Re: [users@httpd] site compromised and httpd log analysis

Your log doesn't start early enough. Someone uploaded a web shell (or found an existing web shell) to your server, possibly using an upload for that doesn't validate the input, then used that shell to run commands on your server. I would consider your entire server to be compromised at this point

[users@httpd] site compromised and httpd log analysis

https://pastebin.com/YspPiWif One of the websites hosted by a customer on our Cloud infrastructure was compromised, and the attackers were able to replace the home page with their banner html page. The log files output I have pasted above. The site compromised was PHP 7 with MySQL. >From the

Re: [users@httpd] NameVirtualHost fails

I've tried several variations but basically the error message is that the certificate and the key for example2.com don't match. I thought I had set up the certificate with the proper keys so something must be screwed up with the certificate. I'm working on that. Jack >

[users@httpd] Apache 2.4 and php

I'm going nowhere for what must be a small glitch. Ubuntu server 20.04LTS, Apache/2.4.41 (Ubuntu) using mpm_prefork behind Nginx proxy server. We use php 7.4 for many thousands of static pages that use e.g. include 'inc/tophead.html';?> giving us " lang="en"> , css, js, etc" sent to