[lug] ARRG! Change One Little Thing And... HACKED?
Bill Thoen
bthoen at gisnet.com
Tue Aug 16 09:53:41 MDT 2005
When I first tried netstat -vantp|grep 443 (per somene's suggestion) it
cane back with some sort of samba -d process (I'm not running samba as far
as I know), so I killed that process. It died but a new one appeared with
a more disturbing hint. And I can't kill this one, either. What should
apache have to do with sendmail? Is this evidence of a hack? I now get
this:
[root]# netstat -vantp|grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
537/sendmail: accep
tcp 317 0 206.168.217.249:80 192.200.5.40:44378
CLOSE_WAIT -
- Bill Thoen
On Tue, 16 Aug 2005, Michael Belanger wrote:
> It may not have shutdown completely/gracefully. Check for running httpd
> processes and also httpd.pid or equiv in /var/run or where configured.
>
>
> Bill Thoen wrote:
> > My web server (apache on RH 9) has been ticking along perfectly for months
> > with no restarts, but then someone told me one of my web pages wasn't
> > producing the right mime type for an SVG file. So I added
> >
> > AddType image/svg+xml .svg
> >
> > to /etc/httpd/conf/httpd.conf, and tried to resart the httpd service.
> > Well, it stopped allright, but it won't start now, and I get this message:
> >
> > Starting httpd: (98)Address already in use: make_sock: could not bind to
> > address 0.0.0.0:443 no listening sockets available, shutting down
> >
> > Does anyone know what this means (besides the fact that my web site is now
> > flatlined?)
> >
> > TIA,
> >
> > - Bill Thoen
> >
> >
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
>
>
More information about the LUG
mailing list