hack versuch? kein zugang mehr zum ispcp - sisko - 08-10-2008 11:33 PM
heute morgen hat jemand versucht sich auf meinen server zu hacken. dabei ging der apache down und liess ich nicht mehr starten. fehlermeldung war er faende die dayeo realfunclanbase.de.conf nicht mehr. gut, dachte ich. habe ich die einfach neu erstellt. nun laufen die domains wieder, aber ich kann das ispcp nicht mehr aufrufen. der deamopn laeuft, aber sobald dich die seite fuer den login aufrufe bekomme ich folgendes:
Code:
The requested URL / was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
die domain realfunclanbase.de wurde ja lediglich fuer das ispcp genutzt.
ich haeng mal die errorlog ds apache mit ran. vielleicht weis jemand wie ich das loesen kann.
installiert ist (noch) rc5 auf etch.
[attachment=423]
RE: hack versuch? kein zugang mehr zum ispcp - totototo - 08-11-2008 12:21 AM
wenn du aber die ip deines servers aufrufst dann ist der login da http://88.198.27.53/
irgend was an der domain/dns eintrag verändert?
RE: hack versuch? kein zugang mehr zum ispcp - sisko - 08-11-2008 12:42 AM
ja. dann ist der da. geaendert hab ich nichts. komisch ist ja das der apache sich weigerte zu starten weil die realfunclanbase.de.conf fehlte. die war meines wissens nach noch nie da, weil die domain ja nicht eingerichtet wurde, sondern lediglich beim install des ispcp angegeben wurden.
ich denke mal das ich den login nicht mehr aufrufen kann weil ich die conf dafuer eingefuegt habe in /etc/apache2/ispcp um den apache starten zu koennen. nun ist die da und die anderen domains laufen wieder. nur komm ich ueber die herkoemmliche adresse http://admin.88-198-27-53.clients.realfunclanbase.de/ nicht mehr ins interface. wieso nicht? kein plan.
RE: hack versuch? kein zugang mehr zum ispcp - bb21 - 08-11-2008 10:48 PM
was steht in deiner
/etc/apache2/sites-enabled/00_master.conf?
scheint als fände er dein htdocs verzeichnis nicht.
RE: hack versuch? kein zugang mehr zum ispcp - ZooL - 08-11-2008 11:08 PM
ich sehe in deiner error log noch mehr sachen die in deinem server im argen sind und
nicht nur diese einträge...
----------
[Sun Aug 10 02:46:44 2008] [error] [client 58.38.199.17] File does not exist: /htdocs
----------
sondern auch diese:
-----------
[Sun Aug 10 02:43:20 2008] [error] [client 85.114.141.152] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23):w00tw00t.at.ISC.SANS.DFind
-------------
mfg
RE: hack versuch? kein zugang mehr zum ispcp - Dexus - 08-12-2008 02:06 AM
[Sun Aug 10 02:43:20 2008] [error] [client 85.114.141.152] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23):w00tw00t.at.ISC.SANS.DFindSmile
solche logs habe ich auch, teilweise, was ist das?
RE: hack versuch? kein zugang mehr zum ispcp - sisko - 08-12-2008 02:50 AM
also in der master.conf der sites-enabled/available steht das:
Code:
