Jamo Posted May 5, 2011 Share Posted May 5, 2011 I have turnkeylinux apache server running on a old dell laptop. on that server is only a PHProxy running with ssl, so I can get secure internet connection. Sometimes that server just freezes, I cant ssh to it, if connecting to ports 80 and 443, browser just tells that cant connect. Server is installed on usb stick. When server is frozen usb's light keeps flashing, like there's a lot of activity on that stick. Usually a manual reboot (remove power cable and battery) has fixed it. I had to do it every 2 weeks. Then I set it to reboot once a day. It seemed to be working well for a month, no downtime until now. Server is in my home network, with port 443 forwarded to it. what might cause these errors? have I been hacked?, I mean the server, Have it been hacked? Any ideas, what to do for that server. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 5, 2011 Share Posted May 5, 2011 I would do the following: 1) Run a memory diagnostics? To see if there are any errors in RAM. 2) When the server stops responding, is there any process that it taking up all CPU cycles? 3) Check all cables inside the case, make sure they are firmly connected. 4) I would also run a HDD test, just to make sure its running normal. Quote Link to comment Share on other sites More sharing options...
Jamo Posted May 6, 2011 Author Share Posted May 6, 2011 I would do the following: 1) Run a memory diagnostics? To see if there are any errors in RAM. 2) When the server stops responding, is there any process that it taking up all CPU cycles? 3) Check all cables inside the case, make sure they are firmly connected. 4) I would also run a HDD test, just to make sure its running normal. 1) Ill try this 2) That "server"/laptop is completely not responding, only thing working is the power button. Im using vbetool to turn screen off. and when I have problems I cant ssh and turn screen on 3) Well it's a laptop. I prefer not to open it... 4) Laptops HDD is broken, Ubuntu server is installed on a ole usb stick Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 6, 2011 Share Posted May 6, 2011 2) How long have you had the server for? 4) Not sure how well an OS would perform, if its running off an USB stick. Performance may slightly be degraded. Quote Link to comment Share on other sites More sharing options...
justapeon Posted May 6, 2011 Share Posted May 6, 2011 ps aux and check for unneeded running programs. Update/upgrade the system. Need larger swap? Get rid of Ubuntu's phone home server software if you have not done so already. Forgotten the name of it. It's called landscape or something like that. Also updatedb. fsck? Quote Link to comment Share on other sites More sharing options...
digip Posted May 6, 2011 Share Posted May 6, 2011 (edited) Bigger question, how is the heat on this since its a laptop? What are the temperatures like? Do you have adequate cooling, and when is the last time you cleaned the dust out of it? Laptops are not meant to run 24/7 as servers, although its possible with proper cooling. I would run a hardware monitor and keep an eye on the temps and cpu usage, and maybe log this data every minute or so to a file, so when you do reboot, you can go back and look at what is happening. I'm not saying it isn't software related to uBuntu or anything, but lets rule out the hardware first. The other thought is the ISP blocking port 80 and 443, but thats easy enough to configure apache to run on alternate ports in case the ISP dumps all the traffic with RST packets, which could cause access to stop working, but shouldn't be crashing the machine. edit: as mentioned in the post above, a file system check would also be a good idea. Edited May 6, 2011 by digip Quote Link to comment Share on other sites More sharing options...
Jamo Posted May 7, 2011 Author Share Posted May 7, 2011 Iv been using it for 5 months. Performance ain't an issue, it's only for https proxy. I don't think that heat is my issue now, when touching it ain't warm, laptops lid is open. My ISP allows me to use ports 80 and 443. Now when I tried to ssh to it Im unable to login, I cant use webmin, that installed, by turnkey linux. Well I think that Ill reinstall it. Quote Link to comment Share on other sites More sharing options...
digip Posted May 7, 2011 Share Posted May 7, 2011 (edited) Dumb question, but did you bother to change the default passwords for webmin, phpmyadmin, etc? I would assume it prompted you to choose passwords when setting it up unless it was a virtual appliance. If not, and you left all these services up and running, someone definitely could have hacked the machine. Especially phpmyadmin, depending on the version shipped in your download since there are always hacks for it through sql injection. Unless you need the database side of it, make sure mysql is not running and phpmyadmin is locked down as well(if they were installed via Turnkey). The only Turnkey Linux servers I've ever used were Virtual Machines. Personally, I would have run the web server off of a VM anyway, instead of from my host machine, with a snapshot backup of my main config after I change all passwords and lock things down. Then if something went belly up, you can just revert to the snapshot, or default to the snapshot at each recycle of the VM. The other thought is a flaw in phproxy. From what I remember, that script has been around for years, but I don't think its actively being maintained or updated in at least 4 years or so. If there are flaws in it people aren't aware of, or an 0-day, then your box could have been compromised by the phproxy itself. make sure you are using the one from Sourceforge, and not other versions claiming to be phproxy versions later than 0.4, or it could be backdoored. Edited May 7, 2011 by digip Quote Link to comment Share on other sites More sharing options...
