As in /usr/lib64/
Got it.
=== Al
- Original Message
From: Eric Covener
To: users@httpd.apache.org
Sent: Sun, April 4, 2010 1:21:03 PM
Subject: Re: [us...@httpd] Wrong ELF class; libxml2
On Sun, Apr 4, 2010 at 5:08 PM, Al Sparks wrote:
> I'm running CentOS 5.4 64bit, and I'm attem
On 4/4/2010 11:22 AM, kkk wrote:
Hello, I set up my apache server in some computer and I am writing a
VBNET code to retrieve and upload data. So far I already managed to
download a file from the server but I cannot make the upload to work and
the information I read in google says that it can
On Sun, Apr 4, 2010 at 5:08 PM, Al Sparks wrote:
> I'm running CentOS 5.4 64bit, and I'm attempting to migrate an Apache web
> site from Apache 2.0 to Apache 2.2. The Apache 2.0 instance is running on an
> old Fedora 32bit machine.
>
> On the new box (as well as the old) I've compiled and insta
I'm running CentOS 5.4 64bit, and I'm attempting to migrate an Apache web site
from Apache 2.0 to Apache 2.2. The Apache 2.0 instance is running on an old
Fedora 32bit machine.
On the new box (as well as the old) I've compiled and installed from the source.
Attempting to run off the 2.0 httpd.
> Isn't it diffcult to configure it based on Ip because:
>
> 1. Ip could be of proxy server
> 2. Ip could be of ISP
>
> Would that lead into good requests being denied?
Sometimes, yes, but mostly, no.
-
The official User-To-User
Isn't it diffcult to configure it based on Ip because:
1. Ip could be of proxy server
2. Ip could be of ISP
Would that lead into good requests being denied?
On Sun, Apr 4, 2010 at 11:16 AM, Nerius Landys wrote:
> Guys, I think I'll just add Operating System wide firewall rules to
> disallow mor
Guys, I think I'll just add Operating System wide firewall rules to
disallow more than N number of concurrent TCP connections to port 80
from a single IP address.
-
The official User-To-User support forum of the Apache HTTP Server
On 4-Apr-2010, at 05:40, Nick Kew wrote:
>
> On 4 Apr 2010, at 07:03, Morgan Gangwere wrote:
>
>> On a note, someone posted about Slowloris and Apache:
>> http://bahumbug.wordpress.com/2009/06/21/slowloris/
>
> FWIW, that's been overtaken by events. I wrote mod_noloris shortly after
> that blog
Hello, I set up my apache server in some computer and I am writing a VBNET
code to retrieve and upload data. So far I already managed to download a
file from the server but I cannot make the upload to work and the
information I read in google says that it can only be done with an ftp
server such as
On 4/4/2010 4:17 AM, Lester Caine wrote:
[a bunch of CHARs]
Looking that the logs that were posted, there's nothing out of the
ordinary, just people hammering a server for attempts in.
This is more and more looking like a DNS attack.
--
Morgan Gangwere
>> Why?
> Because it breaks the logical
Thank you Erick:
I knew it was something really easy but I couldn't see it.
Setting in the hosts file my Servername ===> rafael.muneton.com along with the
IP address ===> 192.168.1.64 solved the problem.
And now it works just fine and very fast.
Thanks again.
Rafael
When everything fails, re
On 4/4/2010 5:40 AM, Nick Kew wrote:
Apart from that, maxclients 80 seems absurdly low, even with prefork.
Unless perhaps you're on hardware from before the days when
Windows 95 made 16Mb RAM an absolute minimum.
"50Mhz ARM" -- My main memory pool is ~24MB and my swap is 32MB
(carefully plac
Apache's processes disappear after `apache2ctl graceful` with the
following lines in errorlog:
[Sun Apr 04 17:38:25 2010] [error] (4)Interrupted system call: waitpid()
failed
[Sun Apr 04 17:38:25 2010] [error] (4)Interrupted system call: waitpid()
failed
[Sun Apr 04 17:38:25 2010] [error] (4)I
Oh, ok. I got it. I have already disabled it (actually, immediately after
the attack).
Thanks for the advice. I appreciate!
Oleg.
On Sun, Apr 4, 2010 at 5:52 PM, Daniel Reinhardt wrote:
>
> --
> From: "Oleg Goryunov"
> Sent: 04 April, 2010 13:39
>
--
From: "Oleg Goryunov"
Sent: 04 April, 2010 13:39
To:
Subject: Re: [us...@httpd] Someone hacked my apache2 server
Yes, there is a MySQL server. And actually, I noticed that - while the
server was returning the mentioned hacked page, mysql proc
Yes, there is a MySQL server. And actually, I noticed that - while the
server was returning the mentioned hacked page, mysql process was on top of
the list of the "top" command. Though, it took only 1.5% of the CPU.
But, mysql is restricted to accept connections from outside world. It only
listens
--
From: "Oleg Goryunov"
Sent: 03 April, 2010 21:03
To:
Subject: [us...@httpd] Someone hacked my apache2 server
Hello all,
It looks like someone hacked my apache2 server and I am trying to understand
how this could have happened.
This is what ha
On 4 Apr 2010, at 07:03, Morgan Gangwere wrote:
> On a note, someone posted about Slowloris and Apache:
> http://bahumbug.wordpress.com/2009/06/21/slowloris/
FWIW, that's been overtaken by events. I wrote mod_noloris shortly after
that blog entry. That too has been overtaken, and nowadays I'd
so you killed the existing process that listens to 80 and started again. now
you can see that a process listens to 80?
also please check if the log directories configured in httpd.conf exist and the
apache user has permission to write in them.
From: Ravi Roy
Oleg Goryunov wrote:
A good explanation I received from a datacenter where I have the server:
"we classify this sort of issue as "Stealing the gateway". basically
what someone does is they send out false arp packets(flooding the entire
network segment) causing all servers and switching to think
A good explanation I received from a datacenter where I have the server:
"we classify this sort of issue as "Stealing the gateway". basically
what someone does is they send out false arp packets(flooding the entire
network segment) causing all servers and switching to think their server is
the
gat
On Sat, Apr 3, 2010 at 8:35 PM, alin vasile wrote:
> yes, should be enough.
>
> have you tried killing the running process that listens to that port and
> start apache again?
>
Yes, tried, but same error.
Thanks!
-RR
Lester,
Yes, I assume it might be a third party problem, not my server problem, but
I need to be sure.
If it was not my local DNS hack, since at least two people from different
networks, from different cities (me and another person) observed the same
behavior. Another point is that the hacked page
Morgan
I did not have Tripwire installed. Will do that :) The problem is that I
can't find the files that were modified. As I indicated in the initial
email, the hackers page started to show up at some point, then STOPPED,
then, in 20 minutes started again, nd then stopped again. After that I shut
24 matches
Mail list logo
