I'm using Digitalocean cloud hosting server and apache2 in Ubuntu 16.04 VPS. I can browse the site from my local PC and check apache access.log to see the page requests. However when using a mobile device, I cannot get a response from the website. I can ping the server IP address from my phone successfully. However, any requests for the domain root do not create any record in the access.log.
I have attempted to uninstall fail2ban as per this threads:
https://www.digitalocean.com/community/questions/how-to-debug-solve-a-err_connection_timed_out-error-when-this-error-happens-on-some-browsers-but-not-in-another
http://installion.co.uk/ubuntu/vivid/universe/f/fail2ban/uninstall/index.html
I have also tried simply serving a phpinfo() page. However, no still no records in access.log when trying to access from mobile devices. The site is has https enabled and is serving perfectly to a PC.
Also, using a browser testing site (https://www.browserstack.com/) I also get connection timed out errors, and no response records in the access.log.
Any suggestions on where to start troubleshooting this? Is this possibly a problem with Digitalocean itself? Is there anything in the LAMP stack that would specifically be blocking some browsers or IP addresses?
It sounds to me like one of two things is happening here:
Your DNS is not set to point to that IP, but you set it in your operating system's host file on your computer.
Your DNS is correct, but other systems are not yet seeing the change you've made.
Try visiting the IP of the server directly from your mobile device. If anything occurs besides timing out, be it a redirect (even if failed) or a page load, you will know that DNS resolution is the issue. Given that you can ping the IP from your phone I would suggest fail2ban is not related, as fail2ban should block ping as well.
If it turns out to be #2 there, it's just a game of waiting. DNS changes can take up to 48 hours to be seen by all systems. In most cases 4-6 hours is common, but 48 hours is still the recognized standard of "it could possibly take this long."
Jarland
Related
I have an Apache2 server running in Debian 9.
I am using it to host a custom MediaWiki Wiki.
To navigate to the Wiki I use something of this form "10.200.200.20/mediawiki" where the Apache2 server is running on 10.200.200.20.
This works fine however sometimes the IP Address (10.200.200.20) will change and then everyone on the local network navigating to the Wiki will have to be notified and use the new IP Address which is a hassle.
I wish to change it to something consistent, for example "OurWikiServer/mediawiki" it doesn't really matter that much as long as it can always be found at the same place.
I know this is possible as the MediaWiki installation was previously maintained by someone else who used XAMPP in Windows 7 and it was configured to be found at "stringHere/mediawiki" on the local network.
I have tried changing it in /etc/hosts and can get it changing on individual machines as expected, however have no idea how to get it working network wide.
The best way to do this is to define the IP of this station static. This can be done via reservation in DHCP server or assign IP outside of the DHCP IPs. Also consider adding small DNS server to provide hostname instead of IP
I run a 2GB RAM Linode (Ubuntu) that hosts a few WordPress websites. Recently my server has been OOMing and crashing and I have been up all night trying to find out what's causing it. I have discovered there I get an enormous influx of traffic (a tiny DoS) that brings the whole thing down.
I have access logs setup across all of the virtual hosts and I am using tcptrack to monitor activity on the server.
The traffic appearing in my access logs does not account for the traffic I am seeing on tcptrack. i.e. there are a dozen i.p. addresses that are constantly opening and closing connections on the server, but are nowhere to be seen in the access logs for each virtual host.
Clearly it's because these i.ps are not hitting the virtual hosts, but I have tried to set up access logs to monitor server-wide traffic so that I can see what requests their making but I'm really struggling.
Can anyone please point me in the right direction, perhaps tcptrack is just too simplified to provide any meaningful insight?
Start using mod_security
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Installation_for_Apache
Debian has it which means Ubuntu likely does as well. You should also make sure the kernel is setup properly, search google for SYN_COOKIES. Look into iptables/shorewall etc. Shorewall is a package that wraps iptables. Iptables can be configured for detect floods and start dropping packets.
I'm doing local php development with apache and virtual hosts. For some reason my virtual host sites have stopped responding.
Chrome error:
This web page is not available
ERR_ADDRESS_UNREACHABLE
Firefox error:
Server not found.
I haven't made any change to the server config or php ini files since I set them up, and the sites were working fine earlier today. This affects all the virtual host sites I created, but apache still seems to be running fine on localhost.
I've tried restarting my system (ubuntu) and checked the apache access and error logs. Attempts made to access virtual hosts are not logged at all (since the problem started).
I have no idea what's going on. Does anyone have any advice?
Thanks.
Ok, I've solved it, but I think it's handy for others' reference.
My router had re-assigned my IP Address (I have no idea why). Therefore the IP Address in /etc/hosts for those virtual hosts domain names did not match the address of my dev PC.
Solution: I just updated the IP address in virtual hosts.
Another strange thing is the router seems to have removed all the IP Addresses of devices not currently connected. In the past it has kept them around even though they are not connected, but that's another matter and I should look into it (Well I think I had assigned them a static IP, but it's been a while since I've touched the router settings).
I found my httpd processes were using a lot of resources in 'htop' (while my page view is actually low and my webserver has 4 CPU with 4G RAM), so I tried to find out what was happening.
Then I found there is an IP kept visiting my site via httpd access log.
After I blocked this IP, my web server was back to normal.
However, I found the problem after my server was in heavy load, which already caused a lot of connection rejections earlier. Therefore my questions are:
(1) What kind of visiting is this? From the rate of the visiting, it's definitely not a human. I looked up this IP, it's from Neitherland, no other information.
(2) What if they change the IP to visit my site like this again? Any way to prevent this kind of visiting proactively?
I currently have Apache running as part of XAMPP and I am able to run the PHP scripts by accessing them at 127.0.0.1/<program_name>.php but when I try to access them as <my_ip>/<program_name>.php I get no response.
Am I doing something incorrectly or does my configuration need fixing?
assuming you are trying to access from an external ip address you need to setup your router (port forwarding) to send web traffic to the LAN ip of your machine.
you also may need to disable various firewalls at various points in your network.
In short there is not enough information given to provide you a definitive answer.