You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Joel CARNAT <jo...@carnat.net> on 2005/11/22 17:49:31 UTC
[users@httpd] Apache stops/freezes before "Digest: done"
Hi,
I had an Apache 2.0.54 running on gentoo/i386.
I did an minor update (-r9 to -r31 which I suspect to be gentoo
internals).
Since then, Apache won't start anymore...
I tried updating a few things (like mod_php, ...), cleanly remove
packages and remaning directories and reinstalling the package but
Apache still don't start (anymore).
The error_log says (using -X -e debug) :
[notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2)
[warn] RSA server certificate CommonName (CN) `vc-sup.altran.net' does NOT match server name!?
[debug] mod_so.c(248): loaded module access_module
[debug] mod_so.c(248): loaded module auth_module
[debug] mod_so.c(248): loaded module auth_anon_module
[debug] mod_so.c(248): loaded module auth_dbm_module
[debug] mod_so.c(248): loaded module auth_digest_module
[debug] mod_so.c(248): loaded module charset_lite_module
[debug] mod_so.c(248): loaded module env_module
[debug] mod_so.c(248): loaded module expires_module
[debug] mod_so.c(248): loaded module headers_module
[debug] mod_so.c(248): loaded module mime_module
[debug] mod_so.c(248): loaded module negotiation_module
[debug] mod_so.c(248): loaded module setenvif_module
[debug] mod_so.c(248): loaded module log_config_module
[debug] mod_so.c(248): loaded module logio_module
[debug] mod_so.c(248): loaded module cgi_module
[debug] mod_so.c(248): loaded module cgid_module
[debug] mod_so.c(248): loaded module suexec_module
[debug] mod_so.c(248): loaded module alias_module
[debug] mod_so.c(248): loaded module rewrite_module
[debug] mod_so.c(248): loaded module actions_module
[debug] mod_so.c(248): loaded module autoindex_module
[debug] mod_so.c(248): loaded module dir_module
[debug] mod_so.c(248): loaded module ext_filter_module
[debug] mod_so.c(248): loaded module deflate_module
[debug] mod_so.c(248): loaded module include_module
[debug] mod_so.c(248): loaded module ssl_module
[debug] mod_so.c(248): loaded module ldap_module
[debug] mod_so.c(248): loaded module auth_ldap_module
[debug] mod_so.c(248): loaded module php4_module
[warn] NameVirtualHost *:80 has no VirtualHosts
[notice] Digest: generating secret for digest authentication ...
here I should get "Digest: done" but I never.
anyone thinks of somewhere I must look...
I already did a lot of checkings but I must be forgetting something =)
TIA,
Jo
--
,- This mail runs ------.
`--------- NetBSD/smtp -'
Re: Re: [users@httpd] Apache stops/freezes before "Digest: done"
Posted by Joel CARNAT <jo...@carnat.net>.
On Tue, Nov 22 2005 - 14:31, Joshua Slive wrote:
> On 11/22/05, Joel CARNAT <jo...@carnat.net> wrote:
> > Hi,
> >
> > I had an Apache 2.0.54 running on gentoo/i386.
> > I did an minor update (-r9 to -r31 which I suspect to be gentoo
> > internals).
> >
> > Since then, Apache won't start anymore...
> > I tried updating a few things (like mod_php, ...), cleanly remove
> > packages and remaning directories and reinstalling the package but
> > Apache still don't start (anymore).
> >
> > The error_log says (using -X -e debug) :
>
> > [notice] Digest: generating secret for digest authentication ...
> >
> > here I should get "Digest: done" but I never.
> > anyone thinks of somewhere I must look...
> > I already did a lot of checkings but I must be forgetting something =)
>
> mod_auth_digest is asking your system for some random bytes to use for
> digest auth. Your system is not providing them.