#
# ispCP ω (OMEGA) a Virtual Hosting Control System
#
# @copyright 2001-2006 by moleSoftware GmbH
# @copyright 2006-2008 by ispCP | http://isp-control.net
# @version SVN: $ID$
# @link http://isp-control.net
# @author ispCP Team
#
# @license
# This program is free software; you can redistribute it and/or modify it under
# the terms of the MPL General Public License as published by the Free Software
# Foundation; either version 1.1 of the License, or (at your option) any later
# version.
# You should have received a copy of the MPL Mozilla Public License along with
# this program; if not, write to the Open Source Initiative (OSI)
# http://opensource.org | osi@opensource.org
#
################################################################################
#
# Master Begin
#
<VirtualHost 88.198.27.53:80>
ServerAdmin info@realfunclan-base.de
DocumentRoot /var/www/ispcp/gui
ServerName admin.88-198-27-53.client.realfunclanbase.de
ErrorLog /var/log/apache2/users/admin.88-198-27-53.client.realfunclanbase.de-error.log
TransferLog /var/log/apache2/users/admin.88-198-27-53.client.realfunclanbase.de-access.log
CustomLog /var/log/apache2/admin.88-198-27-53.client.realfunclanbase.de-traf.log traff
CustomLog /var/log/apache2/admin.88-198-27-53.client.realfunclanbase.de-combined.log combined
Alias /errors /var/www/ispcp/gui/errordocs/
ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
ErrorDocument 503 /errors/503.html
Alias /pma /var/www/ispcp/gui/tools/pma/
Alias /webmail /var/www/ispcp/gui/tools/webmail/
Alias /ftp /var/www/ispcp/gui/tools/filemanager/
Alias /antispam /var/www/ispcp/gui/tools/antispam/
<IfModule suexec_module>
SuexecUserGroup vu2000 vu2000
</IfModule>
<Directory /var/www/ispcp/gui>
Options -Indexes Includes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule mod_fastcgi.c>
ScriptAlias /php4/ /var/www/fcgi/master/
ScriptAlias /php5/ /var/www/fcgi/master/
<Directory "/var/www/fcgi/master">
AllowOverride None
Options +ExecCGI MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
<IfModule mod_php4.c>
<Directory /var/www/ispcp/gui>
php_admin_value open_basedir "/var/www/ispcp/gui/:/etc/ispcp/:/var/run/ispcp.lock:/proc/:/bin/df:/bin/mount:/var/log/rkhunter.log:/var/log/chkrootkit.log:/usr/share/php/"
php_admin_value session.save_path "/var/www/ispcp/gui/phptmp/"
php_admin_value upload_tmp_dir "/var/www/ispcp/gui/phptmp/"
</Directory>
</IfModule>
<IfModule mod_php5.c>
<Directory /var/www/ispcp/gui>
php_admin_value open_basedir "/var/www/ispcp/gui/:/etc/ispcp/:/var/run/ispcp.lock:/proc/:/bin/df:/bin/mount:/var/log/rkhunter.log:/var/log/chkrootkit.log:/usr/share/php/"
php_admin_value session.save_path "/var/www/ispcp/gui/phptmp/"
php_admin_value upload_tmp_dir "/var/www/ispcp/gui/phptmp/"
</Directory>
</IfModule>
</VirtualHost>
#
# Master End
#
sieht fuer mich eigentlich ok aus. das witzige ist ja das seit dem prob der apache unbedingt ein webverzeichnis fuer die domain 'realfunclanbase.de' haben will bzw. die als eigentliche domain angelegt sein muss. das war ja vorher auch nicht der fall.
ich wollte eigentlich updaten auf rc6. die frage ist nun also ob cih das fixen kann oder besser (mal wieder) ne neuinstallation durchfuehren sollte.
wie gesgat, hatte ich die domain realfunclanbase.de lediglich fuer das ispcp verwendet, aber nie regulaer angelegt.
RE: hack versuch? kein zugang mehr zum ispcp - bb21 - 08-12-2008 02:56 AM
sieht ganz ok aus, was sagt die apache log dazu?
