Solved

Apache error

Posted on 2011-03-13
10
639 Views
Last Modified: 2012-05-11
Today I found many pop-up error when I restart my server. By default it will also restart my apache. Currently we are using xampp for win2003 server.

However when I check log error file, I found many hits with the following error :

[Mon Mar 14 02:42:24 2011] [client 64.120.182.105] script 'D:/xampp/webdav/uxampp.php' not found or unable to stat
on Mar 14 02:46:54 2011] [client 64.120.182.105] script 'D:/xampp/webdav/uxampp.php' not found or unable to stat

etc.... 9 roughly about 80-120 hits

Apache is working after manually restarted...

The question here is, are we been hacked ? Or somebody is trying to hack our system ?

I need your advise of how to investigate this matter and find best solution.

thanks.
Tags:
0
Comment
Question by:KG1973
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 31

Expert Comment

by:farzanj
ID: 35124573
If it started successfully after manually restarting, then it could be anything from unclean shutdown to hacking.  You can try to check logs but if you don't have IDS already set up, it would be really hard to determine.  If you have kept a checksum of configuration files, or any other comparison to see manually that your files changed, it would be hard to determine.  Do you have any external backups to compare files with?
0
 
LVL 2

Expert Comment

by:sihar86
ID: 35124821
Sometimes, it caused by external problem.
For ex: your capacity of your harddrive.
Is your harddrive full?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 35124887
That IP address resolves to "kyoko.elenorbowleslinux.net".  Is that your server or desktop IP address?
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 1

Author Comment

by:KG1973
ID: 35125283
Sihar86,
My server has no issue on hd space. HD full capacity is 680GB and the current usage is not even 1%.

DaveBaldwin,
I'd checked "kyoko.elenorbowleslinux.net" but not found.
The IP that I mention here is not our ip, it is visitor ips who try to access to uxampp.php. This is based on log files.


Just to rephrase, why log file show this D:/xampp/webdav/uxampp.php. What is this file for ? When I checked, the folder is there but not uxampp.php file. Any idea why apache is looking for this file ?



0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 35125568
Apparently, that is a common way to break into your server if you have 'WebDav' installed.  http://www.apachefriends.org/f/viewtopic.php?f=16&t=43824
0
 
LVL 1

Author Comment

by:KG1973
ID: 35125856
DaveBaldwin,

Looking at the link you provided, it says that it is an exploitation. It suggest not to use it. However, I need to know what actually the purpose of webdav. If I remove the folder and configure my server not to use it, will there be any negative side ? I am sure Web-based Distributed Authoring and Versioning (WebDAV) is designed for good reason except that it has been missused somehow for other negative purpose.

0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 500 total points
ID: 35125999
I believe WEBDAV was invented by Microsoft for their old FrontPage product to upload and edit websites.  It had many security holes after a while.  You would have to have a product that had a WEBDAV client software in it in order to use it.
0
 
LVL 1

Author Comment

by:KG1973
ID: 35127314
How about dreamweaver ? Will that be affected as well ? In your experience, if someone already familiar with frontpage for updating website, what is best or closest web development software that he could easily migrate ? Of course there is no perfect answer for that.

As for this problem, I will try to disable it and see the outcome in few days time.

thanks.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 35130300
The product that came after FrontPage is Expression Web.  Some other programs have used it too.  I think most professional designers use FTP.  If you are developing on the same machine that has the web server, you can just copy the files from one directory to another.
0
 
LVL 1

Author Comment

by:KG1973
ID: 35136317
I agree, to avoid further potential attacks, we soon to terminate using frontpage. However, the problem may come again as hackers always looking for holes in our web server.
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question