Jump to content

Does this sound like my Apache server has been hacked?


garyed
 Share

Recommended Posts

For a couple days I experimented with hosting my own site by routing a domain name to my computer. I didn't really want any outside traffic but i found i was getting a few visitors & i didn't have confidence in my password security. So i decided to unlink the domain name so at least someone would have to use my ip address to get to my site. I found that I was still getting a few visitors each day so I decided to use a password through .htaccess which was on of the suggestions I got from another thread. Everything seemed to be working fine & as far as I could tell no more visitors were getting in to my site. Now I find that two of my directories will not work through either browser, Chrome or Firefox. When I go to localhost to work on my site & to those two directories I just get:

" This site can’t be reached
localhost refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED "

I've checked permissions & can't find anything different than my other directories that do work. All my files are still there so I'm a little confused. I have plenty of other directories on my site still working.
I have messed with some configuration files to get .htaccess password to work but I can't even remember what I did. I tried removing the .htaccess file but that didn't help either.
Any ides?

Link to comment
Share on other sites

I assume Apache has to be running because 90% of my server site is working & it's only two directories that I'm having the problem with. 

I created a new directory & copied the index file & the background image from one of the directories that wasn't working into it & it works OK except the background image doesn't work. 

If I type the url of the image file I get the same error but if I put another image file I don't get the error. It's like something has happened to some of the files in those two directories.

I'm at a complete loss. 

 

Link to comment
Share on other sites

3 minutes ago, requinix said:

So are you saying that you get a ERR_CONNECTION_REFUSED when you try to browse to a couple pages on your site but not for everything else? And everything in your browser's address bar looks correct, domain and path and all?

Yes,

I have quite a few different web sites & each site has its own directory. I use my Apache server to design the pages & test them before i upload them to my web host. So I can either just go to localhost from my browser or type in my ip address 

to view all my sites & pages. There's only two sites & pages on two separate directories along with their sub directories that I get the error & all the other sites & pages in about 40 other directories work fine.   

The path is fine & that's why i'm wondering if I've been attacked. I'm running Apache on Ubuntu Linux.    

Link to comment
Share on other sites

I doubt very much you've been "hacked" by anything, but I just confirmed you really do have port 80 open on your internet-facing machine so who knows, maybe some bot did?
All I do know is that there is some important piece of information that you may or may not be aware of which would explain what's happening in a more technical way.

Oh, and one more thing: exposing a web server on your personal machine to the internet when you (no offense, but) don't know how to tell whether you've been hacked by something is really not a smart idea. The safest course of action would be to wipe your computer, as well as anything that could have come in contact with it.

Link to comment
Share on other sites

3 hours ago, garyed said:

Did you get to the login page? 

If you did, did you get to any of the site at all? 

I didn't go any further than that. You can test it for yourself easily enough: grab a smartphone, get off your wifi, and browse to http://your-ip-address.

Link to comment
Share on other sites

5 hours ago, requinix said:

I didn't go any further than that. You can test it for yourself easily enough: grab a smartphone, get off your wifi, and browse to http://your-ip-address.

I think I'm going to take your advice & close down port 80 until I can figure out what is going on. 

I wanted to be able to remotely access my work & I've also been tinkering with the idea of hosting my own website so I've been playing around with this for quite a while. My port has been open for a few years & I've never had any problem until now. It all started when I forwarded one of my domain names to my computer as an experiment about a week or two ago. I used a php password protected index page with a mysql database to see if I had any visitors. When I realized it wasn't a good idea, I got rid of the domain name thing but I was still getting visitors. Then I added the .htaccess file with a password.  I'm not sure exactly when my directories started having the problem but I'm sure it wasn't until after I forwarded my domain name. It might have started when I added the .htaccess file & changed some configuration files but I can't be sure. If my whole site was down then I would think it would have to do with something I did, but having just two directories down doesn't make sense.    

Link to comment
Share on other sites

Update,

I decided to uninstall my LAMP server & reinstall it to see if that would fix anything & sure enough, it did. 

I'm not sure what happened to only effect two directories but they are working fine since I reinstalled Apache. 

Anyways, thanks for all the ideas.

 

 

Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.