Fixing /var/log/httpd/error_log errors

Discussion in 'Server Operation' started by edge, Mar 26, 2006.

  1. edge

    edge HowtoForge Supporter

    I'm trying to fix some errors that I see in the /var/log/httpd/error_log file.

    Some are easy fixes, and some are not (for me)

    I have the following logs in the file (ip is mask):

    Code:
    cat: /proc/user_beancounters: No such file or directory
    [Sun Mar 26 10:33:16 2006] [error] [client 81.169.xx.xx] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.D$
    [Sun Mar 26 14:42:42 2006] [error] [client 196.200.xx.xx] request failed: error reading the headers
    
    Googling for both user_beancounter (whatever it is) and w00tw00t do not give me usable info on how to fix it, and what it is from!
    (the w00tw00t does look suspicious)

    Anyone here who might know, what it's for, and how to stop this filling my error_log file?
     
    Last edited: Mar 26, 2006
  2. falko

    falko Super Moderator

    w00tw00t looks like some kind of virus/trojan that tries to connect to your server, but doesn't send proper headers. So it's not a problem of your server.

    I've never heard of /proc/user_beancounters... :confused:
     
  3. edge

    edge HowtoForge Supporter

    Thanks for the answer falko.

    I have no clue what is causing this cat: /proc/user_beancounters: No such file or directory log.

    Does cat: mean someting? This so I can start looking from there..
     
  4. falko

    falko Super Moderator

  5. edge

    edge HowtoForge Supporter

    Last edited: Mar 27, 2006
  6. falko

    falko Super Moderator

    But is it maybe a virtual server that you bought from an ISP? Maybe one powered by Virtuozzo?
     
  7. edge

    edge HowtoForge Supporter

    It's my own server with Fedora RC4, Coldfusion, MRTG and ISPconfig on it..

    Anyway.. grep user_beancounters has now been running for some hrs, but no result till now.

    Is grep user_beancounters the correct syntax to search in any file for the text user_beancounters?
     
  8. falko

    falko Super Moderator

    Instead of using grep, I'd run
    Code:
    updatedb
    locate user_beancounters
     
  9. edge

    edge HowtoForge Supporter

    I've done that allready with no results.. So I thought, lets create the directory 'user_beancounters' in '/proc/'.. guess what.. I get this message:
    This is the ls

    Code:
    [root@host proc]# ls
    1      18446  2205  2246   2329   25908  303    4207         filesystems
    10     18913  2206  2247   2338   25959  30538  4767         fs
    10096  1892   2207  2248   2343   26276  30668  482          ide
    10405  1900   2208  2249   23486  26362  30949  4852         interrupts
    11     19151  2209  225    2353   26505  30993  486          iomem
    1119   1960   2210  2250   2385   26542  30994  5            ioports
    1137   1970   2211  2251   23860  2667   30996  507          irq
    11556  1990   2212  2253   2393   2668   30997  539          kallsyms
    11649  2      2213  2255   23954  26718  31     5518         kcore
    12     20098  2214  2256   23959  26974  31001  6            keys
    1285   20528  2215  2257   24036  27105  31002  6475         key-users
    12881  20530  2216  2260   2412   27492  31007  6739         kmsg
    12937  20765  2221  2261   24178  2766   31008  692          loadavg
    13     2077   2222  2262   2421   27792  31033  7            locks
    13025  20773  2223  2263   24246  2791   31035  7387         mdstat
    13345  20819  2224  2264   24265  2798   31046  7391         meminfo
    13495  20853  2225  2265   2436   28     31155  7968         misc
    13553  20901  2226  2266   24394  2802   31450  7969         modules
    13754  21036  2227  2267   2441   2803   31892  8            mounts
    14     2106   2228  2268   2442   2804   31903  8094         mtrr
    14290  21600  2229  2269   2443   2805   31913  8672         net
    14848  21785  2230  2278   2445   2806   31921  9            partitions
    14919  21836  2231  22971  2453   28479  31979  9479         pci
    15     2191   2232  22972  2455   29     32     acpi         scsi
    1542   2193   2233  2298   24572  29036  32001  buddyinfo    self
    1544   2194   2234  23081  2459   29266  32006  bus          slabinfo
    15648  2195   2235  23101  2460   29267  32009  cmdline      stat
    15711  2196   2236  2311   2462   29587  32267  cpuinfo      swaps
    1613   2197   2237  23162  24637  299    32435  crypto       sys
    1626   2198   2238  23164  2465   3      32448  devices      sysrq-trigger
    1656   2199   2239  23165  2466   30     3556   diskstats    sysvipc
    1785   2200   2240  2318   2471   300    3792   dma          tty
    1796   2201   2241  2319   24827  30080  391    dri          uptime
    1825   2202   2242  2320   24887  301    4      driver       version
    18300  2203   2244  2321   25477  302    4200   execdomains  vmstat
    1833   2204   2245  2322   25562  3020   4206   fb           zoneinfo
    
    As you can see.. NO user_beancounters ...

    Whats going on???
     
  10. edge

    edge HowtoForge Supporter

    Ok.. I found the problem that was causing the error in the log.

    Some user had a .php page with a call to 'vpsstat' in it, and something with 'user_beancounters'.

    I've killed the pages, and all is okay now.
     

Share This Page