>
> If you don't need digest auth, the simple solution is to simply remove
> mod_auth_digest. Otherwise, you'll need to figure out what source of
well... accoring to strace, it stops when trying to read from
/dev/random.
open("/usr/lib/apache2/logs/access_log", O_WRONLY|O_APPEND|O_CREAT|O_LARGEFILE, 0666) = 8
open("/var/log/http.fifo", O_WRONLY|O_APPEND|O_CREAT|O_LARGEFILE, 0666) = 9
gettimeofday({1132737091, 140646}, NULL) = 0
write(7, "[Wed Nov 23 10:11:31 2005] [noti"..., 92) = 92
open("/dev/random", O_RDONLY) = 10
read(10,
looks like my /dev/random don't give me anything, as "dd if=/dev/random
of=random.txt count=5" freezes too.
gotta sort this out.
thanks.
> random numbers apr is using, and why it is failing. This should be
> automatic in the compile, so it is likely that gentoo messed something
> up. But I'm not an expert in this stuff.
>
> Joshua.
--
,- This mail runs ------.
`--------- NetBSD/smtp -'
Re: [users@httpd] Possible attack?
Posted by Joshua Slive <js...@gmail.com>.
On 11/26/05, Gene <li...@bomgardner.net> wrote:
> Sorry about that. This is an area that I'm still learning about (one of
> many). Learning question: Why referrer spam? What benefit could anyone
> derive from it? Is there anything on the web about it? (I'll google around.)
Googling for "referer spam" and "google page rank" will fill you in.
(Note that "referer" is deliberately misspelled because of an error in
the http specification.) In short, google ranks pages in part by how
many links to them it can find on the web. Since many people post
summaries of their referer logs on their websites, accessing a site
with a fake referer can create a link from a websites statistics page
to the attackers page, thereby increasing its rank in google.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Possible attack?
Posted by Gene <li...@Bomgardner.net>.
Joshua Slive wrote:
>On 11/24/05, Gene <li...@bomgardner.net> wrote:
>
>
>>Hi All:
>>
>>I've been getting a lot of hits on my server lately that look like they
>>might be some kind of exploit. Could someone be probing to see if my
>>server will proxy? Could it BE proxying without my knowledge? The resukt
>>code of 200 is disturbing.
>>
>>The log entries look like these (and there are lots of them):
>>
>>
>
>The only thing unusual about those entries are the referer. The
>request is a perfectly normal GET of your home page. That leads me to
>believe that these are simply referer-spam, trying to pollute your
>logs (perhaps posted online) and hence get links that will be counted
>by google. If so, you just did them a huge favor by posting their
>sites to this list, where your message will be picked up by a dozen or
>so web archives and boost their google ranks. Oh well. Other than
>that, I'd simply ignore them and make sure that you don't post
>anything from your referer logs on your website.
>
>
>
Sorry about that. This is an area that I'm still learning about (one of
many). Learning question: Why referrer spam? What benefit could anyone
derive from it? Is there anything on the web about it? (I'll google around.)
Thanks
Gene
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Possible attack?
Posted by Joshua Slive <js...@gmail.com>.
On 11/24/05, Gene <li...@bomgardner.net> wrote:
> Hi All:
>
> I've been getting a lot of hits on my server lately that look like they
> might be some kind of exploit. Could someone be probing to see if my
> server will proxy? Could it BE proxying without my knowledge? The resukt
> code of 200 is disturbing.
>
> The log entries look like these (and there are lots of them):
The only thing unusual about those entries are the referer. The
request is a perfectly normal GET of your home page. That leads me to
believe that these are simply referer-spam, trying to pollute your
logs (perhaps posted online) and hence get links that will be counted
by google. If so, you just did them a huge favor by posting their
sites to this list, where your message will be picked up by a dozen or
so web archives and boost their google ranks. Oh well. Other than
that, I'd simply ignore them and make sure that you don't post
anything from your referer logs on your website.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Possible attack?
Posted by Gene <li...@Bomgardner.net>.
Hi All:
I've been getting a lot of hits on my server lately that look like they
might be some kind of exploit. Could someone be probing to see if my
server will proxy? Could it BE proxying without my knowledge? The resukt
code of 200 is disturbing.
