Forum Moderators: phranque
I'll call my domain abc.com. Fyi, I'm not an experienced linux guy. In the past, I had thought that abc.com and www.abc.com went to the same page - my home page. I noticed last week that they don't, and moreover abc.com was going to a page that had a "hacked" message on it; a friend tells me it was probably a php exploit, but that's all I know so far. www.abc.com is fine and loads the correct page.
So I did updates on the linux box, and now I'm trying to figure out what's going on.
I don't have an .htaccess file.
My biggest issue is that I have no idea where the file that loads when you go to abc.com IS.
I have several virtual hosts that are all working correctly. I believe I actually have abc.com set up as a virtual host. There is an abc_com.conf file I've set up in the vhosts.d dirctory. In /etc/apache2/httpd.conf, all lines concerning the default-server are commented out with a #.
Any idea where this page that shows up when you hit abc.com is coming from?
A simple test is to use the Ping command to ping example.com and www.example.com. If these do not resolve to the same IP address (shown in the ping output), then you can be sure you have a DNS configuration problem.
The next step is to either define a virtual server for example.com, or to add example.com as a ServerAlias to the vHost already defined for www.example.com. Actually, it's more usual to do it the opposite way: Define the vHost as example.com and define www.example.com or *.example.com as a ServerAlias of example.com.
Deleting the default server may not have the effect you desire; In response to a request not matching any defined ServerName or ServerAlias, Apache will serve the first vHost that *is* defined. So take this into account when deciding how to order your vHosts, and whether or not you want to explicitly define a default server.
Jim
"host www.example.com" shows that www.example.com is an alias for example.com and points to the correct IP address.
In my vhosts.d directory, there is an example.com vhost. I did not define a www vhost.
In the .conf file for example.com, I have
ServerName www.example.com
As a test, I removed the "www" so it read:
ServerName example.com
and restarted apache2.
At that point, www.example.com yields the "hacked" page and example.com goes to the correct page.
Your ServerAlias sounds like it's the right way to go. Would I put:
<VirtualHost *>
ServerName www.example.com
ServerAlias www example.com
# ...
</VirtualHost>
in httpd2.conf?
I'm still trying to figure where on my system this "hacked" page is.
When I used apache 1.x, I had all the virtual host info in the main httpd.conf file. I had to figure out how to do virtual hosts in the vhosts.d directory after upgrading to Suse 10.0, which installed Apache 2.0. I was told the original httpd.conf file would work fine, but none of the virtual hosts would work after the upgrade.
ServerAlias www.example.com example.com
in the example.conf fine in the vhosts.d directory and it fixed it.
I guess I'll have to grep the entire drive or something to find the hacked web page.
In response to a request not matching any defined ServerName or ServerAlias, Apache will serve the first vHost that *is* defined.
The hacked page will likely be in the DocumentRoot of whatever Virtual host your server was using as the default server.
You also need to review your logs and figure out how the page got hacked before putting anything valuable on this server...
Jim
