I pinged from my server to feedmebits.testing and I got an ip. I sent you the results in a pm cuz don't really want to post my ip here.
And I am able to ping now from my own pc at home to
www.feedmebits.com and I get an ip/reply.I don't quite get the last part yet:
Quote:and your browser should point to this Apache install which will serve up this particular vhost.
I then try editing /etc/hosts to:
myip feedmebits.com
and then try going to feedmebits.com and I get
403 forbidden. and when I go to my ip I get my
bucket .htm page.But the bucket is still confusing to me
cuz I don't see anything appearing in my logs when I
try it by ip. Think I'm just not understanding one
part yet but I'm a bit closer to understanding now.
Could you test out my bucket and see what you get?
Check /var/log/httpd/sniffer_access.log - that's your bucket logfile, isn't it?
Quote:Check /var/log/httpd/sniffer_access.log - that's your bucket logfile, isn't it?
Yeah it seems to be working but seems like there's a delay in my log
Haha interesting. I've already seen two people sniffing: one from dallas,texas and the other from Moldova, Republic of, Chisinau. But I also end up in my bucket when going to feedmebits.net cuz it's logged in my sniffer file:
But seems like when going to feedmebits.net I also end up in my bucket instead of ending up in the same place as
www.feedmebits.com (403 forbidden page)
that's from my sniffer access log
Code:
[15/Aug/2011:00:56:11 +0200] "GET /favicon.ico HTTP/1.1" 200 146 "http://feedmebits.net/" "Mozilla/5.0 (X11; U; Linux x86_64; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+ Debian/squeeze (2.30.6-1) Epiphany/2.30.6"
and this is from my sniffer-error log:
[Mon Aug 15 11:08:48 2011] [error] [client 69.162.74.102] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon Aug 15 11:17:29 2011] [error] [client 67.205.102.172] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon Aug 15 11:50:53 2011] [error] [client 50.73.155.220] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon Aug 15 15:17:17 2011] [error] [client 204.95.105.213] File does not exist: /var/www/html/.blackhole/phpmyadmin
Don't really understand it the first 3, but the last one is looking for my phpmyadmin controlpanel. Which thanks to anyweb's advice I removed out of
security reasons. And the ip belongs to United States Redmond Microsoft Corp . Why would they be trying to access my phpmyadmin
? Probably someone who hacked them and is using them as a proxy? hahaha viewing logs are fun :). Will be more fun once I get my site working and my IDS setup [img]<___base_url___>//public/style_emoticons/default/biggrin.png[/img]
Quote:But I also end up in my bucket when going to feedmebits.net cuz it's logged in my sniffer file:
But seems like when going to feedmebits.net I also end up in my bucket instead of ending up in the same place as www.feedmebits.com (403 forbidden page)
That's because you don't have feedmebits.net mentioned as a ServerName or ServerAlias in your config files.
Essentially if you end up in the bucket, Apache can't match your requested URL to a site so drops you into its first one.
Quote:Don't really understand it the first 3, but the last one is looking for my phpmyadmin controlpanel. Which thanks to anyweb's advice I removed out of
security reasons. And the ip belongs to United States Redmond Microsoft Corp . Why would they be trying to access my
The first are a sniff for a long-forgotten, the DFind scanner vuln - google w00tw00t if you want to know more information.
The phpmyadmin one is the reason I recommend people NOT to have it running against your default site (disable it in conf.d/ dir) - bind it to a vhost instead if needed.
I already remove phpmyadmin last week cuz anyweb said it's security wise better to do it via the commandline. And the more i use command line the better and the easier the command line becomes I suppose :)
The rest I posted
here
Quote:<blockquote data-ipsquote="" class="ipsQuote" data-ipsquote-contentcommentid="14897" data-ipsquote-username="feedmebits" data-cite="feedmebits" data-ipsquote-timestamp="1313406436" data-ipsquote-contentapp="forums" data-ipsquote-contenttype="forums" data-ipsquote-contentid="4122" data-ipsquote-contentclass="forums_Topic"><div>
But I also end up in my bucket when going to feedmebits.net cuz it's logged in my sniffer file:
But seems like when going to feedmebits.net I also end up in my bucket instead of ending up in the same place as www.feedmebits.com (403 forbidden page)
That's because you don't have feedmebits.net mentioned as a ServerName or ServerAlias in your config files.
Essentially if you end up in the bucket, Apache can't match your requested URL to a site so drops you into its first one.
Quote:Don't really understand it the first 3, but the last one is looking for my phpmyadmin controlpanel. Which thanks to anyweb's advice I removed out of
security reasons. And the ip belongs to United States Redmond Microsoft Corp . Why would they be trying to access my
The first are a sniff for a long-forgotten, the DFind scanner vuln - google w00tw00t if you want to know more information.
The phpmyadmin one is the reason I recommend people NOT to have it running against your default site (disable it in conf.d/ dir) - bind it to a vhost instead if needed.
</div></blockquote>
I didn't get this last part how to disble it, I have the conf.d directory but doesn't s mention phpmyadmin anywhere in there. And how do I bind phpmyadmin to a virtualhost.
before I removed phpmyadmin I did it like
this
I guess if you say bind I would have to do it like this:?
Alias /phpmyadmin /var/www/html/website/webfolder/phpmyadmin
btw I understand the blackhole now and replace my html page with your alias which give and error :) Brilliant!!! [img]<___base_url___>//public/style_emoticons/default/biggrin.png[/img]
BTW -= you don't need to quote the entire post back to reply - I can't view the entire lot on this small netbook here and it makes it difficult to reply!
It should be in /etc/apache2/mods-enabled in Debian 6, I think. That's where it is on my tower.
Quote:BTW -= you don't need to quote the entire post back to reply - I can't view the entire lot on this small netbook here and it makes it difficult to reply!
It should be in /etc/apache2/mods-enabled in Debian 6, I think. That's where it is on my tower.
LOL sorry about that mate.
I got my website working :)/home/username was not accessibly by apache
and the directory for index.php was not set now it all works :)
I did something really not smart but I managed to get it working again. i wanted to reinstall my website so I remove the /home/feedmebits/_public_html/feedmebits.nl and then I downloaded joomla again and tried reinstalling I got an error saying the page doesn't exist and I don't have permissions. I fixed this by deleting the user feedmebits and recreating the whole path. And it worked. While doing this I realized I made a very stupid/HUGE mistake but I'm glad I realized it. After creating the new user with root I made the new folders in that user's account with root and also download joomla as root. That way all files were owned by root instead of feedmebits. So I deleted all the folders I made with root under /home/feedmebits and su - user and made the path with the normal user and now I am able to install my website again. Only thing I don't understand is why I get an error if delete /home/feedmebits/public_html/feedmebits.nl and then create folder with the same name again and chgrp and chmod -R again?
before: drwxr-xr-x 3 root apache 4096 Aug 16 14:12 public_html
after: drwxr-xr-x 3 feedmebits apache 4096 Aug 16 14:12 public_html