Re: Apache web server being attacked
Hi, Am 19.05.10 05:00, schrieb Aiza: Where do I find documentation on how to enable and use apache mods rewrite and redirect? have you tried the apache.org website? There is a lot of information and examples available: http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html Also google helps a lot answering this questions or find examples. Bye, Matthias -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: apache 2.2.15_7 upgrade fails
> apache-2.2.15_5 < needs updating (index has 2.2.15_7) > it also installed apr-ipv6-devrandom-gdbm-db42 1.4.2.1.3.9_1 > but apache fails to build, > Is there a solution? I had the same problem. Then I read /usr/ports/UPDATING, and from that file its says this: 20100518: AFFECTS: users of devel/apr0, devel/apr1, www/apache20, www/apache22 AUTHOR: pgollu...@freebsd.org devel/apr has been renamed to devel/apr1 WITH_APR_FROM_PORTS=yes for www/apache22 has been dissolved and may be removed from your configs. devel/apr1 is always used now. Please manually delete apache-2.\* if installed _before_ updating using either portmaster or portupgrade. # pkg_delete -f apache-2.\* If you use portmaster: portmaster -o devel/apr1 devel/apr If you use portupgrade: portupgrade -f -o devel/apr1 devel/apr Finally re-install apache if you deleted it earlier and update ports as usual. (where XX is either 20 or 22) portinstall www/apacheXX ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
apache 2.2.15_7 upgrade fails
There was a upgrade today of apache: apache-2.2.15_5 < needs updating (index has 2.2.15_7) it also installed apr-ipv6-devrandom-gdbm-db42 1.4.2.1.3.9_1 but apache fails to build, Is there a solution? --- ... /usr/local/build-1/libtool --silent --mode=compile cc -I/usr/local/include -O2 -pipe -I/usr/include -DLDAP_DEPRECATED -fno-strict-aliasing -I. -I/usr/port s/www/apache22/work/httpd-2.2.15/os/unix -I/usr/ports/www/apache22/work/httpd-2. 2.15/server/mpm/prefork -I/usr/ports/www/apache22/work/httpd-2.2.15/modules/http -I/usr/ports/www/apache22/work/httpd-2.2.15/modules/filters -I/usr/ports/www/ap ache22/work/httpd-2.2.15/modules/proxy -I/usr/ports/www/apache22/work/httpd-2.2. 15/include -I/usr/ports/www/apache22/work/httpd-2.2.15/modules/generators -I/usr /ports/www/apache22/work/httpd-2.2.15/modules/mappers -I/usr/ports/www/apache22/ work/httpd-2.2.15/modules/database -I/usr/local/include/apr-1 -I/usr/local/inclu de -I/usr/ports/www/apache22/work/httpd-2.2.15/modules/proxy/../generators -I/us r/include -I/usr/ports/www/apache22/work/httpd-2.2.15/modules/ssl -I/usr/ports/w ww/apache22/work/httpd-2.2.15/modules/dav/main -prefer-non-pic -static -c export s.c && touch exports.lo /usr/local/build-1/libtool: not found *** Error code 127 Stop in /usr/ports/www/apache22/work/httpd-2.2.15/server. *** Error code 1 Stop in /usr/ports/www/apache22/work/httpd-2.2.15/server. *** Error code 1 Stop in /usr/ports/www/apache22/work/httpd-2.2.15. *** Error code 1 Stop in /usr/ports/www/apache22. *** Error code 1 top in /usr/ports/www/apache22. *** Error code 1 Stop in /usr/ports/www/apache22. ** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade20100519-72 420-15r8xss-0 env UPGRADE_TOOL=portupgrade UPGRADE_PORT=apache-2.2.15_5 UPGRADE_ PORT_VER=2.2.15_5 make DEPENDS_TARGET=package reinstall ---> Updating dependency info ---> Modifying /var/db/pkg/php52-5.2.13/+CONTENTS ---> Modifying /var/db/pkg/php52-ctype-5.2.13/+CONTENTS ... pkg_add: -f specified; proceeding anyway ---> Keeping old package in '/usr/ports/packages/All' ** Fix the installation problem and try again. ---> Installation of www/apache22 ended at: Wed, 19 May 2010 06:57:33 +0200 (co nsumed 00:07:43) ---> Upgrade of www/apache22 ended at: Wed, 19 May 2010 06:57:33 +0200 (consume d 00:15:29) ---> ** Upgrade tasks 1: 0 done, 0 ignored, 0 skipped and 1 failed [Updating the pkgdb in /var/db/pkg ... - 414 packages found ( -0 +4) done] ---> Listing the results (+:done / -:ignored / *:skipped / !:failed) ! www/apache22 (apache-2.2.15_5)(install error) ---> Packages processed: 0 done, 0 ignored, 0 skipped and 1 failed ---> Session ended at: Wed, 19 May 2010 06:57:43 +0200 (consumed 00:17:01) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache web server being attacked
Matthew Seaman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 18/05/2010 11:00:16, Aiza wrote: I put apache13 in a jail and left inbound port 80 open in my firewall. There is no domain name pointing to my web server. The content there is a small apache web application that fools web email address harvest programs into harvesting bogus email address from web page. http://www.monkeys.com/wpoison This is what I am doing. Since setting this up I have not had any bots scan the site for email address. But have had port 80 attacks that did not work. MY Apache access and error logs follow. [lots of logfile traces elided] Yes. Unfortunately this sort of thing is the norm on the web nowadays. It's all automated: first they program their botnets to scan for a web server listening on port 80. Then they use them to attempt to compromise whatever they find -- in your case, most of what you're seeing is an attempt to gather information on what PHP capabilities your web server might have. What they are doing is trying in turn a lot of the popular locations for installing apps like phpmyadmin or phppgadmin. Yes, they are doing this in a particularly clueless fashion -- what exactly did you expect of the sort of people that think creating botnets is a good idea? They'll probably grow out of it when they hit puberty. In the mean time, as you don't have phpmyadmin or anything similar installed, this is just an annoyance for you -- it clutters up your log files but does nothing else. If you did want to install phpmyadmin on that server, you should take care to 1) Keep it up to date -- there haven't been any PMA security advisories for some months, but at one point they were coming out about one a week. PMA does have some very active developers though, and new versions appear every month or two. 2) Be sure to use access controls in your apache config to limit where PMA can be accessed from. Ideally, run it over HTTPS as well -- by its nature, you will tend to send DB passwords etc. to this application, and you want to avoid having them snooped. 3) If you use the on-line phpmyadmin configurator, be sure to clean up after yourself once you've generated a config file. To use the on-line configurator you have to create a directory /usr/local/www/phpMyAdmin/config which you make read/write by the user the webserver runs as. Once you've created the config.inc.php in that directory, you need to move it up one level in the directory heirarchy, and then delete the config directory you created. (That's what your attacker is so desperate to find -- because the directory is read-write by the webserver process, they can use it to upload malware to your system.) Cheers, Matthew - -- I take a totally different approach to this problem for my production web sites. This is the result of people running scripts that roll through a large block of ip address scanning each ip address for open [STANDARD\] ports, and when they find port 80 open, they then attack the web server. The simple solution is not to have your web server use the standard port 80. Your web site is not know by it's ip address but by it's url (ie; www.domain-name.com.). My domain name register has option to associate my "www.domain-name.com" with any port number I want to use at the specified ip address. This way my web site has total access by anyone who knows it's URl, the URL is scanned by yahoo and google indexing bot and becomes know to the public. Nobody knows or cares that the web site is not using port 80. I then close inbound port 80 in my firewall thus locking out all the script kiddies who run the port scan on standard ports. This method has worked for me the last 10 years without ever having my production web servers attacked. Sure some nay sayers will counter by saying all the scanners have to do is scan all the ports. Yah sure that can be done, but in 10 years it has never occurred. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache web server being attacked
Michael Powell wrote:
Aiza wrote:
I put apache13 in a jail and left inbound port 80 open in my firewall.
