[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] [RAQ3] - Really odd - httpd down - possible breach??

Subject: [cobalt-users] [RAQ3] - Really odd - httpd down - possible breach??
From: Greg Hewitt-Long <greg@xxxxxxxxxxxxxxxxxxx>
Date: Sun Mar 11 07:38:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

I wok up this morning to find notifications and phone calls from clients that our server was down.

Telnet was up, but httpd was down.

I logged in, su'd to root and shut down httpd:

/etc/rc.d/init.d/httpd stop - failed because PID not found

/etc/rc.d/init.d/httpd start - httpd started

On viewing the admin area of the box - ns.ourdomain.com/admin/  all the virtual sites had GONE - now we're talking MAJOR panic mode - so I performed a reboot and it's all back up?!?!

Where do I look for the cause of this?

We had some problems with a virtual site being exploited to send porn spam yesterday and I removed the offending perl script (Matt's Script Archive formmail.cgi v1.6), so I'm wondering if the spammers (who had been sending a few thousand a day for at least 3 days) got pissed and shut the server down in disgust - any ideas and pointers would be appreciated.

thanks in advance

Greg Hewitt-Long

-- 
http://www.webyourbusiness.com/
Providers of E-Commerce Software &
Web Design Consultancy and Services.
PH: (970)266-0195 FAX: (970)266-0158

References:
- Re: [cobalt-users] corrupt file names / appletalk
  - From: flash22

Prev by Date: [cobalt-users] Error with Snort 'make install on Raq 3
Next by Date: [cobalt-users] RE: Close some ports
Previous by thread: Re: [cobalt-users] corrupt file names / appletalk
Next by thread: [cobalt-users] Searching for files of a particular date?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index