port 8081

Discussion in 'Installation/Configuration' started by korbynn, Mar 13, 2010.

  1. korbynn

    korbynn Member

    Did ispconfig add an apps and php-fcgi-scripts directorys and add a virtual host to 8081?
    When I did an update with ispconfig to 3.2 these appeared about the same time?
    If ispconfig did add these, what are they?
  2. korbynn

    korbynn Member

    no response, killing the port.
  3. Ben

    Ben HowtoForge Supporter

    what does "killing the port" mean?

    what does netstat -tap
    tell you, which process owns this port?
  4. till

    till Super Moderator

  5. korbynn

    korbynn Member

    To further this discussion:

    It appears that someone with knowledge of ISPConfig 3 had hacked into my server.

    They created an apps.vhost on port 8081.
    Directory /var/www/apps contained:

    drwx------ 2 ispapps ispapps 4096 Mar 13 11:32 .
    drwxr-xr-x 12 root root 4096 Mar 13 09:54 ..
    -rw-r--r-- 1 ispapps ispapps 33 Mar 11 22:08 .bash_logout
    -rw-r--r-- 1 ispapps ispapps 176 Mar 11 22:08 .bash_profile
    -rw-r--r-- 1 ispapps ispapps 124 Mar 11 22:08 .bashrc

    and a directory /var/www/php-fcgi-scripts contained:

    drwxr-xr-x 4 root root 4096 Mar 11 22:08 .
    drwxr-xr-x 12 root root 4096 Mar 13 09:54 ..
    drwxr-xr-x 2 ispapps ispapps 4096 Mar 13 11:37 apps
    drwxr-xr-x 2 ispconfig ispconfig 4096 Mar 13 11:37 ispconfig

    Each of these directories contained:


    which the contents were:

    export PHPRC
    export PHP_FCGI_MAX_REQUESTS=5000
    export PHP_FCGI_CHILDREN=8
    exec /usr/lib/cgi-bin/php -d magic_quotes_gpc=off[

    This somehow connected to a virtual machine hidden in one of my websites.

    I 'rm -fR' all that was not supposed to be there and rebooted the server. Now the server runs like it is supposed to. Fast at 10Mbps up and down.

    I have dumped using mod_php and am using suphp.

    Maybe the proper word is terminated not killed.
  6. till

    till Super Moderator

    Thats the default ispconfig apps vhost which is part of ispconfig, to delete it was a very bad idea as you now messed up our setup. If you would have read the thread that I posted above, you should have seen that as it contained the instructions on how to change the port in case that its in use on your server already.

Share This Page