There is no domain name pointing to my web server. The content there is
a small apache web application that fools web
email address harvest programs into harvesting bogus email address from
web page. http://www.monkeys.com/wpoison This is what I am doing.
Since setting this up I have not had any bots scan the site for email
address. But have had port 80 attacks that did not work. MY Apache
access and error logs follow.
[snip log content]
As you can see looks like a script kiddy is running something they dont
understand. "/usr/local/www/data//phpmyadmin2/config.inc.php"
there should only be a single / between data/phpmyadmin2.
But beside that looks like php config.inc.php file is a target and
phpmyadmin also is a target. The apache return code 404 means not found
so no effect to me.
Has anyone seen this junk hitting their apache web servers or have any
different explanation of what this means?
Sorry to tell you this, but this kind of thing goes on all the time. You can
fine tune mod_security for some control for SQL injection techniques, as
well as many other generic forms of locking down the web server in general.
Generally speaking, the bulk of this does nothing more than filling the logs
- BUT - all it takes is for one app to let the attacker "leak" onto your
hard drive and they're in. I see a lot of scans for roundcube and
phpMyAdmin. Have also seen a lot of phpBB in the past.
The attackers spew lots of requests but the needle in the haystack they are
looking for is that one app that has a known vulnerability. In addition to
securing the web server itself you should monitor any app running on it for
reported security flaws and keep them updated to the latest "safe" versions.
You can also add to the hardening of your web server (if Apache) with
various .htaccess + mod_rewrite tricks. Examples include:
# block all smarty templates (no reason to have these exposed)
RedirectMatch gone ^/.*\.tpl$
# block all .log (log files), .sql (sql dump/export) and .conf (config
files) files in case some day these files move to another directory
RedirectMatch gone ^.*\.(sql|log|conf)$
# block access to the 'Smarty-*' directory
RedirectMatch gone ^.*Smarty.*$
# block common files present that you don't want served
RedirectMatch gone CHANGELOG.*
RedirectMatch gone COPYRIGHT.*
RedirectMatch gone INSTALL.*
RedirectMatch gone NEW.*
RedirectMatch gone README.*
RedirectMatch gone UPGRADE.*
RedirectMatch gone VERSION.*
# block access to directories
Redirect gone /upgrade
Redirect gone /tmp
Redirect gone /var
Redirect gone /sql
#Redirect pesky stuff based on referrer
Options -MultiViews -Indexes
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} ^Twiceler [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Morfeus [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Toata [NC]
RewriteRule .* - [F,L]
There is much and many more, just a couple of examples for ideas. :-)
-Mike
Where do I find documentation on how to enable and use apache mods
rewrite and redirect?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: I can't execute a script in crontab
On 05/18/2010 14:52, Yavuz Maþlak wrote: I use freebsd7.2 I wish to send a file using crontab as periodic. I have a script to send the file. When I am root, I can execute my script, but I can't execute the script using crontab. How can I run it ? cat myscript /usr/bin/scp -i /root/.ssh/id_rsa.pub /root/cpfile When using scp's -i (identity) switch, you should specify the private key file, not the public key file. Perhaps this is the problem you are having. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: using automounter (automatically mounting USB drives)
2010/5/18 Eitan Adler : > How can I automatically mount USB drives when I plug them in? > I found a program sysutils/automounter which appears to create a link > /media/msdosfs/USB20FD but doesn't actually mount anything. > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > I don't know sysutils/automounter, but the COMMENT=Provides scripts to dynamically configure amd would means that it only prepare the devices entries to be used by the amd(8) daemon (amd — automatically mount file systems) Take a look at the amd(8) manpage (I can't help you I never used it) and the rc.conf(5) to enable it. -- Demelier David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: I can't execute a script in crontab
Either make the script executable or cron it like this: * * * * * /bin/sh /path/to/myscript -- Paul Schmehl, Senior Infosec Analyst On 5/18/10 3:40 PM, Yavuz Maşlak wrote: the script is already executable but it doesn't work -rwxrwxrwx 1 root wheel .. This list frowns on top posting, so please don't. How do you know it doesn't work? Seriously. You really need to tell us what what you're doing, exactly, step by step, and what is happening when you do it, if anything. Are you using root's crontab or something else? Does /root/.ssh/id_rsa.pub have a passphrase on it? -- --Jon Radel j...@radel.com
Re: I can't execute a script in crontab
--On Tuesday, May 18, 2010 21:52:43 +0300 Yavuz Maşlak wrote: I use freebsd7.2 I wish to send a file using crontab as periodic. I have a script to send the file. When I am root, I can execute my script, but I can't execute the script using crontab. How can I run it ? cat myscript /usr/bin/scp -i /root/.ssh/id_rsa.pub /root/cpfile r...@192.168.10.9:/var/cpfile Either make the script executable or cron it like this: * * * * * /bin/sh /path/to/myscript -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: I can't execute a script in crontab
The script must start with #!/bin/sh and be executable On Tue, 18 May 2010 21:52:43 +0300 Yavuz Maşlak wrote: > I use freebsd7.2 > > I wish to send a file using crontab as periodic. I have a script to > send the file. > When I am root, I can execute my script, but I can't execute the > script using crontab. > How can I run it ? > > cat myscript > /usr/bin/scp -i /root/.ssh/id_rsa.pub /root/cpfile > r...@192.168.10.9:/var/cpfile > > Thanks > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscr...@freebsd.org" signature.asc Description: PGP signature
Re: I can't execute a script in crontab
the script is already executable but it doesn't work -rwxrwxrwx 1 root wheel .. Either make the script executable or cron it like this: * * * * * /bin/sh /path/to/myscript -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: USB1.1 WIFI adapted recommendation
On May 14, 2010, at 3:48 PM, Chris Whitehouse wrote: mikel king wrote: I am refurbishing a laptop that only has USB1.1 and now built-in WIFI. Anyone with experience in these devices able to make a recommendation for a reliable device? I have an old Belkin F5D7050 USB wifi adapter - you can still buy them. May 14 20:45:17 muji2 kernel: ugen4.4: at usbus4 May 14 20:45:17 muji2 kernel: ural0: Adapter, class 0/0, rev 2.00/0.01, addr 4> on usbus4 May 14 20:45:17 muji2 kernel: ural0: MAC/BBP RT2570 (rev 0x03), RF RT2526 Seems to work ok in a USB 1.1 port, never done benchmarks but it seems reliable enough for internet. Chris Thanks I'll give it a go! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
I can't execute a script in crontab
I use freebsd7.2 I wish to send a file using crontab as periodic. I have a script to send the file. When I am root, I can execute my script, but I can't execute the script using crontab. How can I run it ? cat myscript /usr/bin/scp -i /root/.ssh/id_rsa.pub /root/cpfile r...@192.168.10.9:/var/cpfile Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: 7.2 to 8.0 upgrade issues
