Help! Why do I see message about Apache, CPanel & WHM. I don't run cpanel!
My dedicated web server has been configured and running fine for over 2 months now. I've made no configuration changes to the server in over a month and have had 17 sites running there since the end of September.
I do NOT run cpanel on my server and I'm not YET running ISPConfig either. Each of my sites were set up manually using the standard dDebian/Apache virtual host definition files in /etc/apache2/sites-available and sites-enabled setup
Then suddenly last night the sites started disappearing one by one and were replaced with a screen whose heading says (see attached):
Great Success! Apache is working on your cPanelŽ and WHM™ Server
As I said, I do NOT run cpanel on my server at all and I'm not YET running ISPConfig either. Each of my sites was set up manually using the standard Apache virtual host definition files and they've all been working fine for weeks.
So, why the hell am I suddenly getting this apache and cpanel message and how do I get rid of it? Although the files in /etc/apache2/sites-enabled and sites-available seem to be intact, I can't for the life of me figure out why I'm now getting this message?
Can anyone offer me a CLUE as to what would cause this to happen?
I have spot checked the individual domains and their files in the separate web accounts. From what I can tell, everything seems to be intact and present in the web accounts. It was just a cursory spot check, of course; but from what i can see, the web domains and their files all seem to be untouched.
So, what would cause apache to suddenly NOT be able to find the web domains it has been able to locate since August? Have I been hacked somehow? Or is the cause of this problem likely to less ominous than that?
If it helps, I'm running Debian Etch 4.0r3 and maradns is my DNS server. Mara is able to dig all of the sites fine and sees no problem. For all intents and purposes, I am basically my own dedicated server supplier. There is essentially noone upstream from me. The supplier who provides this server offers no support beyond the most basic of "Can you log into your server?". They answer no questions beyond that.
As I configured it, my server acts as its own DNS host/server with a domain on the server dedicated to that purpose. I use maradns rather than Bind9 because it required less system resources, was supposed to be MUCH easier to set up than Bind9, and wasn't subject to the same security exploits Bind9 was. Mara has worked well for 3 months now.
Other relevant details:
"dig domainname" reports no issues with any of the domains on my server at the moment.
I am able to "ping" both IP addressses on the server and ping gets a response. However, I did go to intodns.com and tried their tool to test two of my 17 domains. The only errors intodns reports are:
My research suggests none of these errors should be deal-killers on their own. Am I correct in reaching that conclusion?
Any thoughts or suggestions would be GREATLY appreciated! My server is down at the moment by my choice and all 17 of my domains are dead. As it stands, none of the 17 domains there can be accessed right now anyway until I figure out the cause of this problem.
Help!!! Can anyone advise me? I haven't a CLUE how to troubleshoot this issue. Thanks!
Any errors in Apache's error log?
Can you tell me one of the affected domains so that I can do some tests?
How we analyzed and fought a DDOS attack
We concluded this was caused by a DDOS attack. Here is what we know now.
The problem first began to appear around 8pm server time on Wednesday. By 7:30pm Thursday night the problem had disappeared and things were back to normal.
At first we assumed we were seeing a hacker or spam attack and possibly a password cracking attack on our server. It took hours to realize it was actually a DDOS attack. At first, we did what made sense to combat a hack attack. Later our strategy became focused on stopping a DDOS attack. Here is our diary of events and actions taken over the period of the attack.
What say you, falko? Did we get the situational, strategic and tactical analysis and combat techniques right or did we screw up somewhere?
Thanks again for your comments, thoughts, insights and suggestions.
|All times are GMT +2. The time now is 22:08.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.