homepage Welcome to WebmasterWorld Guest from 54.161.155.142
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Strange slowness on Apache Server
Strange error logs as well
ZakAltF4




msg:4503137
 7:03 pm on Oct 2, 2012 (gmt 0)

Hello all,

I am experiencing some unusual site speed issues. I looked at the Apache error log and found some very interesting things happening. I wonder if someone could help explain what I am seeing here? I don't recognize any of these sites mentioned, and I am afraid that the system has been infected with malware as the WWW files are on a LINUX SMB share, so if someones computer is infected, it theoretically could have access to the www root. This is not a super secure site, and it's not even publicly open .. It's all internal if that helps. The server in question is UBUNTU 12.04 running Apache 2.2. A portion of the Apache error log is as follows:



[Tue Oct 02 11:11:53 2012] [error] (111)Connection refused: proxy: HTTP: attempt to connect to 87.98.219.83:80 (*) failed
[Tue Oct 02 11:11:53 2012] [error] (111)Connection refused: proxy: HTTP: attempt to connect to 98.136.10.33:80 (*) failed
[Tue Oct 02 11:11:54 2012] [error] (111)Connection refused: proxy: HTTP: attempt to connect to 98.137.48.23:80 (*) failed
[Tue Oct 02 11:11:54 2012] [error] [client 125.65.45.146] (20014)Internal error: proxy: error reading status line from remote server ads1.zenoviaexchange.com:80, referer: http://www.hapyo.com/
[Tue Oct 02 11:11:54 2012] [error] [client 125.65.45.146] proxy: Error reading from remote server returned by http://ads1.zenoviaexchange.com/w/1.0/ajs?auid=219793&res=1280x1024x32&plg=swf,pdf[6],qt[6],wmp[7],shk&ch=UTF-8&tz=300&url=http%3A//www.hapyo.com/&ref=&cb=9786519978, referer: http://www.hapyo.com/
[Tue Oct 02 11:11:55 2012] [error] (111)Connection refused: proxy: HTTP: attempt to connect to 118.215.189.229:80 (*) failed
[Tue Oct 02 11:11:55 2012] [error] [client 46.197.113.233] PHP Notice: Undefined index: exp in /var/www/index.php on line 69
[Tue Oct 02 11:11:55 2012] [error] [client 46.197.113.233] PHP Notice: Undefined variable: error in /var/www/index.php on line 93
[Tue Oct 02 11:11:55 2012] [error] [client 108.62.185.157] (104)Connection reset by peer: proxy: error reading status line from remote server ad.globaltakeoff.net:80, referer: http://classidressing.com/index.php?option=com_content&view=article&id=5356:2012-01-19-23-33-35&catid=40:fashion-clothes-women&Itemid=96
[Tue Oct 02 11:11:55 2012] [error] [client 108.62.185.157] proxy: Error reading from remote server returned by http://ad.globaltakeoff.net/st?ad_type=iframe&ad_size=160x600&section=2897424&pub_url=${PUB_URL}, referer: http://classidressing.com/index.php?option=com_content&view=article&id=5356:2012-01-19-23-33-35&catid=40:fashion-clothes-women&Itemid=96
[Tue Oct 02 11:12:08 2012] [warn] proxy: No protocol handler was valid for the URL 183.79.29.229:25. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Tue Oct 02 11:12:14 2012] [error] [client 2.34.62.20] PHP Notice: Undefined index: exp in /var/www/index.php on line 69
[Tue Oct 02 11:12:14 2012] [error] [client 2.34.62.20] PHP Notice: Undefined variable: error in /var/www/index.php on line 93
[Tue Oct 02 11:12:17 2012] [error] [client 82.222.90.167] PHP Notice: Undefined index: exp in /var/www/index.php on line 69
[Tue Oct 02 11:12:17 2012] [error] [client 82.222.90.167] PHP Notice: Undefined variable: error in /var/www/index.php on line 93
[Tue Oct 02 11:12:19 2012] [warn] proxy: No protocol handler was valid for the URL 220.213.162.4:25. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.



I realize that it might be malware, I'm just curious how to track it down and eradicate it. Thanks in advance!

-- Zak

 

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved