I've got an abuse message from Spamhouse with following:
The host at this IP address is currently being used to distribute malware.
Malware distribution located here:
http://xxx.xx.xx.xxx:8080/get/get.php
Where http://xxx.xx.xx.xxx is our domain.
We've found that any request to port 8080 returns Malware.
We use Apache 2 on server. But there are now any setting on port 8080.
Just looing for ideas how to fix that bug?
At the moment we closed port 8080. But there are still some malware inside.
Will appreciate for any suggestions.
Pull that server offline now.
Deploy new server.
Ensure all relevant OS and application updates are applied.
Double check security configuration.
Restore your data from a verified backup.
Then investigate the original server logs/etc. for clues as to how you were infected in the first place.
Related
This server worked not too long ago (I don't have a specific date). We use it for testing and had successfully deployed a few applications. Upon returning to the project I could no longer access the applications chrome saying the site cannot be reached when I netstat -an | grep 'LISTEN'.
I can see the unsecured port but the SSL port is missing in action. I asked the networking team if the ports were being blocked and they said no. I tried to force the application to use the secure port by disabling the unsecured port, restarting the managed server but the it fails to start with this configuration.
Any thoughts? SSL is not really my area of expertise (this is my first exposure). When googling the title I didn't see any results that matched the problem I am having, or at least I did not realize they did...
The server will restart if I enable the unsecured port.
# Gerardo Arroyo, yes this seems to be the issue. I assumed that this server used the same certs as other servers in the test system but it seems I was wrong. I will request a new cert from the networking team. Thank you
I'm using Digitalocean cloud hosting server and apache2 in Ubuntu 16.04 VPS. I can browse the site from my local PC and check apache access.log to see the page requests. However when using a mobile device, I cannot get a response from the website. I can ping the server IP address from my phone successfully. However, any requests for the domain root do not create any record in the access.log.
I have attempted to uninstall fail2ban as per this threads:
https://www.digitalocean.com/community/questions/how-to-debug-solve-a-err_connection_timed_out-error-when-this-error-happens-on-some-browsers-but-not-in-another
http://installion.co.uk/ubuntu/vivid/universe/f/fail2ban/uninstall/index.html
I have also tried simply serving a phpinfo() page. However, no still no records in access.log when trying to access from mobile devices. The site is has https enabled and is serving perfectly to a PC.
Also, using a browser testing site (https://www.browserstack.com/) I also get connection timed out errors, and no response records in the access.log.
Any suggestions on where to start troubleshooting this? Is this possibly a problem with Digitalocean itself? Is there anything in the LAMP stack that would specifically be blocking some browsers or IP addresses?
It sounds to me like one of two things is happening here:
Your DNS is not set to point to that IP, but you set it in your operating system's host file on your computer.
Your DNS is correct, but other systems are not yet seeing the change you've made.
Try visiting the IP of the server directly from your mobile device. If anything occurs besides timing out, be it a redirect (even if failed) or a page load, you will know that DNS resolution is the issue. Given that you can ping the IP from your phone I would suggest fail2ban is not related, as fail2ban should block ping as well.
If it turns out to be #2 there, it's just a game of waiting. DNS changes can take up to 48 hours to be seen by all systems. In most cases 4-6 hours is common, but 48 hours is still the recognized standard of "it could possibly take this long."
Jarland
I've been searching and haven't found a solution for this yet.
I have a LAMP server running Centos 5 and cPanel. I have converted the site from http to https. The site works just fine. However, periodically there are ERR_CONNECTION_REFUSED errors on my PC only. This happens only over https and only periodically. Port 443 is open on the server.
FTP, Remote MySQL, SSH, and HTTPS connections are refused during that brief period. I've checked the server's firewall to allow my ip and unblock my ip. The ip is allowed and was never blocked.
We have other PCs connected to the same network with no issues during the brief period where only my connection is refused. I've cleared my cookies and cache with no luck. However, when I run a trace route, it stops at the first hop in our network.
Any suggestions with what I need to do or look at?
Do you think it is a server related issue?
Do you think it is an internal network related issue?
Could it be the issuer of the SSL cert?
You're probably running into a full backlog queue. A Windows server will actively refuse a connection if the backlog queue is currently full. The defence is to increase the backlog or speed up the accept loop.
I was hosting 3 websites from my home server with IIS and due to all of the issues I ran into like sendmail with a php script, I completely uninstalled IIS from Server Manager and installed xampp. I am using Windows Server 2012 R2. Apache will not start due to port 80 being used. I have already tried many of the fixes scattered across the web. Things I have tried:
-Web deployment agent Service has been disabled
-World Wide Web Publishing service is not on any list of services for my PC-Skype is not installed on my PC-MSSQL Server Reporting Services is disabled - I have ran netstat -aon | findstr :80 an serched for all prosesses with port 80, and PID 4 which is NT Kernel & System.
This is where I am stuck, I can not for the life of me find out what is using port 80. I know I can change apache's listening port to 8080 or whatever but I do not want to do that as the URL would have to show that. Is it possible I could have a virus? Are there other ways to narrow down what could be causing this?
Probably the easiest thing to do is point a browser at your server and see what pops up. Sometimes a shutdown and then a restart (not a restart from the Start button, but an actual shutdown) helps clear up various M$ server issues. Good luck!
after installing apache in my pc I cannot visit http://localhost.
firefox shows that :
Firefox can't establish a connection to the server at localhost.
what is the problem? can anyone help
This has nothing to do with your webserver.
Check http://kb.mozillazine.org/Error_loading_any_website .
There are many things that could go wrong in this case. My best bet is to check your proxy or firewall settings.
UPDATE:
Antivirus programs interfere with firewall and security settings, so you might take a look into that... Make sure the port that Apache is running is not blocked by your firewall. Go to the firewall settings and make sure that Apache (or HTTP port number used by Apache) is not blocked
In windows if you installed apache you have to start your apache service first then go throw your Firefox or other browser simply type local host then you can access your server.