The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ConfigServer Firewall messed up

Discussion in 'Security' started by sniperscope, Jul 20, 2011.

  1. sniperscope

    sniperscope Well-Known Member

    Joined:
    Apr 5, 2011
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    osaka/ japan
    cPanel Access Level:
    Website Owner
    Hello
    Today i installed cfs as firewall.
    After installing and rebooting server, Program it self works as it should but i found out that all my web sites became 500 internal server error.
    Last 6 hours i am trying to solve this mess.
    So far i uninstall CFS try return original values of whm(i change many option as CSF suggested so i don't remember exactly what option changed)

    Is there any way load default values of WHM.

    I post a new topic into their site about 5 hours ago seems they are just reading posts without any response
     
  2. fi77i

    fi77i Well-Known Member

    Joined:
    Aug 20, 2008
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Uruguay
    cPanel Access Level:
    Root Administrator
    500 server errors are apache internal errors.

    Did you check the apache error log?

    What kind of errors are shown there?

    Paste them here if you can so we can help you better.

    Regards.
     
  3. sniperscope

    sniperscope Well-Known Member

    Joined:
    Apr 5, 2011
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    osaka/ japan
    cPanel Access Level:
    Website Owner
    Hello fi77i
    Thank you for reply. Here is some logs i found.

    messages:Jul 21 03:43:26 server3 init: Id "x" respawning too fast: disabled for 5 minutes
    messages:Jul 21 03:46:13 server3 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=MAC=00:16:36:79:2e:28:00:1f:67:26:a4:8e:08:00 SRC=61.164.117.73 DST=114.179.32.165 LEN=44 TOS=0x00 PREC=0x00 TTL=97 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=1 6384 RES=0x00 SYN URGP=0
    messages:Jul 21 03:48:28 server3 init: Id "x" respawning too fast: disabled for 5 minutes
    messages:Jul 21 03:53:18 server3 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=MAC=00:16:36:79:2e:28:00:1f:67:26:a4:8e:08:00 SRC=122.193.28.66 DST=114.179.32.165 LEN=44 TOS=0x00 PREC=0x00 TTL=102 ID=42353 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
    messages:Jul 21 03:53:29 server3 init: Id "x" respawning too fast: disabled for 5 minutes
    messages:Jul 21 04:13:31 server3 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=MAC=00:16:36:79:2e:28:00:1f:67:26:a4:8e:08:00 SRC=222.136.188.5 DST=114.179.32.165 LEN=44 TOS=0x00 PREC=0x00 TTL=99 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
    messages:Jul 21 04:13:34 server3 init: Id "x" respawning too fast: disabled for 5 minutes
    messages:Jul 21 04:22:59 server3 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=MAC=00:16:36:79:2e:28:00:1f:67:26:a4:8e:08:00 SRC=120.197.0.32 DST=114.179.32.165 LEN=44 TOS=0x00 PREC=0x00 TTL=98 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
    messages:Jul 21 04:23:36 server3 init: Id "x" respawning too fast: disabled for 5 minutes
    messages:Jul 21 04:54:50 server3 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=MAC=00:16:36:79:2e:28:00:1f:67:26:a4:8e:08:00 SRC=212.93.197.177 DST=114.179.32.165 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=47778 DF PROTO=TCP SPT=25551 DPT=4899 WINDOW=65535 RES=0x00 SYN URGP=0
    messages:Jul 21 04:54:53 server3 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=MAC=00:16:36:79:2e:28:00:1f:67:26:a4:8e:08:00 SRC=212.93.197.177 DST=114.179.32.165 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=48161 DF PROTO=TCP SPT=25551 DPT=4899 WINDOW=65535 RES=0x00 SYN URGP=0
    messages:Jul 21 04:54:59 server3 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=MAC=00:16:36:79:2e:28:00:1f:67:26:a4:8e:08:00 SRC=212.93.197.177 DST=114.179.32.165 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=48941 DF PROTO=TCP SPT=25551 DPT=4899 WINDOW=65535 RES=0x00 SYN URGP=0
     
  4. sniperscope

    sniperscope Well-Known Member

    Joined:
    Apr 5, 2011
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    osaka/ japan
    cPanel Access Level:
    Website Owner
    Okay i found something.
    When i delete index.php from any folder then site show up such as image folder or include folder. I can see any folder which has no index file in it.

    However, if i click any php file then i get 500 error.
     
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    What does running "php -v" on the machine do? If you receive any errors in running "php -v" in root SSH command line, please provide that output.

    Next, is this issue happening on all sites on the machine that are trying to run PHP pages? You may want to check the Apache error logs on visiting the page at /usr/local/apache/logs/error_log location, then post the error message received here.
     