ps: "ServerName admin.88-198-27-53.client.realfunclanbase.de" fänd ich nich so toll
admin.realfunclanbase.de fänd ich schöner XD
RE: hack versuch? kein zugang mehr zum ispcp - sisko - 08-12-2008 03:25 AM
hm. die aktuelle log sieht so aus (sorry falls die fuers posten schon zu gross sein sollte):
Code:
[Sun Aug 10 13:07:08 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Sun Aug 10 13:07:08 2008] [notice] FastCGI: wrapper mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Sun Aug 10 13:07:08 2008] [notice] FastCGI: process manager initialized (pid 3297)
[Sun Aug 10 13:07:08 2008] [warn] FastCGI: server "/var/www/fcgi/master/php5-fcgi-starter" (uid 2000, gid 2000) started (pid 3303)
[Sun Aug 10 13:07:08 2008] [notice] Apache/2.2.3 (Debian) mod_fastcgi/2.4.2 configured -- resuming normal operations
[Sun Aug 10 13:07:17 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/realfunclan-base.de/php5-fcgi-starter" (uid 2002, gid 2002) started (pid 3361)
[Sun Aug 10 13:07:26 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/eightball-fc.de/php5-fcgi-starter" (uid 2023, gid 2023) started (pid 3365)
[Sun Aug 10 13:09:01 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/blitzer-standort.de/php5-fcgi-starter" (uid 2022, gid 2022) started (pid 3441)
[Sun Aug 10 13:11:13 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/winklersven.de/php5-fcgi-starter" (uid 2012, gid 2012) started (pid 3515)
[Sun Aug 10 13:13:33 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/bloodydevilsguard.de/php5-fcgi-starter" (uid 2014, gid 2014) started (pid 3521)
[Sun Aug 10 13:14:28 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/avh-gym.de/php5-fcgi-starter" (uid 2015, gid 2015) started (pid 3526)
[Sun Aug 10 13:24:35 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/phx-clan.de/php5-fcgi-starter" (uid 2009, gid 2009) started (pid 3575)
[Sun Aug 10 13:34:47 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/wellenfront.org/php5-fcgi-starter" (uid 2018, gid 2018) started (pid 3885)
[Sun Aug 10 14:32:18 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/realfunclan-base.de/php5-fcgi-starter" (uid 2002, gid 2002) started (pid 4659)
[Sun Aug 10 14:33:04 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/realfunclan-base.de/php5-fcgi-starter" (pid 4659) termination signaled
[Sun Aug 10 14:33:04 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/realfunclan-base.de/php5-fcgi-starter" (pid 4659) terminated by calling exit with status '0'
[Sun Aug 10 14:48:37 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/b1-clan.de/php5-fcgi-starter" (uid 2019, gid 2019) started (pid 4776)
[Sun Aug 10 16:50:29 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/haflingerfreunde.net/php5-fcgi-starter" (uid 2004, gid 2004) started (pid 6403)
[Sun Aug 10 18:03:31 2008] [error] [client 88.204.136.6] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Sun Aug 10 18:03:31 2008] [error] [client 88.204.136.6] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Sun Aug 10 18:03:31 2008] [error] [client 88.204.136.6] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Sun Aug 10 18:03:31 2008] [error] [client 88.204.136.6] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Sun Aug 10 18:03:34 2008] [error] [client 88.204.136.6] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Sun Aug 10 18:39:20 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/tragig.de/php5-fcgi-starter" (uid 2025, gid 2025) started (pid 7881)
[Sun Aug 10 22:03:01 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:01 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:01 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:01 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:01 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:01 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:01 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:01 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:04 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:04 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:04 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:04 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:04 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:04 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:04 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:04 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:04 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:04 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:04 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:04 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:04 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:04 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:07 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:07 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:07 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Sun Aug 10 22:03:07 2008] [error] [client 87.139.81.79] File does not exist: /htdocs
