my previous message

[dilligaf]

Remmed them out restarted squid same problem.
Dan
The only significant diff I can see (except for those based on extra contribs I have running) is related to those always_direct errors you got from the squid status command.

Rem these commands out of the squid.conf file and restart squid as a test - if it works we can change the template to male it permanent.

HTH[/quote]

[dilligaf]

[root@nebula7653 squid]# service httpd-admin restart
Shutting down http-admin:                                  [ FAILED ]
Starting httpd-admin:                                      [   OK   ]
[root@nebula7653 squid]#

 you are too fast  -I didn't have time to fix my typo - i edited my previous message

[dilligaf]

This is crazy,
I will reformat this rig tonight.
I was hoping to wait for the lycoris release.
Dan

[gregswallow]

That didn't work?  When you try to access server-manager now what error does it give?

[dilligaf]

From web browser I still get:
++++++++++++++++++++++++++++++
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /server-manager.

Reason: Could not connect to remote machine: Connection refused
++++++++++++++++++++++++++++++

From Console, log in as root / su admin to get server console, access server manager / say yes to text mode browser / enter administrator password  / quickly flashes and goes back to server console (yes I am entering the password right)
Exit from the server console, and scroll back and nothing there.
Dan

That didn't work?  When you try to access server-manager now what error does it give?

[gregswallow]

Hmmm...Well maybe search for "invalid response from an upstream server" on contribs.org - there are lots of forum posts like yours.  Restarting httpd-admin fixed the same problem (same error message at least - it happened for me after installing a SSL certificate) for me, but I guess yours is caused by something else.

If you can't find a cure, one last time try this maybe:

Code: [Select]

sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
service httpd restart
service httpd-admin restart

[dilligaf]

It bombed on the first command,
I am in a  wreck here aren't I.
[root@nebula7653 errors]# sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
bash: sbin/e-smith/expand-template: No such file or directory
[root@nebula7653 errors]#

If you can't find a cure, one last time try this maybe:

Code: [Select]

sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
service httpd restart
service httpd-admin restart[/quote]

[gregswallow]

No, you are just a victim of my bad typos once again  I missed a "/" before sbin

Code: [Select]

/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
service httpd restart
service httpd-admin restart

And maybe this - can't hurt

Code: [Select]

/etc/rc.d/init.d/httpd-e-smith restart

[dilligaf]

[root@nebula7653 root]# /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
[root@nebula7653 root]# service httpd restart
Stopping httpd:                                            [   OK   ]
Starting httpd:                                            [   OK   ]
[root@nebula7653 root]# service httpd-admin restart
Shutting down http-admin:                                  [ FAILED ]
Starting httpd-admin:                                      [   OK   ]
[root@nebula7653 root]#

[root@nebula7653 root]# /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
[root@nebula7653 root]# service httpd restart
Stopping httpd:                                            [   OK   ]
Starting httpd:                                            [   OK   ]
[root@nebula7653 root]# service httpd-admin restart
Shutting down http-admin:                                  [ FAILED ]
Starting httpd-admin:                                      [   OK   ]
[root@nebula7653 root]# clear
[root@nebula7653 root]# /etc/rc.d/init.d/httpd-e-smith restart
Shutting down http:                                        [   OK   ]
Starting httpd:                                            [   OK   ]
[root@nebula7653 root]#

Tried to log in again, same issues.

[gregswallow]

Hmmm...it shouldn't keep saying "failed" shutting down httpd-admin.

Maybe /var/log/httpd/admin_error_log.??? will give a clue as to what's happening.

Or maybe try:

Code: [Select]

/sbin/e-smith/expand-template /etc/httpd/admin-conf/httpd.conf
...and then restart httpd-admin again

[dilligaf]

I thank you for your persistence.
I entered
/sbin/e-smith/expand-template /etc/httpd/admin-conf/httpd.conf
and then service httpd-admin restart
And it returned:
# service httpd-admin restart
Shutting down http-admin: [ FAILED ]
Starting httpd-admin: [ OK ]
#
So I did httpd-admin restart again and this time it worked
# service httpd-admin restart
Shutting down http-admin: [ OK ]
Starting httpd-admin: [ OK ]
#

I rebooted and it is still working.
(oh lucky day!)

Here is one more for you, I have moved my entire /primary directory to an alternate spot on the server because my ISP said my server is sending out a phishing page.

I have scanned the crap out of these files etc, and there is nothing showing, he says ot is a redirect somewhere, I whave looked hi and low in the html / pho files and find nothing, again, rkhunter finds nothing.

Anyway, I sincerely thank you for all of your help, you saved me a lot of work!
Dan