  6. sniperscope

    sniperscope Well-Known Member

    Joined:
    Apr 5, 2011
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    osaka/ japan
    cPanel Access Level:
    Website Owner
    Dear Tristan
    Here is output of php-v:

    # php -v
    PHP 5.2.17 (cli) (built: Jul 21 2011 18:11:46)
    Copyright (c) 1997-2010 The PHP Group
    Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
    with eAccelerator v0.9.6.1, Copyright (c) 2004-2010 eAccelerator, by eAccelerator
    with the ionCube PHP Loader v3.3.20, Copyright (c) 2002-2010, by ionCube Ltd., and
    with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies
    with Suhosin v0.9.32.1, Copyright (c) 2007-2010, by SektionEins GmbH

    And Yes, All sites which has php was failed. Html working as it should.
    However, i changed suPHP to fcgi then sites are up

    And here is some portion of log file:

    messages:Jul 21 03:43:26 server3 init: Id "x" respawning too fast: disabled for 5 minutes
    messages:Jul 21 03:46:13 server3 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=MAC=00:16:36:79:2e:28:00:1f:67:26:a4:8e:08:00 SRC=61.164.117.73 DST=114.179.32.165 LEN=44 TOS=0x00 PREC=0x00 TTL=97 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=1 6384 RES=0x00 SYN URGP=0
    messages:Jul 21 03:48:28 server3 init: Id "x" respawning too fast: disabled for 5 minutes
    messages:Jul 21 03:53:18 server3 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=MAC=00:16:36:79:2e:28:00:1f:67:26:a4:8e:08:00 SRC=122.193.28.66 DST=114.179.32.165 LEN=44 TOS=0x00 PREC=0x00 TTL=102 ID=42353 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
    messages:Jul 21 03:53:29 server3 init: Id "x" respawning too fast: disabled for 5 minutes
    messages:Jul 21 04:13:31 server3 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=MAC=00:16:36:79:2e:28:00:1f:67:26:a4:8e:08:00 SRC=222.136.188.5 DST=114.179.32.165 LEN=44 TOS=0x00 PREC=0x00 TTL=99 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
    messages:Jul 21 04:13:34 server3 init: Id "x" respawning too fast: disabled for 5 minutes
    messages:Jul 21 04:22:59 server3 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=MAC=00:16:36:79:2e:28:00:1f:67:26:a4:8e:08:00 SRC=120.197.0.32 DST=114.179.32.165 LEN=44 TOS=0x00 PREC=0x00 TTL=98 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
    messages:Jul 21 04:23:36 server3 init: Id "x" respawning too fast: disabled for 5 minutes
    messages:Jul 21 04:54:50 server3 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=MAC=00:16:36:79:2e:28:00:1f:67:26:a4:8e:08:00 SRC=212.93.197.177 DST=114.179.32.165 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=47778 DF PROTO=TCP SPT=25551 DPT=4899 WINDOW=65535 RES=0x00 SYN URGP=0
    messages:Jul 21 04:54:53 server3 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=MAC=00:16:36:79:2e:28:00:1f:67:26:a4:8e:08:00 SRC=212.93.197.177 DST=114.179.32.165 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=48161 DF PROTO=TCP SPT=25551 DPT=4899 WINDOW=65535 RES=0x00 SYN URGP=0
    messages:Jul 21 04:54:59 server3 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=MAC=00:16:36:79:2e:28:00:1f:67:26:a4:8e:08:00 SRC=212.93.197.177 DST=114.179.32.165 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=48941 DF PROTO=TCP SPT=25551 DPT=4899 WINDOW=65535 RES=0x00 SYN URGP=0
     
  7. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    That log file appears to be /var/log/messages rather than the Apache error log when trying to load up a site on suPHP that wasn't working. The Apache error log is at /usr/local/apache/logs/error_log location.

    This doesn't have anything to do with your firewall for those PHP pages. It would have to do with the PHP handler and whatever errors were being output to the Apache error logs.
     
  8. sniperscope

    sniperscope Well-Known Member

    Joined:
    Apr 5, 2011
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    osaka/ japan
    cPanel Access Level:
    Website Owner
    [Thu Jul 21 16:04:33 2011] [error] [client 115.177.109.189] /usr/bin/php: error while loading shared libraries: libz.so.1: failed to map segment from shared object: Cannot allocate memory
    Error logs show this line and there is thousands of lines exactly like this.
     
  9. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Check if you have RLimitMEM and/or RLimitCPU in your /usr/local/apache/conf/httpd.conf file:

    Code:
    grep -i rlimit /usr/local/apache/conf/httpd.conf
    If you do find those entries, try commenting out the RLimitMEM entry in that file:

    Code:
    #RLimitMEM
    After commenting it out, restart Apache and see if the errors occur again:

    Code:
    /etc/init.d/httpd restart
    If they do not, then remove RLimitMEM entirely or increase the value, then run these commands to keep the change for RLimitMEM updated in httpd.conf (if you don't run these commands after revising RLimitMEM or removing it, it will simply return on the next EasyApache update or Apache rebuild):

    Code:
    cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak110721
    /usr/local/cpanel/bin/apache_conf_distiller --update
    /scripts/rebuildhttpdconf
    /etc/init.d/httpd restart
     
  10. sniperscope

    sniperscope Well-Known Member

    Joined:
    Apr 5, 2011
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    osaka/ japan
    cPanel Access Level:
    Website Owner
    Tristan You are great.
    I removed RLimitMEM and RLimitCPU Now it works.
    Thanks a lot.
     
Loading...

Share This Page