On Tue, May 18, 2010 at 2:28 AM, n dhert wrote: > Upgrading a freebsd7.2 (i386) system to 8.0 > After > # freebsd-update -r 8.0-RELEASE upgrade > # freebsd-update install > reboot > # freebsd-update install > I did > # portupgrade -af --batch --yes > after 17 hours (mostly during the night..), it finished with > ---> ** Upgrade tasks 425: 199 done, 1 ignored, 3 skipped and 1 failed > (no error messages here..) > Unfortunately, I didn't log the screen output to a file .. > - how can I find out what port failed and which where skipped and ignored? > - is it normal this didn't recompile all 425 ports? > - to rebuild the failed port: is # portupgrade -fr OK? > Hard to say, sometimes there are obscure failures. You can try it and see but make sure you're following /usr/ports/UPDATING. In those massive upgrade situations, I've found it to be much easier to use portmaster and the method outlined in it's man page. No need for UPDATING then and no funky or crazy behavior from updating. It can be quicker doing it the way you are, but for me that's only been the case on system that have relatively few ports installed <150~. I'll use the portmaster method even when just updating ports system sometimes if a lower level lib has been updated(eg libjpeg). You can also modify the method and build stuff in a jail/VM and install on main host when ready. -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: http://localhost/phpmyadmin
On Tue, 18 May 2010 15:53:31 + (GMT), TERRY ELLENDER wrote: > How to I free Port > 80 on my computer. Usually by enabling (or not disabling) it in your firewall configuration (pf or ipfw). > When I do a port check it shaows > that Port 80 is in use by the'system' What utility do you use to check ports? Maybe you can provide your firewall configuration and the output of the nmap program (you can install it from ports) to show if your settings have the desired effect? > Can you help? Please. More information is needed. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: natd in 8.1
Здравствуйте, Casey. What does natd with '-v' options shows? what is aliasing? You must bind natd to external interface NEVER DO: any to any divert!!! NOTICE: no traffice go through this rule CS> 05000 00 divert 8668 ip from any to any out via fxp0 NEVER DO: open firewall because of security reasons CS> 0500129 1484 allow ip from any to any All 'ALLOW' rules are useless! because of 5001 rule You drop all traffic before divert ;-) this make me confused a little CS> 04000 75224282 deny log logamount 1 ip from any to any CS> 05000 00 divert 8668 ip from any to any out via fxp0 NOTICE: CS> 0120029 1484 skipto 5000 ip from 192.168.1.0/24 to any out via fxp0 setup keep-state maybe there some bugs in ipfw, try 4999 Please post where problem were for other readers with same question thank Вы писали 18 мая 2010 г., 18:51:10: CS> I recently rebuilt a server from 7.x to 8.x. Using the exact CS> same firewall & natd config, natd appears not to be aliasing the CS> private address when the traffic leaves the external interface. CS> When sniffing traffic w/ tcpdump, I see the private address as the CS> source address on the outbound request. CS> e.g. CS> 192.168.1.1 = internal source of request CS> 74.75.76.77 = public address (website) CS> 12.13.14.15 = CS>InternalExternal 192.168.1.10 ->> 74.75.76.77(NAT) 192.168.1.10 -> 74.75.76.77 CS> Rather than it should be: CS>InternalExternal 192.168.1.10 ->> 74.75.76.77(NAT) 12.13.14.15 -> 74.75.76.77 CS> Watching natd with ktrace shows that no traffic gets passed to CS> natd when the source is internal, however external traffic passes through it. CS> Firewall config: CS> --- CS> 00200 11946 3204818 allow ip from any to any via lo0 CS> 00300 00 deny ip from any to 127.0.0.0/8 CS> 0030110 528 deny ip from any to 74.94.69.225 dst-port 445 CS> 00302 1 78 deny ip from any to 74.94.69.225 dst-port 137 CS> 00303 9 544 deny ip from any to 74.94.69.225 dst-port 135 CS> 00304 00 deny ip from 224.0.0.0/4 to any via fxp0 CS> 00305 67118788 deny ip from any to 224.0.0.0/4 via fxp0 CS> 01000 9093 1158436 allow ip from any to any via em0 CS> 01050 51045 5205047 divert 8668 ip from any to any in via fxp0 CS> 01100 00 check-state CS> 01100 69183 83429465 allow ip from me to any CS> 0120029 1484 skipto 5000 ip from 192.168.1.0/24 to any out via fxp0 setup keep-state CS> 01201 00 skipto 5000 udp from 192.168.1.0/24 to any out via fxp0 keep-state CS> 01202 45002 4690467 allow ip from any to any established CS> 01800 142172620 allow tcp from any to me dst-port 20,21,53,76,80,123,443 CS> 01900 3 194 allow ip from 216.251.112.0/24,208.95.100.4 to any CS> 02000 530 127559 allow udp from any 53 to any CS> 02100 83459414 allow udp from any to any dst-port 53 CS> 02150 1930 146680 allow udp from any 123 to me dst-port 123 CS> 02200 46839312 allow icmp from any to any icmptypes 0,3,11 CS> 04000 75224282 deny log logamount 1 ip from any to any CS> 05000 00 divert 8668 ip from any to any out via fxp0 CS> 0500129 1484 allow ip from any to any CS> 65535 00 deny ip from any to any CS> --- CS> natd.conf CS> --- CS> use_sockets CS> same_ports CS> unregistered_only CS> interface fxp0 CS> redirect_port tcp 192.168.1.82:82 82 CS> redirect_port tcp 192.168.1.41:8082 8082 CS> redirect_port tcp 192.168.1.3:3389 3389 CS> redirect_port udp 192.168.1.3:3389 3389 CS> redirect_port tcp 192.168.1.6:6881-6889 6881-6889 CS> --- CS> As I previously stated, this exact same config worked great in CS> 7.x. I built a kernel in 8.x w/ IPFIREWALL & IPDIVERT, and CS> reviewed UPDATING. Have I missed something? CS> TIA, CS> Casey CS> ___ CS> freebsd-questions@freebsd.org mailing list CS> http://lists.freebsd.org/mailman/listinfo/freebsd-questions CS> To unsubscribe, send any mail to CS> "freebsd-questions-unsubscr...@freebsd.org" -- С уважением, Коньков mailto:kes-...@yandex.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: http://localhost/phpmyadmin
On Tue, May 18, 2010 at 5:53 PM, TERRY ELLENDER wrote: > How to I free Port > 80 on my computer. I am trying to use XAMPP. It all loads OK and I get the > start screen but when I press start a message appears syaing Busy and Program > NOT responding appears above the XAMPP Box. When I do a port check it shaows > that Port 80 is in use by the'system' Can you help? Please. Just run "sockstat -46l" and check for port 80. This should show the process sitting there, listening. Just kill that process, and the port should be free again (maybe after 2 minutes, or immediately -- depending on a special socket option). > Regards > Terry -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: 7.2 to 8.0 upgrade issues
># portupgrade -af --batch --yes >after 17 hours (mostly during the night..), it finished with >---> ** Upgrade tasks 425: 199 done, 1 ignored, 3 skipped and 1 failed >(no error messages here..) >Unfortunately, I didn't log the screen output to a file .. >- how can I find out what port failed and which where skipped and ignored? Just run it again, and it'll retry the ones that didn't complete >- is it normal this didn't recompile all 425 ports? >- to rebuild the failed port: is # portupgrade -fr OK? I'm not sure it's OK, but it's unfortunately pretty typical. R's, John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: http://localhost/phpmyadmin
On 18 May 2010 16:53, TERRY ELLENDER wrote: > How to I free Port > 80 on my computer. I am trying to use XAMPP. It all loads OK and I get the > start screen but when I press start a message appears syaing Busy and Program > NOT responding appears above the XAMPP Box. When I do a port check it shaows > that Port 80 is in use by the'system' Can you help? Please. > Regards > Terry How *exactly* do you check what ports are in use? I mean copy/paste the terminal session. Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
http://localhost/phpmyadmin
How to I free Port 80 on my computer. I am trying to use XAMPP. It all loads OK and I get the start screen but when I press start a message appears syaing Busy and Program NOT responding appears above the XAMPP Box. When I do a port check it shaows that Port 80 is in use by the'system' Can you help? Please. Regards Terry ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Where has my gbde write performance gone?