[Mon Aug 11 03:05:43 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/erosclick.de/php5-fcgi-starter" (uid 2001, gid 2001) started (pid 29793)
[Mon Aug 11 04:58:27 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/realfunclan-base.de/php5-fcgi-starter" (uid 2002, gid 2002) restarted (pid 31706)
[Mon Aug 11 04:58:32 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/realfunclan-base.de/php5-fcgi-starter" (uid 2002, gid 2002) started (pid 31712)
[Mon Aug 11 04:58:45 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/realfunclan-base.de/php5-fcgi-starter" (pid 31712) termination signaled
[Mon Aug 11 04:58:45 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/realfunclan-base.de/php5-fcgi-starter" (pid 31712) terminated by calling exit with status '0'
[Mon Aug 11 04:59:37 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/realfunclan-base.de/php5-fcgi-starter" (uid 2002, gid 2002) restarted (pid 31717)
[Mon Aug 11 04:59:42 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/realfunclan-base.de/php5-fcgi-starter" (uid 2002, gid 2002) started (pid 31720)
[Mon Aug 11 04:59:45 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/realfunclan-base.de/php5-fcgi-starter" (pid 31720) termination signaled
[Mon Aug 11 04:59:45 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/realfunclan-base.de/php5-fcgi-starter" (pid 31720) terminated by calling exit with status '0'
[Mon Aug 11 05:00:45 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/realfunclan-base.de/php5-fcgi-starter" (pid 31717) termination signaled
[Mon Aug 11 05:00:45 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/realfunclan-base.de/php5-fcgi-starter" (pid 31717) terminated by calling exit with status '0'
[Mon Aug 11 05:01:45 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/realfunclan-base.de/php5-fcgi-starter" (pid 31706) termination signaled
[Mon Aug 11 05:01:45 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/realfunclan-base.de/php5-fcgi-starter" (pid 31706) terminated by calling exit with status '0'
[Mon Aug 11 06:25:48 2008] [notice] caught SIGTERM, shutting down
[Mon Aug 11 06:25:50 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Mon Aug 11 06:25:50 2008] [notice] FastCGI: wrapper mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Mon Aug 11 06:25:50 2008] [notice] FastCGI: process manager initialized (pid 435)
[Mon Aug 11 06:25:50 2008] [warn] FastCGI: server "/var/www/fcgi/master/php5-fcgi-starter" (uid 2000, gid 2000) started (pid 436)
[Mon Aug 11 06:25:50 2008] [notice] Apache/2.2.3 (Debian) mod_fastcgi/2.4.2 configured -- resuming normal operations
[Mon Aug 11 06:25:53 2008] [notice] caught SIGTERM, shutting down
[Mon Aug 11 06:25:57 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Mon Aug 11 06:25:57 2008] [notice] FastCGI: wrapper mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Mon Aug 11 06:25:57 2008] [notice] FastCGI: process manager initialized (pid 642)
[Mon Aug 11 06:25:57 2008] [warn] FastCGI: server "/var/www/fcgi/master/php5-fcgi-starter" (uid 2000, gid 2000) started (pid 643)
[Mon Aug 11 06:25:57 2008] [notice] Apache/2.2.3 (Debian) mod_fastcgi/2.4.2 configured -- resuming normal operations
[Mon Aug 11 06:27:14 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/eightball-fc.de/php5-fcgi-starter" (uid 2023, gid 2023) started (pid 15602)
[Mon Aug 11 06:28:37 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/blitzer-standort.de/php5-fcgi-starter" (uid 2022, gid 2022) started (pid 15606)
[Mon Aug 11 06:43:28 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/bloodydevilsguard.de/php5-fcgi-starter" (uid 2014, gid 2014) started (pid 15865)
[Mon Aug 11 06:44:10 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/wellenfront.org/php5-fcgi-starter" (uid 2018, gid 2018) started (pid 15869)
[Mon Aug 11 06:52:54 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/realfunclan-base.de/php5-fcgi-starter" (uid 2002, gid 2002) started (pid 15890)
[Mon Aug 11 07:00:07 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/erosclick.de/php5-fcgi-starter" (uid 2001, gid 2001) started (pid 16161)
