[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 741
  • Last Modified:

Wordpress-XAMPP throws Apache Error 6054

I have a SuSe Linux Enterprise Server (SLES10)-based Wordpress server that we downloaded the XAMPP package, installed and have had running successfully for several months.  It includes Apache, MySQL, MyPhpAdmin and Wordpress all in one package.

We built a district site with four school sites below it on the same server.  Sunday morning (of course) a call came that the district site was down.  A restart of the server yielded nothing.  A restart of LAMPP yielded nothing.  Here is the exact error:

Apache Error: 6054 Invalid Memory Log has taken over homepage for security,

While the LAMPP (./lampp restart) starts/restarts fine, the opening or top page of the site still reports the error.  And, there is nothing we can find on the codex.wordpress site or anywhere else on Google.

I found an access_log file that was 1.3 gb in size and zeroed it out with a script and restarted...no luck.

We've had no trouble with this server (no new patches have been added).  Wordpress has run flawlessly for months.

Any thoughts...this has become a very visible problem.

Thanks,
Scott
0
ZENandEmailguy
Asked:
ZENandEmailguy
1 Solution
 
ZENandEmailguyAuthor Commented:
We resolved the issue...the server had been hacked and somehow an index.php file uploaded into the htdocs/ that had the words in the error coded into it.

Using top I found six perl daemons running and killed all six and the performance of the server increased dramatically. I then found a file called wp.php that had been uploaded in the htdocs/ directory and it was executing a variety of things. I've captured it, renamed it and moved it off of the server so I can study it and see if I can figure out what it was doing.

The /var/log/messages was logging an ftp open and close every second and the Internet Provider was able to capture a trace (and shutdown outgoing) showing thousands of packets going to an IP address coming (they said) from Mississippi of all places.

Sorry ask for help on an error that wasn't an error after all...it was a hack. If I knew who it was, I'd suggest they be strung up by their thumbs.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now