The log entries look like these (and there are lots of them):
Thanks for any tips or help...
Gene
81.215.250.249 - - [24/Nov/2005:08:44:36 -0600] "GET / HTTP/1.1" 200 190
"http://foto-porno-amatoriale.com" "Mozilla/4.0 (compatible; MSIE 6.0b;
Windows NT 5.0; .NET CLR 1.0.2914)"
219.146.214.57 - - [24/Nov/2005:08:44:43 -0600] "GET / HTTP/1.1" 200 190
"http://hosting-siti-adulti.com" "Mozilla/4.0 (compatible; MSIE 6.0b;
Windows NT 5.0; .NET CLR 1.0.2914)"
218.244.31.242 - - [24/Nov/2005:08:45:29 -0600] "GET / HTTP/1.0" 200 190
"http://foto-porno-amatoriale.com" "Mozilla/4.0 (compatible; MSIE 6.0b;
Windows NT 5.0; .NET CLR 1.0.2914)"
85.98.104.235 - - [24/Nov/2005:08:45:33 -0600] "GET / HTTP/1.1" 200 190
"http://puttane-grandi-tette.com" "Mozilla/4.0 (compatible; MSIE 6.0b;
Windows NT 5.0; .NET CLR 1.0.2914)"
85.104.130.61 - - [24/Nov/2005:08:46:23 -0600] "GET / HTTP/1.1" 200 190
"http://amatoriali.biz" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT
5.0; .NET CLR 1.0.2914)"
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache stops/freezes before "Digest: done"
Posted by Joshua Slive <js...@gmail.com>.
On 11/23/05, Olaf van der Spek <ol...@gmail.com> wrote:
> On 11/23/05, Joshua Slive <js...@gmail.com> wrote:
> > On 11/23/05, Olaf van der Spek <ol...@gmail.com> wrote:
> > > On 11/23/05, Joshua Slive <js...@gmail.com> wrote:
> > > > > Why is server startup blocked by that?
> > > > > Can't server startup continue and all auth requests fail until there
> > > > > are random bytes?
> > > >
> > > > I'd guess it would be much harder to impliment (would require
> > > > dispatching a thread/process to wait on the random number generator)
> > > > and wouldn't be what all admins would want anyway.
> > >
> > > Why would an admin prefer the entire server to block?
> >
> > If your site depends on digest auth, then you want to be confident
> > that if apache says it started successfully, your site is going to
> > work. Otherwise, you'd have to do detailed testing every time you
> > restarted your server.
>
> I don't think Apache saying ok guarantees your site is going to work.
> Doesn't digest also require random bytes after startup to periodically
> regenerate secrets?
There are no guarantees in life. There is no perfect solution to the
question of which errors should inhibit startup and which shouldn't.
I'm just saying that it is not something that would be universally
welcomed.
And no, I don't believe mod_auth_digest requires random bytes after
startup. It just needs them to seed the random number generator. But
as I said, I'm not an expert in this.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache stops/freezes before "Digest: done"
Posted by Olaf van der Spek <ol...@gmail.com>.
On 11/23/05, Joshua Slive <js...@gmail.com> wrote:
> On 11/23/05, Olaf van der Spek <ol...@gmail.com> wrote:
> > On 11/23/05, Joshua Slive <js...@gmail.com> wrote:
> > > > Why is server startup blocked by that?
> > > > Can't server startup continue and all auth requests fail until there
> > > > are random bytes?
> > >
> > > I'd guess it would be much harder to impliment (would require
> > > dispatching a thread/process to wait on the random number generator)
> > > and wouldn't be what all admins would want anyway.
> >
> > Why would an admin prefer the entire server to block?
>
> If your site depends on digest auth, then you want to be confident
> that if apache says it started successfully, your site is going to
> work. Otherwise, you'd have to do detailed testing every time you
> restarted your server.
I don't think Apache saying ok guarantees your site is going to work.
Doesn't digest also require random bytes after startup to periodically
regenerate secrets?