[Mon Aug 11 07:00:20 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/phx-clan.de/php5-fcgi-starter" (uid 2009, gid 2009) started (pid 16164)
[Mon Aug 11 07:23:47 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/avh-gym.de/php5-fcgi-starter" (uid 2015, gid 2015) started (pid 16252)
[Mon Aug 11 07:25:39 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/winklersven.de/php5-fcgi-starter" (uid 2012, gid 2012) started (pid 16261)
[Mon Aug 11 07:55:10 2008] [error] [client 87.106.96.131] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon Aug 11 07:55:10 2008] [error] [client 87.106.96.131] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon Aug 11 07:55:10 2008] [error] [client 87.106.96.131] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon Aug 11 07:55:10 2008] [error] [client 87.106.96.131] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon Aug 11 07:55:10 2008] [error] [client 87.106.96.131] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon Aug 11 08:37:05 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/haflingerfreunde.net/php5-fcgi-starter" (uid 2004, gid 2004) started (pid 17269)
[Mon Aug 11 09:05:59 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/tragig.de/php5-fcgi-starter" (uid 2025, gid 2025) started (pid 17623)
[Mon Aug 11 11:15:25 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/b1-clan.de/php5-fcgi-starter" (uid 2019, gid 2019) started (pid 19071)
[Mon Aug 11 13:52:05 2008] [error] [client 78.47.154.12] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon Aug 11 13:52:05 2008] [error] [client 78.47.154.12] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon Aug 11 13:52:05 2008] [error] [client 78.47.154.12] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon Aug 11 13:52:05 2008] [error] [client 78.47.154.12] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon Aug 11 13:52:05 2008] [error] [client 78.47.154.12] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon Aug 11 14:18:20 2008] [error] [client 87.106.96.131] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon Aug 11 14:18:20 2008] [error] [client 87.106.96.131] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon Aug 11 14:18:20 2008] [error] [client 87.106.96.131] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon Aug 11 14:18:20 2008] [error] [client 87.106.96.131] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon Aug 11 14:18:20 2008] [error] [client 87.106.96.131] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon Aug 11 18:53:40 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/wellenfront.org/php5-fcgi-starter" (uid 2018, gid 2018) started (pid 6032)
[Mon Aug 11 18:53:50 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/wellenfront.org/php5-fcgi-starter" (pid 6032) termination signaled
[Mon Aug 11 18:53:50 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/wellenfront.org/php5-fcgi-starter" (pid 6032) terminated by calling exit with status '0'
[Mon Aug 11 18:54:38 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/wellenfront.org/php5-fcgi-starter" (uid 2018, gid 2018) restarted (pid 6037)
[Mon Aug 11 18:54:51 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/wellenfront.org/php5-fcgi-starter" (pid 6037) termination signaled
[Mon Aug 11 18:54:51 2008] [warn] FastCGI: (dynamic) server "/var/www/fcgi/wellenfront.org/php5-fcgi-starter" (pid 6037) terminated by calling exit with status '0'
dieser shit /w00tw00t.at.ISC.SANS.DFind taucht immer wieder auf.
warum das htdocs nicht existiert habe ich ja schon erklaert.
beim start meckert der apache rum:
Code:
Starting web server (apache2)...Warning: DocumentRoot [/var/www/virtual/realfunclanbase.de/htdocs] does not exist
ist ja klar, weil die dom ja nicht angelegt ist, sondern ich lediglich die file erstellt habe damit die domain swiedre laufen.
naja. das mit dem namen hatte ich so beim ersten install gemacht, als noch die anleitung speziell fuer hetzner recent war. hab das dann so beibehalten weil die domaininhaber die adresse in den favoriten haben. nicht elegant, aber so bekomm ich nicht staendig anfragen weil sich was geaendert hat. die lesen ja infos und newsletter meist nicht
RE: hack versuch? kein zugang mehr zum ispcp - ZooL - 08-12-2008 03:53 AM
als erklärung für die unwissenden unter euch....
-----------
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind
-----------
kann man als fingerabdruckscanner bezeichnen und ist schon als Hacker Tool identifyziert worden also vorsicht wenns zuviele anfragen werden...
oder auch nicht? bin ja nicht allwissend und meine glaskugel ist in der wäscherrei...
mfg
|