httpd.exe is sending endlessly

Problems with the Windows version of XAMPP, questions, comments, and anything related.

httpd.exe is sending endlessly

Postby Photogregor » 08. September 2011 10:11

Hi,

there seems to be a problem with our Webserver. It is publishing a small online order system and the creator of this system is not any more available. I've never had anything to do with xampp and web systems at all. The problem: Network traffic on the web server is up to 100 percent of capacity and congesting the rest of the network when httpd.exe process is running (there are two of them). When I start "Apache Monitor" it shows that the system "Apache 2.2" is running. If I stop "Apache 2.2" these two httpd.exe processes disappear and network traffice goes down to zero.

Is it possible to someone like me without any practice in this system to repair that? Or do we have to look for professional aid? For now this system is on hold and I hope no one is trying to access it too soon... :)

Would be great if someone could answer this or even present some tricks I could try to find out what's going on.

Regards,
Stefano


Elsewhere I read about two log files. Here are some randomly selected lines (all these IP addresses are unknown to me):

access.log:

50.23.239.15 - - [07/Sep/2011:20:38:21 +0200] "GET /webalizer/sh.php?host=solidtrustpay.com&port=80&protocol=tcp&time=60 HTTP/1.1" 200 49168
50.23.239.15 - - [07/Sep/2011:20:38:31 +0200] "GET /webalizer/sh.php?host=192.168.1.5&port=80&protocol=tcp&time=60 HTTP/1.1" 200 48817
50.23.239.15 - - [07/Sep/2011:20:38:48 +0200] "GET /webalizer/sh.php?
host=118.127.29.96&port=80&protocol=tcp&time=60 HTTP/1.1" 200 48832

error.log

[Mon Sep 05 01:20:39 2011] [error] [client 202.111.175.176] File does not exist: C:/Programme/xampp/htdocs/mysql-admin
[Mon Sep 05 02:01:29 2011] [error] [client 24.241.230.68] (OS 2)Das System kann die angegebene Datei nicht finden. : Could not open password file: C:/Programme/xampp/security/htpasswd.webdav
[Mon Sep 05 02:03:33 2011] [error] [client 24.241.230.68] (OS 2)Das System kann die angegebene Datei nicht finden. : Could not open password file: C:/Programme/xampp/security/htpasswd.webdav
[Mon Sep 05 02:38:52 2011] [error] [client 109.148.189.121] (OS 2)Das System kann die angegebene Datei nicht finden. : Could not open password file: C:/Programme/xampp/security/htpasswd.webdav
[Mon Sep 05 02:41:01 2011] [error] [client 24.241.230.68] (OS 2)Das System kann die angegebene Datei nicht finden. : Could not open password file: C:/Programme/xampp/security/htpasswd.webdav
[Mon Sep 05 02:53:57 2011] [error] [client 109.148.189.121] (OS 2)Das System kann die angegebene Datei nicht finden. : Could not open password file: C:/Programme/xampp/security/htpasswd.webdav
Photogregor
 
Posts: 4
Joined: 08. September 2011 09:52

Re: httpd.exe is sending endlessly

Postby JonB » 08. September 2011 15:23

A -There SHOULD be two httpd.exe processes with Apache for Windows. One is a 'controller', and the other is the 'worker processes'.

B. - your problem apparently is that you are the target of some hackers. Its hard to say 'why' they want to hack your box, other than pure maliciousness. They are bombarding your machine with requests, and it brings things to a grinding halt (as you have seen). My personal best 'quick-fix' advice is shut the box down for a couple days, they will move on.

C.- I think turning off your server signature, combined with a new fixed IP would probably suffice to prevent a re-occurrence. I say this because it appears you were 'gotten' by a port scanner, looking for the XAMPP WEBDAV vulnerability. This could be the whole issue - your WEBDAV is open and bad folks have made it a stopping off point for Malware scripts.

Here is how to fix that:
viewtopic.php?f=16&t=38885&p=182635&hilit=webdav#p182635

Ms. Sharley's paranoia about WEBDAV is validated.

Good Luck
8)
User avatar
JonB
AF Moderator
 
Posts: 3210
Joined: 12. April 2010 16:41
Location: Land of the Blazing Sun
Operating System: Windows XP/7 - Fedora 15 1.7.7

Re: httpd.exe is sending endlessly

Postby Photogregor » 09. September 2011 19:15

Thanks a lot for your efforts, JonB. I did what Sharley said and changed these 3 txt files (readme_de.txt, readme_en.txt and webdav.txt). And then - I made a mistake! :-( According to that page:

http://www.apachefriends.org/en/xampp-windows.html#1221

I went to http://localhost/security, where I set a passwort for Mysql root user and a password for Xampp directory. With that I killed the customer tool and don't know how to revert this! When I launch it I get the message:

Database Error
The current username, password or host was not accepted when the connection to the database was attempted to be established.


I hope that no one tries to access the order system during weekend - but could you help me out of that situation?

Thanks in advance,
Stefano
Photogregor
 
Posts: 4
Joined: 08. September 2011 09:52

Re: httpd.exe is sending endlessly

Postby JonB » 09. September 2011 19:30

OK

The root password setting is probably not the problem. The application should not (but who knows) use the 'root' password for MySQL.

The second part of that installs a .htaccess file in the xampp\htdcos folder I think. Look for that file, and rename it (for now) to .htaccess.old , that should keep it from interfering. See if that makes things work right.

The problem here is that if there was a .htaccess file originally in the htdcos folder, it probably got overwritten (meaning we probably don't have away to recover it).

I hope you guys take backups

:shock:
User avatar
JonB
AF Moderator
 
Posts: 3210
Joined: 12. April 2010 16:41
Location: Land of the Blazing Sun
Operating System: Windows XP/7 - Fedora 15 1.7.7

Re: httpd.exe is sending endlessly

Postby Photogregor » 10. September 2011 19:02

JonB,

there is only an _.htaccess file in that directory, but it has no current date and renaming it didn't change my problem. There are several sub folders in htdocs and when I try to launch the shop one of these folders is accessed (I can see that because when I type in "www.xyz.net" it changes to "www.xyz.net/subfolder/index.php" after hitting enter key). And in this subfolder there in fact is another .htaccess file, but renaming it does not change anything either.

Unfortunately there is no backup I know of, this shop is small and old and I did not know about it until someone asked me for access credentials.

Any other idea?

Thanks again for your efforts,
Stefano
Photogregor
 
Posts: 4
Joined: 08. September 2011 09:52

Re: httpd.exe is sending endlessly

Postby Photogregor » 10. September 2011 19:24

JonB,

I made it run again. Anywhere in WWW I found someone with a similar problem and he talked about a file named localconf.php. And there was a program called Pspad on our server. I loaded localconf.php with this program and searched for the password line this guy talked about. Since there was none I inserted a line and typed in the password I used yesterday - and the shop was accessible again.

Thanks a lot for your help, I have to see now how to secure this xampp system.

Regards,
Stefano
Photogregor
 
Posts: 4
Joined: 08. September 2011 09:52

Re: httpd.exe is sending endlessly

Postby JonB » 10. September 2011 19:57

Glad you got it fixed...

Yep, securing would be a good idea - so would getting a backup every day.

8)
User avatar
JonB
AF Moderator
 
Posts: 3210
Joined: 12. April 2010 16:41
Location: Land of the Blazing Sun
Operating System: Windows XP/7 - Fedora 15 1.7.7


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 43 guests