Jamo Posted May 7, 2011 Author Share Posted May 7, 2011 Dumb question, but did you bother to change the default passwords for webmin, phpmyadmin, etc? I would assume it prompted you to choose passwords when setting it up unless it was a virtual appliance. If not, and you left all these services up and running, someone definitely could have hacked the machine. Especially phpmyadmin, depending on the version shipped in your download since there are always hacks for it through sql injection. Unless you need the database side of it, make sure mysql is not running and phpmyadmin is locked down as well(if they were installed via Turnkey). Yes, it asked to set passwords when installing. I allow only port 443 to be forwarded to that machine, So Webmin is not directly available, its running on port 12321. Last time I installed it I really didn't do anything to phpmyadmin and mysql. I dont need either. Just php and apache for the proxy. What's the best way to "get rid of those", uninstalling or just disabling services. It should update it (ubuntu server) once a day automatically, The only Turnkey Linux servers I've ever used were Virtual Machines. Personally, I would have run the web server off of a VM anyway, instead of from my host machine, with a snapshot backup of my main config after I change all passwords and lock things down. Then if something went belly up, you can just revert to the snapshot, or default to the snapshot at each recycle of the VM. Well it might be easier to run it in VM if I had my computer on, when I needed that proxy. And I had a really old dell laptop laying around. CPU is 233MHz, and it had 32Gb hdd (PATA)... The other thought is a flaw in phproxy. From what I remember, that script has been around for years, but I don't think its actively being maintained or updated in at least 4 years or so. If there are flaws in it people aren't aware of, or an 0-day, then your box could have been compromised by the phproxy itself. make sure you are using the one from Sourceforge, and not other versions claiming to be phproxy versions later than 0.4, or it could be backdoored. Yea, latest version is from 2005 or so. Is there any alternatives for phproxy. I cant use squid cause sometimes I cant edit proxy settings from browser. Quote Link to comment Share on other sites More sharing options...
digip Posted May 7, 2011 Share Posted May 7, 2011 The alternative in my mind is a VPN or using an SSH tunnel. More secure than https in the browser, since all traffic is encrypted via the tunnel and no threat of ssl strip, as well as not exposing a web server to the public internet since anyone who points to your IP could use the proxy as well without your knowledge, or possible pointing it to a site or script that could in some way compromise the host machine itself via phproxy. Quote Link to comment Share on other sites More sharing options...
Jamo Posted May 8, 2011 Author Share Posted May 8, 2011 That proxy is only for getting more secure connection, when using computers, which doesn't allow ssh tunneling nor vpn's I do also ssh tunneling and I have pptp server for my ipod Touch. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 8, 2011 Share Posted May 8, 2011 That proxy is only for getting more secure connection, when using computers, which doesn't allow ssh tunneling nor vpn's I do also ssh tunneling and I have pptp server for my ipod Touch. Where SSH or VPN tunneling is not allowed, I would try changing the default ports, to something like port 80 or 443, if you haven't tried. Since these ports would normally be unblocked. Quote Link to comment Share on other sites More sharing options...
Jamo Posted May 10, 2011 Author Share Posted May 10, 2011 Where SSH or VPN tunneling is not allowed, I would try changing the default ports, to something like port 80 or 443, if you haven't tried. Since these ports would normally be unblocked. I got ssh on port 80. I was talking about a case, when Im using a school computer for example, where I cant use putty etc. or get vpn. Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted May 10, 2011 Share Posted May 10, 2011 I have seen similar problems with an older server where the RAID controller would suddenly lock up. The server just locked up from the point of view of connecting to it as it couldn't write to the disk, though it could output errors to the console and over the network to our syslog server. Do you have another Linux machine on the same network? If so then set up syslog on your laptop/server to send a copy of all its logs to your other Linux machines syslog server. That way when your machine locks up because it can't write to the disk it will still be able to log errors over the network to your other machines syslog server. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.