Topic: Can not access Server Manager (maybe compromised?)

[smeghead]

Hmm, this is mine (from V6.0 heavily patched):

redirect_program /etc/squid/redirect/redir.pl
redirect_children 3
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localsrc src 127.0.0.1 192.168.0.0/255.255.255.0 172.16.17.0/255.255.255.0 192.168.0.0/255.255.255.0
acl localdst dst 127.0.0.1 192.168.0.0/255.255.255.0 172.16.17.0/255.255.255.0 192.168.0.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 21 70 80 81 119 210 443 563 980 1024-65535
acl CONNECT method CONNECT
acl webdav method PROPFIND TRACE PURGE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK
append_domain .?????.com.au
cache_mgr admin@?????.com.au
ftp_user nobody@?????.com.au
http_access allow manager localsrc
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localsrc
http_access deny all

httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
icp_access allow all
miss_access allow all

store_avg_object_size 3 KB

cache_mem 96 MB
cache_dir ufs /var/spool/squid 500 16 256
maximum_object_size 65535 KB
minimum_object_size 0 KB

always_direct allow webdav
always_direct allow all

The only significant diff I can see (except for those based on extra contribs I have running) is related to those always_direct errors you got from the squid status command.

Rem these commands out of the squid.conf file and restart squid as a test - if it works we can change the template to male it permanent.

HTH

[gregswallow]

try this:

Code: [Select]

service httpd-admin restart

[dilligaf]

[root@nebula7653 squid]# service restart httpd-admin
restart: unrecognized service
[root@nebula7653 squid]#

try this:

Code: [Select]

service restart httpd-admin

[gregswallow]

 you are too fast  -I didn't have time to fix my typo - i edited my previous message

[dilligaf]

Remmed them out restarted squid same problem.
Dan
The only significant diff I can see (except for those based on extra contribs I have running) is related to those always_direct errors you got from the squid status command.

Rem these commands out of the squid.conf file and restart squid as a test - if it works we can change the template to male it permanent.

HTH[/quote]

[dilligaf]

[root@nebula7653 squid]# service httpd-admin restart
Shutting down http-admin:                                  [ FAILED ]
Starting httpd-admin:                                      [   OK   ]
[root@nebula7653 squid]#

 you are too fast  -I didn't have time to fix my typo - i edited my previous message

[dilligaf]

This is crazy,
I will reformat this rig tonight.
I was hoping to wait for the lycoris release.
Dan

[gregswallow]

That didn't work?  When you try to access server-manager now what error does it give?

[dilligaf]

From web browser I still get:
++++++++++++++++++++++++++++++
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /server-manager.

Reason: Could not connect to remote machine: Connection refused
++++++++++++++++++++++++++++++

From Console, log in as root / su admin to get server console, access server manager / say yes to text mode browser / enter administrator password  / quickly flashes and goes back to server console (yes I am entering the password right)
Exit from the server console, and scroll back and nothing there.
Dan

That didn't work?  When you try to access server-manager now what error does it give?

[gregswallow]

Hmmm...Well maybe search for "invalid response from an upstream server" on contribs.org - there are lots of forum posts like yours.  Restarting httpd-admin fixed the same problem (same error message at least - it happened for me after installing a SSL certificate) for me, but I guess yours is caused by something else.

If you can't find a cure, one last time try this maybe:

Code: [Select]

sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
service httpd restart
service httpd-admin restart

[dilligaf]

It bombed on the first command,
I am in a  wreck here aren't I.
[root@nebula7653 errors]# sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
bash: sbin/e-smith/expand-template: No such file or directory
[root@nebula7653 errors]#

If you can't find a cure, one last time try this maybe:

Code: [Select]

sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
service httpd restart
service httpd-admin restart[/quote]

[gregswallow]

No, you are just a victim of my bad typos once again  I missed a "/" before sbin

Code: [Select]

/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
service httpd restart
service httpd-admin restart

And maybe this - can't hurt

Code: [Select]

/etc/rc.d/init.d/httpd-e-smith restart

[dilligaf]

[root@nebula7653 root]# /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
[root@nebula7653 root]# service httpd restart
Stopping httpd:                                            [   OK   ]
Starting httpd:                                            [   OK   ]
[root@nebula7653 root]# service httpd-admin restart
Shutting down http-admin:                                  [ FAILED ]
Starting httpd-admin:                                      [   OK   ]
[root@nebula7653 root]#

[root@nebula7653 root]# /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
[root@nebula7653 root]# service httpd restart
Stopping httpd:                                            [   OK   ]
Starting httpd:                                            [   OK   ]
[root@nebula7653 root]# service httpd-admin restart
Shutting down http-admin:                                  [ FAILED ]
Starting httpd-admin:                                      [   OK   ]
[root@nebula7653 root]# clear
[root@nebula7653 root]# /etc/rc.d/init.d/httpd-e-smith restart
Shutting down http:                                        [   OK   ]
Starting httpd:                                            [   OK   ]
[root@nebula7653 root]#

Tried to log in again, same issues.

[gregswallow]

Hmmm...it shouldn't keep saying "failed" shutting down httpd-admin.

Maybe /var/log/httpd/admin_error_log.??? will give a clue as to what's happening.

Or maybe try:

Code: [Select]

/sbin/e-smith/expand-template /etc/httpd/admin-conf/httpd.conf
...and then restart httpd-admin again

[dilligaf]

I thank you for your persistence.
I entered
/sbin/e-smith/expand-template /etc/httpd/admin-conf/httpd.conf
and then service httpd-admin restart
And it returned:
# service httpd-admin restart
Shutting down http-admin: [ FAILED ]
Starting httpd-admin: [ OK ]
#
So I did httpd-admin restart again and this time it worked
# service httpd-admin restart
Shutting down http-admin: [ OK ]
Starting httpd-admin: [ OK ]
#

I rebooted and it is still working.
(oh lucky day!)

Here is one more for you, I have moved my entire /primary directory to an alternate spot on the server because my ISP said my server is sending out a phishing page.

I have scanned the crap out of these files etc, and there is nothing showing, he says ot is a redirect somewhere, I whave looked hi and low in the html / pho files and find nothing, again, rkhunter finds nothing.

Anyway, I sincerely thank you for all of your help, you saved me a lot of work!
Dan