Re: [users@httpd] Apache stops/freezes before "Digest: done"
Posted by Joshua Slive <js...@gmail.com>.
On 11/23/05, Olaf van der Spek <ol...@gmail.com> wrote:
> On 11/23/05, Joshua Slive <js...@gmail.com> wrote:
> > > Why is server startup blocked by that?
> > > Can't server startup continue and all auth requests fail until there
> > > are random bytes?
> >
> > I'd guess it would be much harder to impliment (would require
> > dispatching a thread/process to wait on the random number generator)
> > and wouldn't be what all admins would want anyway.
>
> Why would an admin prefer the entire server to block?
If your site depends on digest auth, then you want to be confident
that if apache says it started successfully, your site is going to
work. Otherwise, you'd have to do detailed testing every time you
restarted your server.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache stops/freezes before "Digest: done"
Posted by Olaf van der Spek <ol...@gmail.com>.
On 11/23/05, Joshua Slive <js...@gmail.com> wrote:
> > Why is server startup blocked by that?
> > Can't server startup continue and all auth requests fail until there
> > are random bytes?
>
> I'd guess it would be much harder to impliment (would require
> dispatching a thread/process to wait on the random number generator)
> and wouldn't be what all admins would want anyway.
Why would an admin prefer the entire server to block?
Re: [users@httpd] Apache stops/freezes before "Digest: done"
Posted by Joshua Slive <js...@gmail.com>.
On 11/23/05, Olaf van der Spek <ol...@gmail.com> wrote:
> On 11/22/05, Joshua Slive <js...@gmail.com> wrote:
> > mod_auth_digest is asking your system for some random bytes to use for
> > digest auth. Your system is not providing them.
>
> Why is server startup blocked by that?
> Can't server startup continue and all auth requests fail until there
> are random bytes?
I'd guess it would be much harder to impliment (would require
dispatching a thread/process to wait on the random number generator)
and wouldn't be what all admins would want anyway.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache stops/freezes before "Digest: done"
Posted by Olaf van der Spek <ol...@gmail.com>.
On 11/22/05, Joshua Slive <js...@gmail.com> wrote:
> mod_auth_digest is asking your system for some random bytes to use for
> digest auth. Your system is not providing them.
Why is server startup blocked by that?
Can't server startup continue and all auth requests fail until there
are random bytes?
Re: [users@httpd] Apache stops/freezes before "Digest: done"
Posted by Joshua Slive <js...@gmail.com>.
On 11/22/05, Joel CARNAT <jo...@carnat.net> wrote:
> Hi,
>
> I had an Apache 2.0.54 running on gentoo/i386.
> I did an minor update (-r9 to -r31 which I suspect to be gentoo
> internals).
>
> Since then, Apache won't start anymore...
> I tried updating a few things (like mod_php, ...), cleanly remove
> packages and remaning directories and reinstalling the package but
> Apache still don't start (anymore).
>
> The error_log says (using -X -e debug) :
> [notice] Digest: generating secret for digest authentication ...
>
> here I should get "Digest: done" but I never.
> anyone thinks of somewhere I must look...
> I already did a lot of checkings but I must be forgetting something =)
mod_auth_digest is asking your system for some random bytes to use for
digest auth. Your system is not providing them.
If you don't need digest auth, the simple solution is to simply remove
mod_auth_digest. Otherwise, you'll need to figure out what source of
random numbers apr is using, and why it is failing. This should be
automatic in the compile, so it is likely that gentoo messed something
up. But I'm not an expert in this stuff.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache stops/freezes before "Digest: done"
Posted by Joe Orton <jo...@redhat.com>.
On Tue, Nov 22, 2005 at 05:49:31PM +0100, Joel CARNAT wrote:
...
> [warn] NameVirtualHost *:80 has no VirtualHosts
> [notice] Digest: generating secret for digest authentication ...
Pass "--with-devrandom=/dev/urandom" to configure when you build the
server (or when you build APR, if you do that separately).
joe
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org