For whatever it is worth, if I use geli rather than gbde I get normal (~30MB/s) performance. I also get the same slow gbde performance on 8.1-PRERELEASE as of last night. I've make a kernel swaping in files from 7.2 source to see if I got any improvement. I pulled in: geom_dev.c (with some hacks to get it compile) geom_slice.c geom_io.c None of those improved performance. If anyone has any suggestions for things to try, let me know. I am fine with switching to geli for some applications but I have about 12TB under gbde. That would be somewhat of a bear to copy over into geli. On Mon, May 17, 2010 at 7:32 PM, Joseph Gleason wrote: > Sometime between FreeBSD 7.2-RELEASE-p4 and 8.0-RELEASE write > performance of gbde encrypted devices seems to have dropped > significantly. A system I have running 7.2 seems to run gbde drives > at or near the drive max rate (30-40MB/s) while I am seeing less than > 10% of that on 8.0 systems. > > I get the same slow writes on 8.0-RELEASE-p2 as well as 8.0-RELEASE. > > Here is an example on a fresh 8.0 install which shows gbde taking the > drive write performance of 40 MB/s down to 2.6 MB/s: > > lab# uname -a > FreeBSD lab.int.fireduck.com 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat > Nov 21 15:02:08 UTC 2009 > r...@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 > > lab# dd if=/dev/urandom of=/dev/ad4s1d bs=32k count=32k > 32768+0 records in > 32768+0 records out > 1073741824 bytes transferred in 25.130537 secs (42726577 bytes/sec) > > lab# gbde init /dev/ad4s1d > Enter new passphrase: > Reenter new passphrase: > > lab# gbde attach /dev/ad4s1d > Enter passphrase: > > lab# dd if=/dev/urandom of=/dev/ad4s1d.bde bs=32k count=32k > 32768+0 records in > 32768+0 records out > 1073741824 bytes transferred in 401.097004 secs (2677013 bytes/sec) > > iostat from while that last 'dd' was running: > > tty ad4 cpu > tin tout KB/t tps MB/s us ni sy in id > 0 22 5.67 483 2.67 0 0 4 1 96 > 0 66 5.67 509 2.82 0 0 4 1 95 > 0 22 5.69 514 2.86 0 0 6 1 94 > 0 22 5.67 506 2.80 0 0 6 1 93 > 0 22 5.67 472 2.61 0 0 4 1 95 > > > iostat on a FreeBSD 7.2-RELEASE-p4 box doing a similar operation: > > tin tout KB/t tps MB/s us ni sy in id > 0 22 29.54 1208 34.86 3 0 56 2 39 > 0 22 29.56 1177 33.97 3 0 57 1 39 > 0 22 29.54 1201 34.64 3 0 58 2 37 > 0 22 29.57 1144 33.04 2 0 51 3 44 > 0 22 29.56 1126 32.52 3 0 54 2 42 > 0 22 29.53 1179 34.01 3 0 53 2 42 > 0 22 29.57 1165 33.65 2 0 58 2 38 > > One thing I notice is the larger block size the 7.2 writes but I don't > imagine that would be that significant. > > I've been using FreeBSD in various amateurish and wrong ways since > 2.2, so I wouldn't rule out me doing something stupid. If so, I'd > love to know what. > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
natd in 8.1
I recently rebuilt a server from 7.x to 8.x. Using the exact same firewall & natd config, natd appears not to be aliasing the private address when the traffic leaves the external interface. When sniffing traffic w/ tcpdump, I see the private address as the source address on the outbound request. e.g. 192.168.1.1 = internal source of request 74.75.76.77 = public address (website) 12.13.14.15 = InternalExternal 192.168.1.10 -> 74.75.76.77(NAT) 192.168.1.10 -> 74.75.76.77 Rather than it should be: InternalExternal 192.168.1.10 -> 74.75.76.77(NAT) 12.13.14.15 -> 74.75.76.77 Watching natd with ktrace shows that no traffic gets passed to natd when the source is internal, however external traffic passes through it. Firewall config: --- 00200 11946 3204818 allow ip from any to any via lo0 00300 00 deny ip from any to 127.0.0.0/8 0030110 528 deny ip from any to 74.94.69.225 dst-port 445 00302 1 78 deny ip from any to 74.94.69.225 dst-port 137 00303 9 544 deny ip from any to 74.94.69.225 dst-port 135 00304 00 deny ip from 224.0.0.0/4 to any via fxp0 00305 67118788 deny ip from any to 224.0.0.0/4 via fxp0 01000 9093 1158436 allow ip from any to any via em0 01050 51045 5205047 divert 8668 ip from any to any in via fxp0 01100 00 check-state 01100 69183 83429465 allow ip from me to any 0120029 1484 skipto 5000 ip from 192.168.1.0/24 to any out via fxp0 setup keep-state 01201 00 skipto 5000 udp from 192.168.1.0/24 to any out via fxp0 keep-state 01202 45002 4690467 allow ip from any to any established 01800 142172620 allow tcp from any to me dst-port 20,21,53,76,80,123,443 01900 3 194 allow ip from 216.251.112.0/24,208.95.100.4 to any 02000 530 127559 allow udp from any 53 to any 02100 83459414 allow udp from any to any dst-port 53 02150 1930 146680 allow udp from any 123 to me dst-port 123 02200 46839312 allow icmp from any to any icmptypes 0,3,11 04000 75224282 deny log logamount 1 ip from any to any 05000 00 divert 8668 ip from any to any out via fxp0 0500129 1484 allow ip from any to any 65535 00 deny ip from any to any --- natd.conf --- use_sockets same_ports unregistered_only interface fxp0 redirect_port tcp 192.168.1.82:82 82 redirect_port tcp 192.168.1.41:8082 8082 redirect_port tcp 192.168.1.3:3389 3389 redirect_port udp 192.168.1.3:3389 3389 redirect_port tcp 192.168.1.6:6881-6889 6881-6889 --- As I previously stated, this exact same config worked great in 7.x. I built a kernel in 8.x w/ IPFIREWALL & IPDIVERT, and reviewed UPDATING. Have I missed something? TIA, Casey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Interpretting 3Ware error messages
Matthew Seaman wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 18/05/2010 15:43:25, Doug Poland wrote: >> Hello, >> >> I have a 7.2-R i386 system running a 3ware 9500S-4LP SATA 150 >> controller with 4 SATA drives. I recently starting seeing the >> following in my logs >> >> smartd[906]: Device: /dev/twa0 [3ware_disk_00], 1 Currently unreadable >> (pending) sectors >> smartd[906]: Device: /dev/twa0 [3ware_disk_00], 1 Offline ^^^ >> uncorrectable sectors ^ I think this error usually indicates that there are sectors that are pending remap, but will not get remapped or marked out until the next write occurs to them. On blank space these can easily be gotten rid of with a write from dd, however you don't want to be messing with this around active data. >> Using the twi_cli program, I can examine the disk subsystem, but I do >> not see any issues with an underlying drive. >> >> Unit UnitType Status %RCmpl %V/I/M Port Stripe Size(GB) >> >> u0 RAID-10 OK - - - 64K 298.002 >> u0-0 RAID-1OK - - - - - >> u0-0-0 DISK OK - - p2- 149.001 >> u0-0-1 DISK OK - - p3- 149.001 >> u0-1 RAID-1OK - - - - - >> u0-1-0 DISK OK - - p0- 149.001 >> u0-1-1 DISK OK - - p1- 149.001 >> >> >> I suspect a disk problem, but cannot identify the individual disk or >> the nature of the problem. Can anyone shed some light on this? >> > Look at the SMART data for the disk(s) -- my guess is that you're seeing > sectors failing and being re-mapped by the drive firmware. If this is > happening to any significant extent the disk may well be reaching the > end of its usable life: happily you would seem to have been alerted to > that in time to do something about it without needing to run around in a > blind panic. If the remap area is not yet filled these should still get remapped at next write. If it is full replace the drive. > There's a background task you can set up on 3ware controllers that will > attempt to access all sectors of a disk specifically to bring to light > problems like this, which otherwise could go unnoticed for a long time > and lead to silent data corruption. Many controllers refer to this as 'disk scrub' or 'disk verify'. If the remap zone still has space available a scrub should juggle sectors around and clear this counter. Periodic scrubbing can find and fix the 'silent data corruption', which is data sectors which have failed between the time of the last write and the next read. When this pattern is spread out across multiple drives you won't know it until you have a drive go bad, pull it and replace, then find the array will not rebuild. I scrub my arrays every Friday night. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
