Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
My web server keeps going down I reboot it and then it may work for 5 mins then it down again.
I thought it may be a hacker I closed all port except to my Ip address, but it keeps going down, first the apache soon after I can't get access to root.
I have read in other forums disable root login via SSH, will this stop myself form logging in..
Can anyone make any sugestions on how to track down the error?
It can be a hardware problem. But you should disable login as root by ssh. Login as normal user then do su - to become root.
If it is going down normally (it shuts down all the deamons, and the system), then it is rather some hacker problem. I suggest to change more often your root password and make it quite long.
First of all fill in your user info like distro and such so we know what you're talking about.
I have read in other forums disable root login via SSH, will this stop myself form logging in..
Next add an unprivileged account with which you can log in through ssh (use a passphrase not a password) and with which you can su/sudo to root.
My web server keeps going down I reboot it and then it may work for 5 mins then it down again.
And crackers usually don't crave attention. So (w/o "evidence") I'd say it should classify as a hardware / process checker / watchdog problem and not as a breach of security. Anyway.
When did this behaviour start ocurring?
What changes where made leading up to the first ocurrance?
What does syslog say?
Thanks for the advice, it completly stopped working now.. cant't connect via ssh or via a serial consol, still a few thing I need to extract for the the server.. I have to mount drive in rescue mode..
I inputed the following command
mount /dev/hda1 /mnt
and is not a valid block device
could this be an indication that the Hard drive has gone?
mount /dev/hda1 /mnt
and is not a valid block device
could this be an indication that the Hard drive has gone?
If /dev/hda1 is meant to be a partition on the HD then I'd run a fsck on the partitions.
The behaviour started two days ago & have not made significant changes to the machine just updated info on a couple of websites..
I have checked the access_log and cannot see anything suspicious although i'm not 100% sure of what to look for...are there any other logs I should check
The orginal server that had the problem seems ok now but the new server (which domain has been tranfered to) is repeating the problems server hangs up at different times.. (I migrated the serve using plesk migration tool.
I have perform a root kit search and nothing was detected..
First thing I'd do is stop all daemons that are publicly accessable (related to serving content and such) and keep those you need for accessing the box (SSH). Then look at *all* the logs. This:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.