You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Aaron <aw...@idl.net.au> on 2003/01/15 23:03:34 UTC
[users@httpd] Re: Thanks Jeff: Receiving shutdown signal from outside?
Thanks Jeff,
Yep, I wasn't shutting down properly.
I didn't mention before, but there are starts, restarts and shutdowns
occuring during times when I know I'm not doing it. It still seems to me
(inexperienced) that it's being controlled from outside.
It is running as a service.
I'll run the validation tool you mentioned.
I understand what you mean about the not installing in Program Files. Maybe
I'll change that later, though.
Thanks again.
Aaron
===============
> Hi Aaron,
>
> It seems that you never shut down the Apache service as you suppose to, if
> the Apache is installed as a NT service try running it as a service, if
it's
> not installed as a service go to the Apache\bin directory and type "apache
> -k install" to install the NT service.
> Run it as a system service and see which errors you get and if the service
> shuts down by itself again.
>
> I would also suggest you to use the config tool to validate your
> configuration, to make a validation tool, do as follows:
> Create a shortcut to the apache.exe file in the Apache\bin folder and then
> edit it to show like that:
> "c:\apache2\bin\Apache.exe -w -t -f c:\apache2\conf\httpd.conf -d
> c:\apache2"
>
> Just change the folders to be relevant to your apache's directory.
>
> My suggestion: Reinstall Apache to a directory under "c:\", do not make
> "program files" to be in use in the httpd.conf file or you'll have to add
""
> to any line it shows the apache directory.
>
> All the best,
> Jeff Cohen
> > -----Original Message-----
> > From: Aaron [mailto:awe@idl.net.au]
> > Sent: Tuesday, January 14, 2003 7:14 AM
> > To: users@httpd.apache.org
> > Subject: [users@httpd] Parent: Receiving shutdown signal from outside?
> >
> > "Hello" from Australia,
> >
> > I'm new to Apache. I have version 2.0.43 on Windows XP Pro.
> >
> > I have installed all Microsoft Windows XP security patches prior to SP1.
> > I
> > have been reluctant to install SP1 due to warnings I've heard about it
> > causing problems.
> >
> > I have used GRC's XPdite, from http://grc.com/xpdite/xpdite.htm
> >
> > In the Error Log, I find a number of entries like the following
examples:
> >
> > [Sun Jan 12 07:38:58 2003] [warn] pid file C:/Program Files/Apache
> > Group/Apache2/logs/httpd.pid overwritten -- Unclean shutdown of previous
> > Apache run?
> > [Sun Jan 12 07:38:59 2003] [notice] Parent: Created child process 1456
> > [Sun Jan 12 07:39:00 2003] [notice] Child 1456: Child process is running
> > [Sun Jan 12 07:39:00 2003] [notice] Child 1456: Acquired the start
mutex.
> > [Sun Jan 12 07:39:01 2003] [notice] Child 1456: Starting 250 worker
> > threads.
> > [Sun Jan 12 10:43:25 2003] [notice] Parent: Received shutdown signal --
> > Shutting down the server.
> > [Sun Jan 12 10:43:25 2003] [notice] Child 1456: Exit event signaled.
Child
> > process is ending.
> > [Sun Jan 12 10:43:26 2003] [notice] Child 1456: Released the start mutex
> > [Sun Jan 12 10:43:27 2003] [notice] Child 1456: Waiting for 250 worker
> > threads to exit.
> > [Sun Jan 12 10:43:27 2003] [notice] Child 1456: All worker threads have
> > exited.
> > [Sun Jan 12 10:43:27 2003] [notice] Child 1456: Child process is exiting
> > [Sun Jan 12 10:43:28 2003] [notice] Parent: Child process exited
> > successfully.
> >
> > [Sun Jan 12 22:02:52 2003] [error] [client 195.166.232.11] Client sent
> > malformed Host header
> > [Mon Jan 13 00:33:14 2003] [error] [client 199.243.77.42] Client sent
> > malformed Host header
> > [Mon Jan 13 09:42:26 2003] [warn] pid file C:/Program Files/Apache
> > Group/Apache2/logs/httpd.pid overwritten -- Unclean shutdown of previous
> > Apache run?
> >
> > There are more entries in the Error Log like the above examples. I
assume
> > this is not good. It appears to me (inexperienced) that someone is
> > controlling my server from the outside. I read about Stopping &
> > Restarting
> > at the Apache.org website, but it did not seem to mention whether this
was
> > something that could be done from outside.
> >
> > Assuming this is a vulnerability, is it addressed in WinXP SP1? ....or
> > can
> > I leave that out and alter some setting in the configuration file to
stop
> > this access? I seem to remember reading something about a parent/child
> > vulnerability with Apache on WinXP, but I can't find it now.
> >
> > I don't know if this helps, but this is how I have the DocumentRoot set
> > (I've stripped out the commenting here):
> >
> > UseCanonicalName Off
> >
> > DocumentRoot "C:/Program Files/Apache Group/Apache2/htdocs"
> >
> > <Directory />
> > Options FollowSymLinks
> > AllowOverride None
> > Order allow,deny
> > Deny from all
> > </Directory>
> >
> > ....and then a few lines down from that:
> >
> > <Directory "C:/Program Files/Apache Group/Apache2/htdocs">
> > Options Indexes FollowSymLinks
> > AllowOverride None
> > Order allow,deny
> > Allow from all
> > </Directory>
> >
> > As far as I understand, this allows access to the DocumentRoot folder,
but
> > nothing else.
> >
> > There are no VirtualHosts set up.
> >
> > If I need to strip the system clean and start again, I will. But I
wonder
> > if anyone can otherwise help me sort out this apparent vulnerability.
> >
> > Thank you in advance,
> > Aaron Wells
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org