re: building apr1 fails
DA Forsyth wrote: [snip] >> I just updated Apache to 2.2.15_5 yesterday and it builds fine when >> the above mentioned option is turned off. It was actually the day before yesterday, when it was still 2.2.15_5. > Yes indeed, I upgraded the main server yesterday and it built fine > except for having to turn 'mod_ssl' off as it kept dying in the ssl > code. I don't need ssl anyway. > > However, today an update (cvsup) shows that that option has been > removed entirely, I have just searched the Makefile to confirm it, > also mentioned in UPDATING. I see what you mean. I just csup'd and it is now apache-2.2.15_7, with the changes you described. So I just #'d out the WITHOUT_APR_FROM_PORTS=true line in my /var/db/ports/apache22/options file. Tried a simple portupgrade -a which usually does the trick for upgrading Apache painlessly, but it completely bombed with errors. > So now apache HAS to use devel/apr1 but apr1 will not compile with no > real clue as to why not. So I changed to /usr/ports/devel/apr1, built and installed this port manually to see if it would error out. It built and installed OK, pulling in some dependencies during the process. So I then tried to manually upgrade apache-2.2.15_5 with the make deinstall && make reinstall dance and it barfed because when apache compiles it builds the apr1 ports *again*. OK - so I pkg_deinstalled the apr1 install and did make clean for the apache build and started over. This time it built OK, and make deinstall && make reinstall succeeded. So now I somehow actually have upgraded to apache-2.2.15_7. > I have just finished upgrading perl to 5.10.1, with a forced > recompile of everything that depends on it, and of course > apache22/apr still fails. > Differences between us are that I am still using perl 5.8.9, and possibly I have an WITHOUT_X11= yes entry in my make.conf that you may not. You might try and see if the apr1 port will build and install by itself. I'm also wondering if my installing it, then removing it somehow left behind a file that the apache build process was expecting to be present. I recall somewhere in the process something complained that apr-1-config could not be found. The apr1 port does need to be removed because apache build will rebuild it a second time and bomb trying to install it if the port is already installed. As to exactly *why* I eventually succeeded I'm not entirely clear. :-) -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Problems with py-numpy
I recently tried to update to py26-gtk and found that the port crashed when it tried to install py-numpy in the math ports. Py-numpy seems to throw an error when it's trying to compile a "_sort.so" shared object. Has anyone else seen this problem? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Interpretting 3Ware error messages
On Tue, May 18, 2010 09:55, Matthew Seaman wrote: > > On 18/05/2010 15:43:25, Doug Poland wrote: >> Hello, >> >> I have a 7.2-R i386 system running a 3ware 9500S-4LP SATA 150 >> controller with 4 SATA drives. I recently starting seeing the >> following in my logs >> >> >> I suspect a disk problem, but cannot identify the individual disk >> or the nature of the problem. Can anyone shed some light on this? >> >> > > Look at the SMART data for the disk(s) -- my guess is that you're > seeing sectors failing and being re-mapped by the drive firmware. If > this is happening to any significant extent the disk may well be > reaching the end of its usable life: happily you would seem to have > been alerted to that in time to do something about it without needing > to run around in a blind panic. > > There's a background task you can set up on 3ware controllers that > will attempt to access all sectors of a disk specifically to bring to > light problems like this, which otherwise could go unnoticed for a > long time and lead to silent data corruption. > Will do, thanks for the info. -- Regards, Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache web server being attacked
--On Tuesday, May 18, 2010 18:00:16 +0800 Aiza wrote: Has anyone seen this junk hitting their apache web servers or have any different explanation of what this means? Any webserver on the internet will see that crap. Generally it's preceded by a syn scan to identify hosts listening on port 80, then everything but the kitchen sink shows up. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Find a file with an unknown name
On Mon, May 17, 2010 at 10:15:43PM -0400, Steve Bertrand wrote: > > I want to find a file that was recently created. > > The content within the file is known, so I can grep for that. The > directory structure that contains the file is also known. The filename > is not known. > > What command string do I use to search a directory structure for a file, > when my search pattern only matches content and not filename? > > Steve To find files that I've recently created, I use the -Btime flag of find. E.g: find . -type f -Btime 1 find files created in the last 24 hours. Regards, -- Frank Contact info: http://www.shute.org.uk/misc/contact.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Interpretting 3Ware error messages
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 18/05/2010 15:43:25, Doug Poland wrote: > Hello, > > I have a 7.2-R i386 system running a 3ware 9500S-4LP SATA 150 > controller with 4 SATA drives. I recently starting seeing the > following in my logs > > smartd[906]: Device: /dev/twa0 [3ware_disk_00], 1 Currently unreadable > (pending) sectors > smartd[906]: Device: /dev/twa0 [3ware_disk_00], 1 Offline > uncorrectable sectors > > Using the twi_cli program, I can examine the disk subsystem, but I do > not see any issues with an underlying drive. > > Unit UnitType Status %RCmpl %V/I/M Port Stripe Size(GB) > > u0 RAID-10 OK - - - 64K 298.002 > u0-0 RAID-1OK - - - - - > u0-0-0 DISK OK - - p2- 149.001 > u0-0-1 DISK OK - - p3- 149.001 > u0-1 RAID-1OK - - - - - > u0-1-0 DISK OK - - p0- 149.001 > u0-1-1 DISK OK - - p1- 149.001 > > > I suspect a disk problem, but cannot identify the individual disk or > the nature of the problem. Can anyone shed some light on this? > > Look at the SMART data for the disk(s) -- my guess is that you're seeing sectors failing and being re-mapped by the drive firmware. If this is happening to any significant extent the disk may well be reaching the end of its usable life: happily you would seem to have been alerted to that in time to do something about it without needing to run around in a blind panic. There's a background task you can set up on 3ware controllers that will attempt to access all sectors of a disk specifically to bring to light problems like this, which otherwise could go unnoticed for a long time and lead to silent data corruption. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvyqn8ACgkQ8Mjk52CukIyDJgCeI/olC6Qh4wA7nBfrUvfYy1fN a1gAn2f8oXQ4YaJc4WcXt6EmEYIoM+ia =qLER -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Interpretting 3Ware error messages
Hello, I have a 7.2-R i386 system running a 3ware 9500S-4LP SATA 150 controller with 4 SATA drives. I recently starting seeing the following in my logs smartd[906]: Device: /dev/twa0 [3ware_disk_00], 1 Currently unreadable (pending) sectors smartd[906]: Device: /dev/twa0 [3ware_disk_00], 1 Offline uncorrectable sectors Using the twi_cli program, I can examine the disk subsystem, but I do not see any issues with an underlying drive. Unit UnitType Status %RCmpl %V/I/M Port Stripe Size(GB) u0 RAID-10 OK - - - 64K 298.002 u0-0 RAID-1OK - - - - - u0-0-0 DISK OK - - p2- 149.001 u0-0-1 DISK OK - - p3- 149.001 u0-1 RAID-1OK - - - - - u0-1-0 DISK OK - - p0- 149.001 u0-1-1 DISK OK - - p1- 149.001 I suspect a disk problem, but cannot identify the individual disk or the nature of the problem. Can anyone shed some light on this? -- Regards, Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
tar with --include Gets Much More.
