Find the answer to your Linux question:
Page 3 of 3 FirstFirst 1 2 3
Results 21 to 23 of 23
Code: [Sat Mar 19 15:17:10 2011] [warn] NameVirtualHost 86.120.148.140:80 has no VirtualHosts That means, that there are no VirtualHosts defined for "86.120.148.140:80" Probably your VirtualHosts look like this "*:80" or ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #21
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,382

    Code:
    [Sat Mar 19 15:17:10 2011] [warn] NameVirtualHost 86.120.148.140:80 has no VirtualHosts
    That means, that there are no VirtualHosts defined for "86.120.148.140:80"
    Probably your VirtualHosts look like this "*:80" or this "86.120.148.140", hence the warning.

    As for the logs:
    Again, logs are defined in the configfiles.
    These can be in /etc, /etc/httpd /etc/apache
    If you cant find them:
    Code:
    updatedb
    locate my.cnf
    locate httpd.conf
    locate apache.conf
    Another way of finding them is to look at the files, that are held open by apache and mysql:
    Code:
    lsof |egrep '(apache|http|mysql)' |grep log

    P.S.:
    Glad your sites are up again, but it might be good to have the following actionitems:
    - investigate, if there was an intrusion
    - if yes, how was it done? Then establish countermeasures.
    - consider reinstalling the sites on a new machine
    - documentation: what was installed and how?
    - create a backup system
    Last edited by Irithori; 03-19-2011 at 02:20 PM.
    You must always face the curtain with a bow.

  2. #22
    Just Joined!
    Join Date
    Mar 2011
    Posts
    11
    P.S.:
    Glad your sites are up again, but it might be good to have the following actionitems:
    - investigate, if there was an intrusion
    - if yes, how was it done? Then establish countermeasures.
    - consider reinstalling the sites on a new machine
    - documentation: what was installed and how?
    - create a backup system
    Thank you for all your help, I hope it only was the TMP folder, is there any way of securing the TMP not to execute from tmp ? I have disabled 777 on the TMP folder, preventing it from executing files from it but there is a big problem, all other legit operations of uploading and renaming images for example are not going to happen anymore because there is no permission to write, so is there a way to secure it but with permission 777 on it.

  3. #23
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,382
    Well, if that tmp dir is a partition, you can mount it with nodev and noexec.
    Code:
    man mount
    Then you can use specific tmpdirs per application via application config and/or php.ini/php_admin_value.
    This is a first step to separate applications, that run on one apache instance.
    A further one might be open_basedir.

    But all those measures help little, if the application itself allows (in the worst case) arbitrary command execution.

    So first priority is to get the apps secure, especially the internet facing ones.
    You say, files were copied to and executed from tmp.
    So:
    - What was exploited? ssh, apache,php, your apps, etc?
    - how were those files put there?
    - how were those files executed?


    One more political point:
    Try to get people involved.
    Security is not the sole problem of the OPS team.
    Devs can only work on projects, that have been given priority and ressources by management.
    And at least in my place, management needs a reminder from time to time,
    that investment in structure and security/performance remediation projects pays off in the end

    So, investigate what was the problem, work on solutions and present them.
    It might need some persistence, as such ideas dont generate revenue and have no obvious effect.
    But a cracked server costs:
    - time and ressources to rebuild
    - reputation with your clients/users.
    You must always face the curtain with a bow.

Page 3 of 3 FirstFirst 1 2 3

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •