[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Strange RaQ3 Crash...PHP???

Subject: [cobalt-users] Strange RaQ3 Crash...PHP???
From: Bradley Caricofe <caricofe@xxxxxxxxxxx>
Date: Mon Mar 11 04:57:02 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hello List,

One of my RaQ 3's is dedicated to a single somewhat busy ecommerce site.
I've had this site on the RaQ for almost 3 months with no problems.  The box
is secured as tightly as I can make it with all Cobalt patches applied,
ports trimmed and services like ftp running only when they need to be.  Over
the weekend, I installed the latest mySQL pkg from pkgmaster and then PHP
4.1.2 from source.  Both seemed to be working as flawlessly as they can and
I had vBulletin board running quite smoothly.

This morning I'm surfing around the site checking things out and all of a
sudden it's inaccessible.  Cannot bring up any sites on the server nor can
it be pinged.  I was playing with the php bulletin board when this happened
and had just logged in as admin.  My isp apparently ran into some problems
bringing the server back up but two hours later it is up and running,
however all traces of my php installation are GONE.

I haven't been able to determine the exact cause of the crash yet, I just
know I was messing with a php based application when it happened.  Has
anyone had any similar issues with php or with a RaQ3?  I remember thinking
to myself that I needed to order an additional IP for the bulletin board, as
it was the only login on the site that was not ssl secured and all my other
ip's were being used.  Is it possible that someone sniffed my bulletin board
password and exploited something within php which resulted in it
uninstalling or corrupting itself?

The server is probably in need of rebuilding, many, many files located
throughout the system have strings of
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU all throughout them.  I'm told by
the isp that these are artifacts of a disk restore they had to do?  My
system was never backed up by these folks that I know of, so I'm not sure
what the disk restore process they are referring to entails.  I don't want
to rebuild this system until I know what happened.  Logs on the server don't
show much at all, they just stop recording when it crashed and start again
when it came up 2 hours later.  I did run the latest version of chkrootkit,
it says all good.  Can anyone tell me where else to look for info on what
caused this?

thanks,

Bradley Caricofe

Follow-Ups:
- Re: [cobalt-users] Strange RaQ3 Crash...PHP???
  - From: Steve Werby
- Re: [cobalt-users] Strange RaQ3 Crash...PHP???
  - From: Jeff Lasman

Prev by Date: Re: [cobalt-users] Cobalt Raq's and UPS.
Next by Date: Re: [cobalt-users] Cobalt Raq's and UPS.
Previous by thread: Re: [cobalt-users] Chilisoft AdRotator Question
Next by thread: Re: [cobalt-users] Strange RaQ3 Crash...PHP???

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index