The FreeBSD man page for tar shows --include pattern (-W include=pattern) Process only files or directories that match the specified pat- tern. Note that exclusions specified with --exclude take prece- dence over inclusions. If no inclusions are explicitly speci- fied, all entries are processed by default. This sounded useful in what one might do when rebuilding a name server, for example. One could tar only that part of /var containing the /var/named directory so I tried: tar cvf tst.tar /var --include named and tar cvf tst.tar /var --include='* named*' tar: Removing leading '/' from member names a var a var/account a var/at a var/audit a var/backups a var/crash a var/cron a var/db a var/empty a var/heimdal a var/log I was expecting only /var/named/[all those files] The goal is to tar only /var/named, /var/log, /var/cron and /var/at such that one could take the resulting tar file and unpack it over the new /var. I was under the impression from the man page that --include's caught only what was named in the pattern and --exclude's passed everything but the pattern. I think the --exclude directive has worked before but --include is either not doing anything or works completely differently that what I was expecting. Any ideas are appreciated. Martin McCormick WB5AGZ Stillwater, OK Systems Engineer OSU Information Technology Department Telecommunications Services Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
re: building apr1 fails
Michael Powell nightrecon at hotmail.com Tue May 18 09:41:50 UTC 2010 Hi Mike >Yes - the presence of 2.0 conflicts with 2.2 so it is necessary to >remove first. >> However, apr will not build, giving >> >... >> >> Stop in /usr/ports/devel/apr1. >> == >> >> I've tried a bunch of stuff, including rebuilding libtool22, >> upgrading to python26 and a few other things I cannot recall now. >> >I have seen before reports concerning problems with building Apache >utilizing the devel/apr port (the recommended default). Since the >variables controlling the Apache version have changed over time you >should look at your make.conf and ensure there is no left over cruft >of the WITH_APACHE=xx or USE_APACHE=xx variety. In the beginning of >the move towards 2.0 and the subsequent introduction of 2.2 it was >necessary to set these, but that is no longer true. I don't have anything like that set > When you do 'make config' for the Apache build, deselect the > 'APR_FROM_PORTS "Use devel/apr (recommended)"' option. It is "ON" by > default and is the recommended selection. It has some kind of > problem and this error has been reported on these lists before. > I just updated Apache to 2.2.15_5 yesterday and it builds fine when > the above mentioned option is turned off. Yes indeed, I upgraded the main server yesterday and it built fine except for having to turn 'mod_ssl' off as it kept dying in the ssl code. I don't need ssl anyway. However, today an update (cvsup) shows that that option has been removed entirely, I have just searched the Makefile to confirm it, also mentioned in UPDATING. So now apache HAS to use devel/apr1 but apr1 will not compile with no real clue as to why not. I have just finished upgrading perl to 5.10.1, with a forced recompile of everything that depends on it, and of course apache22/apr still fails. sigh. -- DA Fo rsythNetwork Supervisor Principal Technical Officer -- Institute for Water Research http://www.ru.ac.za/institutes/iwr/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
ipfilter rules question
I'm using ipfilter on -current. Here's a fragment of the outgoing rules: # ipfstat -on *skip* @14 pass out quick on bge0 proto udp from any to any port = 8649 keep state *skip* @18 pass out log first quick on bge0 all And I see these ipmon entries in /var/log/ipfilter.log: ipmon[765]: 00:01:04.242290 bge0 @0:18 p 137.222.187.221,10280 -> 239.2.11.71,8649 PR udp len 20 96 OUT multicast ipmon[765]: 00:01:09.702391 5x bge0 @0:18 p 137.222.187.221,10280 -> 239.2.11.71,8649 PR udp len 20 92 OUT multicast ipmon[765]: 00:01:24.062025 7x bge0 @0:18 p 137.222.187.221,10280 -> 239.2.11.71,8649 PR udp len 20 92 OUT multicast I don't understand why these packets are not sent via rule 14. Is rule 14 not matched? Or I'm missing someting else? many thanks anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 331 5944 Fax: +44 (0)117 929 4423 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Find a file with an unknown name
On Tue, May 18, 2010 at 5:37 AM, Eitan Adler wrote: >> I want to find a file that was recently created. > > find -newerct '1 hour ago' -print you can also find all files newer than file.txt. find -newer file.txt -print > >> The content within the file is known, so I can grep for that. The >> directory structure that contains the file is also known. The filename >> is not known. > > grep -R "content" > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
using automounter (automatically mounting USB drives)
How can I automatically mount USB drives when I plug them in? I found a program sysutils/automounter which appears to create a link /media/msdosfs/USB20FD but doesn't actually mount anything. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache web server being attacked
Aiza wrote:
> I put apache13 in a jail and left inbound port 80 open in my firewall.
> There is no domain name pointing to my web server. The content there is
> a small apache web application that fools web
> email address harvest programs into harvesting bogus email address from
> web page. http://www.monkeys.com/wpoison This is what I am doing.
>
> Since setting this up I have not had any bots scan the site for email
> address. But have had port 80 attacks that did not work. MY Apache
> access and error logs follow.
>
[snip log content]
> As you can see looks like a script kiddy is running something they dont
> understand. "/usr/local/www/data//phpmyadmin2/config.inc.php"
> there should only be a single / between data/phpmyadmin2.
>
> But beside that looks like php config.inc.php file is a target and
> phpmyadmin also is a target. The apache return code 404 means not found
> so no effect to me.
>
> Has anyone seen this junk hitting their apache web servers or have any
> different explanation of what this means?
Sorry to tell you this, but this kind of thing goes on all the time. You can
fine tune mod_security for some control for SQL injection techniques, as
well as many other generic forms of locking down the web server in general.
Generally speaking, the bulk of this does nothing more than filling the logs
- BUT - all it takes is for one app to let the attacker "leak" onto your
hard drive and they're in. I see a lot of scans for roundcube and
phpMyAdmin. Have also seen a lot of phpBB in the past.
The attackers spew lots of requests but the needle in the haystack they are
looking for is that one app that has a known vulnerability. In addition to
securing the web server itself you should monitor any app running on it for
reported security flaws and keep them updated to the latest "safe" versions.
You can also add to the hardening of your web server (if Apache) with
various .htaccess + mod_rewrite tricks. Examples include:
# block all smarty templates (no reason to have these exposed)
RedirectMatch gone ^/.*\.tpl$
# block all .log (log files), .sql (sql dump/export) and .conf (config
files) files in case some day these files move to another directory
RedirectMatch gone ^.*\.(sql|log|conf)$
# block access to the 'Smarty-*' directory
RedirectMatch gone ^.*Smarty.*$
# block common files present that you don't want served
RedirectMatch gone CHANGELOG.*
RedirectMatch gone COPYRIGHT.*
RedirectMatch gone INSTALL.*
RedirectMatch gone NEW.*
RedirectMatch gone README.*
RedirectMatch gone UPGRADE.*
RedirectMatch gone VERSION.*
# block access to directories
Redirect gone /upgrade
Redirect gone /tmp
Redirect gone /var
Redirect gone /sql
#Redirect pesky stuff based on referrer
Options -MultiViews -Indexes
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} ^Twiceler [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Morfeus [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Toata [NC]
RewriteRule .* - [F,L]
There is much and many more, just a couple of examples for ideas. :-)
-Mike
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache web server being attacked
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 18/05/2010 11:00:16, Aiza wrote: > I put apache13 in a jail and left inbound port 80 open in my firewall. > There is no domain name pointing to my web server. The content there is > a small apache web application that fools web > email address harvest programs into harvesting bogus email address from > web page. http://www.monkeys.com/wpoison This is what I am doing. > > Since setting this up I have not had any bots scan the site for email > address. But have had port 80 attacks that did not work. MY Apache > access and error logs follow. [lots of logfile traces elided] Yes. Unfortunately this sort of thing is the norm on the web nowadays. It's all automated: first they program their botnets to scan for a web server listening on port 80. Then they use them to attempt to compromise whatever they find -- in your case, most of what you're seeing is an attempt to gather information on what PHP capabilities your web server might have. What they are doing is trying in turn a lot of the popular locations for installing apps like phpmyadmin or phppgadmin. Yes, they are doing this in a particularly clueless fashion -- what exactly did you expect of the sort of people that think creating botnets is a good idea? They'll probably grow out of it when they hit puberty. In the mean time, as you don't have phpmyadmin or anything similar installed, this is just an annoyance for you -- it clutters up your log files but does nothing else. If you did want to install phpmyadmin on that server, you should take care to 1) Keep it up to date -- there haven't been any PMA security advisories for some months, but at one point they were coming out about one a week. PMA does have some very active developers though, and new versions appear every month or two. 2) Be sure to use access controls in your apache config to limit where PMA can be accessed from. Ideally, run it over HTTPS as well -- by its nature, you will tend to send DB passwords etc. to this application, and you want to avoid having them snooped. 3) If you use the on-line phpmyadmin configurator, be sure to clean up after yourself once you've generated a config file. To use the on-line configurator you have to create a directory /usr/local/www/phpMyAdmin/config which you make read/write by the user the webserver runs as. Once you've created the config.inc.php in that directory, you need to move it up one level in the directory heirarchy, and then delete the config directory you created. (That's what your attacker is so desperate to find -- because the directory is read-write by the webserver process, they can use it to upload malware to your system.) Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEUEARECAAYFAkvybzsACgkQ8Mjk52CukIylCQCWJdEPLjihb2bSWUjUz5XcJ7eA eQCeLm59yL859kW9S9UkK7y1bjsZtTg= =tj/p -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Apache web server being attacked
I put apache13 in a jail and left inbound port 80 open in my firewall. There is no domain name pointing to my web server. The content there is a small apache web application that fools web email address harvest programs into harvesting bogus email address from web page. http://www.monkeys.com/wpoison This is what I am doing. Since setting this up I have not had any bots scan the site for email address. But have had port 80 attacks that did not work. MY Apache access and error logs follow. access log i97-173.shosting.systech.hu - - [06/May/2010:12:28:34 +0800] "GET //phpmyadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 239 "-" i97-173.shosting.systech.hu - - [06/May/2010:12:28:35 +0800] "GET //phpMyAdmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 239 "-" i97-173.shosting.systech.hu - - [06/May/2010:12:28:36 +0800] "GET //PMA/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 232 "-" i97-173.shosting.systech.hu - - [06/May/2010:12:28:36 +0800] "GET //pma/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 232 "-" 53.163.158.61.ha.cnc - - [10/May/2010:16:05:42 +0800] "GET http://www.baidu.com/ HTTP/1.1" 404 206 "-" 60.190.59.240 - - [11/May/2010:03:50:54 +0800] "GET http://www.sina.com.cn/ HTTP/1.1" 404 206 "-" 91.212.127.100 - - [13/May/2010:10:09:08 +0800] "GET http://allrequestsallowed.com/?PHPSESSID=5gh6ncjh00043SRQHP__FEG%5CUFT HTTP/1.1" 404 206 "-" scanner-4.hacktory.cs.columbia.edu - - [15/May/2010:14:10:28 +0800] "GET / HTTP/1.1" 404 206 "-" "-" 118.100.82.70 - - [15/May/2010:15:07:58 +0800] "|\xab\x1a\x06\xf5\xdd\x8a|\xfd\xde\xf9V\xf7\xf5\xaf\xe1\x8f\x0eF\xef\x18\xc8" 501 - "-" "-" 110.rmaxonline.com - - [16/May/2010:11:07:21 +0800] "GET //phpmyadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 239 "-" 110.rmaxonline.com - - [16/May/2010:11:07:21 +0800] "GET //phpMyAdmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 239 "-" 110.rmaxonline.com - - [16/May/2010:11:07:22 +0800] "GET //PMA/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 232 "-" 110.rmaxonline.com - - [16/May/2010:11:07:22 +0800] "GET //pma/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 232 "-" 110.rmaxonline.com - - [16/May/2010:11:07:23 +0800] "GET //phpmyadmin2/config.inc.php?p=phpinfo(); HTTP/1.1" 404 233 "-" 110.rmaxonline.com - - [16/May/2010:11:07:23 +0800] "GET //phpMyAdmin2/config.inc.php?p=phpinfo(); HTTP/1.1" 404 233 "-" 110.rmaxonline.com - - [16/May/2010:11:07:23 +0800] "GET //mysqladmin/config.inc.php?p=phpinfo(); HTTP/1.1" 404 232 "-" 110.rmaxonline.com - - [16/May/2010:11:07:24 +0800] "GET //myadmin/config.inc.php?p=phpinfo(); HTTP/1.1" 404 229 "-" 110.rmaxonline.com - - [16/May/2010:11:07:24 +0800] "GET //MyAdmin/config.inc.php?p=phpinfo(); HTTP/1.1" 404 229 "-" 110.rmaxonline.com - - [16/May/2010:11:07:25 +0800] "GET //myAdmin/config.inc.php?p=phpinfo(); HTTP/1.1" 404 229 "-" 110.rmaxonline.com - - [16/May/2010:11:07:25 +0800] "GET //phpAdmin/config.inc.php?p=phpinfo(); HTTP/1.1" 404 230 "-" 110.rmaxonline.com - - [16/May/2010:11:07:26 +0800] "GET //mysql/config.inc.php?p=phpinfo(); HTTP/1.1" 404 227 "-" 110.rmaxonline.com - - [16/May/2010:11:07:26 +0800] "GET //phpAdmin/config.inc.php?p=phpinfo(); HTTP/1.1" 404 230 "-" net151.255.92-61.perm.ertelecom.ru - - [16/May/2010:13:43:05 +0800] "GET http://icqnums.freehostia.com/azenv.php HTTP/1.1" 404 215 "-" " 211.100.28.240 - - [17/May/2010:08:38:45 +0800] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 335 "-" "-" sd-17275.dedibox.fr - - [17/May/2010:11:27:02 +0800] "GET /roundcubemail/README HTTP/1.1" 404 226 "-" "Morfeus strikes again." sd-17275.dedibox.fr - - [17/May/2010:11:27:03 +0800] "GET /rc/README HTTP/1.1" 404 215 "-" "Morfeus strikes again." sd-17275.dedibox.fr - - [17/May/2010:11:27:04 +0800] "GET /webmail/README HTTP/1.1" 404 220 "-" "Morfeus strikes again." sd-17275.dedibox.fr - - [17/May/2010:11:27:05 +0800] "GET /roundcube/README HTTP/1.1" 404 222 "-" "Morfeus strikes again." sd-17275.dedibox.fr - - [17/May/2010:11:27:05 +0800] "GET /mail/README HTTP/1.1" 404 217 "-" "Morfeus strikes again." sd-17275.dedibox.fr - - [17/May/2010:11:27:06 +0800] "GET /README HTTP/1.1" 404 212 "-" "Morfeus strikes again." net151.255.92-61.perm.ertelecom.ru - - [17/May/2010:17:52:03 +0800] "GET http://icqnums.freehostia.com/azenv.php HTTP/1.1" 404 215 "-" ec2-79-125-7-31.eu-west-1.compute.amazonaws.com - - [18/May/2010:06:35:22 +0800] "GET //phpmyadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 239 "-" ec2-79-125-7-31.eu-west-1.compute.amazonaws.com - - [18/May/2010:06:35:23 +0800] "GET //pma/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 232 "-" ec2-79-125-7-31.eu-west-1.compute.amazonaws.com - - [18/May/2010:06:35:23 +0800] "GET //admin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 234 "-" ec2-79-125-7-31.eu-west-1.compute.amazonaws.com - - [18/May/2010:06:35:24 +0800] "GET //dbadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 236 "-" ec2-79-125-7-31.eu-west-1.compute.a
Re: building apr1 fails
DA Forsyth wrote: > Hiya all > > Going round in circles here tryign to update apache 2.0 to 2.2 > I have read UPDATING and it says to uninstall apache before updating > apr. Yes - the presence of 2.0 conflicts with 2.2 so it is necessary to remove first. > However, apr will not build, giving > > ===> Building for apr-ipv6-devrandom-gdbm-db42-1.4.2.1.3.9_1 > cd /usr/ports/devel/apr1/work/apr-1.4.2; /usr/bin/env SHELL=/bin/sh > NO_LINT=YES ACLOCAL=/usr/local/bin/aclocal-1.9 > AUTOMAKE=/usr/local/bin/automake-1.9 AUTOMAKE_VERSION=19 > AUTOCONF=/usr/local/bin/autoconf-2.62 > AUTOHEADER=/usr/local/bin/autoheader-2.62 [snip] > /usr/ports/devel/apr1/work/apr-1.4.2/libtool: Xpasswd/apr_getpass.lo: > not found > libtool: compile: cannot determine name of library object from `': > not found > *** Error code 1 > > Stop in /usr/ports/devel/apr1/work/apr-1.4.2. > *** Error code 1 > > Stop in /usr/ports/devel/apr1/work/apr-1.4.2. > *** Error code 1 > > Stop in /usr/ports/devel/apr1. > *** Error code 1 > > Stop in /usr/ports/devel/apr1. > == > > I've tried a bunch of stuff, including rebuilding libtool22, > upgrading to python26 and a few other things I cannot recall now. > I have seen before reports concerning problems with building Apache utilizing the devel/apr port (the recommended default). Since the variables controlling the Apache version have changed over time you should look at your make.conf and ensure there is no left over cruft of the WITH_APACHE=xx or USE_APACHE=xx variety. In the beginning of the move towards 2.0 and the subsequent introduction of 2.2 it was necessary to set these, but that is no longer true. When you do 'make config' for the Apache build, deselect the 'APR_FROM_PORTS "Use devel/apr (recommended)"' option. It is "ON" by default and is the recommended selection. It has some kind of problem and this error has been reported on these lists before. I just updated Apache to 2.2.15_5 yesterday and it builds fine when the above mentioned option is turned off. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Find a file with an unknown name
> I want to find a file that was recently created. find -newerct '1 hour ago' -print > The content within the file is known, so I can grep for that. The > directory structure that contains the file is also known. The filename > is not known. grep -R "content" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
building apr1 fails
Hiya all Going round in circles here tryign to update apache 2.0 to 2.2 I have read UPDATING and it says to uninstall apache before updating apr. However, apr will not build, giving ===> Building for apr-ipv6-devrandom-gdbm-db42-1.4.2.1.3.9_1 cd /usr/ports/devel/apr1/work/apr-1.4.2; /usr/bin/env SHELL=/bin/sh NO_LINT=YES ACLOCAL=/usr/local/bin/aclocal-1.9 AUTOMAKE=/usr/local/bin/automake-1.9 AUTOMAKE_VERSION=19 AUTOCONF=/usr/local/bin/autoconf-2.62 AUTOHEADER=/usr/local/bin/autoheader-2.62 AUTOIFNAMES=/usr/local/bin/ifnames-2.62 AUTOM4TE=/usr/local/bin/autom4te-2.62 AUTORECONF=/usr/local/bin/autoreconf-2.62 AUTOSCAN=/usr/local/bin/autoscan-2.62 AUTOUPDATE=/usr/local/bin/autoupdate-2.62 AUTOCONF_VERSION=262 LIBTOOL=/usr/local/bin/libtool LIBTOOLIZE=/usr/local/bin/libtoolize LIBTOOL_M4=/usr/local/share/aclocal/libtool.m4 PREFIX=/usr/local LOCALBASE=/usr/local X11BASE=/usr/local MOTIFLIB="-L/usr/local/lib - lXm -lXp" LIBDIR="/usr/lib" CC="cc" CFLAGS="-O -pipe" CXX="c++" CXXFLAGS="-O -pipe" MANPREFIX="/usr/local" BSD_INSTALL_PROGRAM="install -s -o root -g wheel -m 555" BSD_INSTALL_SCRIPT="install -o root -g wheel -m 555" BSD_INSTALL_DATA="install -o root -g wheel -m 444" BSD_INSTALL_MAN="install -o root -g wheel -m 444" make /bin/sh /usr/ports/devel/apr1/work/apr-1.4.2/libtool --silent -- mode=compile cc -g -O2 -DHAVE_CONFIG_H-I./include - I/usr/ports/devel/apr1/work/apr-1.4.2/include/arch/unix - I./include/arch/unix -I/usr/ports/devel/apr1/work/apr- 1.4.2/include/arch/unix -I/usr/ports/devel/apr1/work/apr- 1.4.2/include -o passwd/apr_getpass.lo -c passwd/apr_getpass.c && touch passwd/apr_getpass.lo X--mode=compile: not found *** Warning: inferring the mode of operation is deprecated.: not found *** Future versions of Libtool will require --mode=MODE be specified.: not found Xcc: not found X-g: not found X-O2: not found X-DHAVE_CONFIG_H: not found /usr/ports/devel/apr1/work/apr-1.4.2/libtool: X-I./include: not found /usr/ports/devel/apr1/work/apr-1.4.2/libtool: X- I/usr/ports/devel/apr1/work/apr-1.4.2/include/arch/unix: not found /usr/ports/devel/apr1/work/apr-1.4.2/libtool: X-I./include/arch/unix: not found /usr/ports/devel/apr1/work/apr-1.4.2/libtool: X- I/usr/ports/devel/apr1/work/apr-1.4.2/include/arch/unix: not found /usr/ports/devel/apr1/work/apr-1.4.2/libtool: X- I/usr/ports/devel/apr1/work/apr-1.4.2/include: not found X-c: not found /usr/ports/devel/apr1/work/apr-1.4.2/libtool: Xpasswd/apr_getpass.lo: not found libtool: compile: cannot determine name of library object from `': not found *** Error code 1 Stop in /usr/ports/devel/apr1/work/apr-1.4.2. *** Error code 1 Stop in /usr/ports/devel/apr1/work/apr-1.4.2. *** Error code 1 Stop in /usr/ports/devel/apr1. *** Error code 1 Stop in /usr/ports/devel/apr1. == I've tried a bunch of stuff, including rebuilding libtool22, upgrading to python26 and a few other things I cannot recall now. Please help. -- DA Fo rsythNetwork Supervisor Principal Technical Officer -- Institute for Water Research http://www.ru.ac.za/institutes/iwr/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
7.2 to 8.0 upgrade issues
Upgrading a freebsd7.2 (i386) system to 8.0 After # freebsd-update -r 8.0-RELEASE upgrade # freebsd-update install reboot # freebsd-update install I did # portupgrade -af --batch --yes after 17 hours (mostly during the night..), it finished with ---> ** Upgrade tasks 425: 199 done, 1 ignored, 3 skipped and 1 failed (no error messages here..) Unfortunately, I didn't log the screen output to a file .. - how can I find out what port failed and which where skipped and ignored? - is it normal this didn't recompile all 425 ports? - to rebuild the failed port: is # portupgrade -fr OK? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
