Strange messages about "cookie file" in Apache error_log file
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Strange messages about "cookie file" in Apache error_log file
Hello,
I have a Centos 6 server that I use to host some websites, and few days ago some strange messages start appearing in my Apache error_log file (/var/log/httpd/error_log), and I don't know what they mean, and if it is something bad or normal.
It appears with a frequency of about once every hour.
So far I couldn't identify what website is generating these messages. I searched for some keywords inside websites logs but I found nothing relevant (if you know the right string to search inside logs please tell me). Moreover I would like to know where the file mentioned in the message is located.
I have a Centos 6 server that I use to host some websites, and few days ago some strange messages start appearing in my Apache error_log file (/var/log/httpd/error_log), and I don't know what they mean, and if it is something bad or normal.
The message is the following:
Code:
# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.
#HttpOnly_.facebook.com TRUE / FALSE 1472112725 datr 3rvzVL_80MSwtcNW5K8WSoJ
It appears with a frequency of about once every hour.
this is definitely not an Apache message, and so (IMO) something that SHOULD NOT appear in Apache's error log. It looks like a fragment of a configuration file (curl?), but I'm curious as hell how this ends up in Apache's error log. Could an Apache module or CGI possibly be writing its own messages into the log file?
Regular error log messages start with a timestamp, followed by "[error]" or "[notice]"; rarely they begin with "apache2:" followed by a message in prose.
Quote:
Originally Posted by roby84
So far I couldn't identify what website is generating these messages. I searched for some keywords inside websites logs but I found nothing relevant (if you know the right string to search inside logs please tell me). Moreover I would like to know where the file named in the message is located.
this is definitely not an Apache message, and so (IMO) something that SHOULD NOT appear in Apache's error log. It looks like a fragment of a configuration file (curl?), but I'm curious as hell how this ends up in Apache's error log. Could an Apache module or CGI possibly be writing its own messages into the log file?
Regular error log messages start with a timestamp, followed by "[error]" or "[notice]"; rarely they begin with "apache2:" followed by a message in prose.
It's not unusual for me to see messages not beginning with [error] or [notice] inside Apache error log (i.e. curl), but I think it just depends on how Apache logging is configured.
Quote:
What file??
[X] Doc CPU
The file mentioned in the message, which says "This file was generated by libcurl! Edit at your own risk."
If you use a CGI or a PHP script that uses exec or similar to run some shell script, any output to standard error (stderr) is sent to the Apache error log. It doesn't have to be PHP, any scripting languge that lets you run shell commands can do this.
I would grep for curl to find out what is causing it. The cookie file is used when you want to automate things. For example you can use curl to login to some site, and then store the session cookie in a file. Then you can use curl with the cookie file to get stuff that require login. And from the error messages it looks like it's facebook.
So, if you have some code that does a facebook login and does something with facebook, it's probably the cause. If you find out it's harmless, you can add "2>/dev/null" to the curl shell command and this doesn't show up in the error log.
If you use a CGI or a PHP script that uses exec or similar to run some shell script, any output to standard error (stderr) is sent to the Apache error log. It doesn't have to be PHP, any scripting languge that lets you run shell commands can do this.
just like that, without further tricks? I didn't know that, thanks.
Doesn't this imply that output from a PHP script (just as an example) that is explicitly written to stderr also ends up in Apache's error log?
I never bothered to try, but that would be the logical consequence ...
I have a Centos 6 server that I use to host some websites, and few days ago some strange messages start appearing in my Apache error_log file...inside websites logs
CentOS 6 what?
Code:
lsb_release -d
websites is plural, so are there any too permissive permissions on directories and files?
Directories on websites should be 755 and files should be 644 with the exception of cgi scripts.
Examine the /tmp directory closely.
I'd grab the exact date/time stamp from the apache log and document that somewhere for comparison. See http://www.cyberciti.biz/faq/unix-li...on-given-date/ for some comparison techniques against the timestamp on the apache log.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.