httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Reinhardt" <crypto...@cryptodan.net>
Subject Re: [users@httpd] Something's fishy going on: dead server & no log messages
Date Sat, 30 Jan 2010 21:14:07 GMT

--------------------------------------------------
From: "Paul McFerrin" <pmcferrin@columbus.rr.com>
Sent: 30 January, 2010 20:41
To: <users@httpd.apache.org>
Subject: [users@httpd] Something's fishy going on: dead server & no log messages

> I have an interesting problem.  First, my Cygwin binary distribution of Apache 
> 1.3.22, ater 5 years has STOPPED RESPONDING.  No errors to log and No Web 
> Service.
>
> This all started by my computer get infecting by 2 Trojan Horses viruses.  The 
> OS disk partition was copied and a virus scanner was executed on the copy to 
> clean it out.  A decision was made to avoid a lot of wait time by letting my 
> son download from MS a copy of Windows XP Pro,that included all changes up to 
> SP3.  Using this MS download CD, most everything was restored to service with 
> the exception of Apache.  It acts like it has not ever been started except for 
> the normal error_log messages present with start/stop.
>
> QUESTION:
> I know this is going to be a strange request:  Has anyone had a experience 
> with the OS download possibly blocking port 80.  The OS download was a special 
> subscription service from MS.  Since I have my own hardware firewall, the 
> Windows Firewall is turned off as well as ICS.  My son, the MS experience, is 
> quite suspicious of Apache and/or Cygwin but is offering little help at this 
> time.  In fact he wanted me to briefly upgrade to MS IIS!!! (no way)
> I'm running on Cygwin 1.7 and Apache  has worked flawlessly for about 5 years 
> as well as Apache 1.3 22.  I firmly believe: If it's working, don't touch it.
> Well I touched it.  I upgraded to Apache 1.3.41 binary distribution.  The 
> results EXACTLY the same: dead to.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

Paul,

First of all I would check to see if  you can bring up your site by typing in 
http://localhost or http://internalprivatelanip your external IP address is 
forwarded to the correct internal private lan IP address like so:

External IP:80 > Firewall > Internal IP:80

Second thing I would try is to verify that the windows firewall is in fact 
disabled, and all security applications are disabled.

Third,  how did you get infected if you have a good hardware firewall 
configured?  Obviously you would have all all outbound allowed, and only select 
services like http allowed in.  This would prevent malicious people from 
connecting to your machine.  And call backs from being allowed.

Finally, how did you install Windows XP Pro, did you reformat the drive and 
start anew then applied all updates, and installed all your applications?  If 
you just installed over your copy of XP, then you may have gotten infected 
again.  I would try scanning with http://www.malwarebytes.org/mbam.php.

I notice you use Road Runner as your ISP, are you a business subscriber or a 
residential one?  If the latter, then road runner may have blocked port 80 for 
you since residential account subscribers are not allowed to run servers.

Thanks,
Daniel 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message