cgi script suddenly stopped working

alexismya

alexismya

Verified User
Joined
Jan 8, 2005
Messages
11
Location
Virginia
I have a cgi script that logs my visits for my main account and a website I host. Both have gone down and I have done nothing to my server to cause this. I have rebooted the server hoping this will fix the problem. Can anyone help me? Thank you.

As an update, I have another cgi script running on my same website and it is working fine. It is just one cgi script that does not work.
 
Last edited:
Take a look Here and see if that helps. If not post the suexec_log and the error log entries for that script, and see what we can find.
 
Thanks for your help, but this script was working properly for almost a year and today it is not working for mine or my subdomain. I contacted Support and they sent me this message:

Can you please update us on the changes that you made with the apache and php settings. It seems like suexec doc root is pointing to / of the server and hence the error.

I don't understand what they are asking. I positively did not do a thing to the server. All I do is access my php database and enter in info. I have done nothing else. Can someone tell me what the tech is trying to tell me?
 
Here is the apache error log

Sun Sep 25 03:08:07 2005] [notice] Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7a PHP/4.3.10 mod_perl/1.29 FrontPage/5.0.2.2510 configured -- resuming normal operations
[Sun Sep 25 03:08:07 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Sep 25 03:08:07 2005] [notice] Accept mutex: sysvsem (Default: sysvsem)
[Mon Sep 26 00:12:02 2005] [warn] child process 16544 still did not exit, sending a SIGTERM
[Mon Sep 26 00:12:03 2005] [warn] child process 16608 still did not exit, sending a SIGTERM
[Mon Sep 26 00:12:03 2005] [warn] child process 16928 still did not exit, sending a SIGTERM
[Mon Sep 26 00:12:03 2005] [warn] child process 28026 still did not exit, sending a SIGTERM
[Mon Sep 26 00:12:03 2005] [warn] child process 28320 still did not exit, sending a SIGTERM
[Mon Sep 26 00:12:03 2005] [warn] child process 20897 still did not exit, sending a SIGTERM
[Mon Sep 26 00:12:07 2005] [notice] caught SIGTERM, shutting down
[Mon Sep 26 00:12:10 2005] [notice] Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7a PHP/4.3.10 mod_perl/1.29 FrontPage/5.0.2.2510 configured -- resuming normal operations
[Mon Sep 26 00:12:10 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Sep 26 00:12:10 2005] [notice] Accept mutex: sysvsem (Default: sysvsem)
[Mon Sep 26 15:02:30 2005] [notice] caught SIGTERM, shutting down
[Mon Sep 26 15:03:37 2005] [notice] Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7a PHP/4.3.10 mod_perl/1.29 FrontPage/5.0.2.2510 configured -- resuming normal operations
[Mon Sep 26 15:03:37 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Sep 26 15:03:37 2005] [notice] Accept mutex: sysvsem (Default: sysvsem)
[Mon Sep 26 17:01:24 2005] [notice] caught SIGTERM, shutting down
[Mon Sep 26 17:01:58 2005] [notice] Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7a PHP/4.3.10 mod_perl/1.29 FrontPage/5.0.2.2510 configured -- resuming normal operations
[Mon Sep 26 17:01:58 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Sep 26 17:01:58 2005] [notice] Accept mutex: sysvsem (Default: sysvsem)
 
Here is the suexec log

[2005-09-26 19:56:46]: crit: calling user mismatch (root instead of apache)
[2005-09-26 19:57:02]: crit: calling user mismatch (root instead of apache)
[2005-09-26 19:57:02]: crit: calling user mismatch (root instead of apache)
[2005-09-26 19:57:13]: crit: calling user mismatch (root instead of apache)
[2005-09-26 19:58:44]: crit: calling user mismatch (root instead of apache)
[2005-09-26 19:58:58]: crit: calling user mismatch (root instead of apache)
[2005-09-26 19:59:53]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:00:36]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:01:43]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:03:47]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:08:01]: alert: too few arguments
[2005-09-26 20:08:07]: alert: too few arguments
[2005-09-26 20:08:26]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:11:05]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:12:48]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:14:26]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:15:44]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:17:21]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:18:03]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:18:18]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:18:49]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:19:21]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:19:40]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:20:57]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:21:00]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:21:19]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:21:27]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:21:38]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:21:59]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:22:13]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:22:15]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:22:40]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:22:45]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:30:11]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:31:39]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:32:13]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:35:39]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:37:24]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:38:39]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:39:04]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:39:04]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:50:38]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:50:38]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:54:38]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:55:55]: crit: calling user mismatch (root instead of apache)
[2005-09-26 20:56:39]: crit: calling user mismatch (root instead of apache)
[2005-09-26 21:05:56]: crit: calling user mismatch (root instead of apache)
[2005-09-26 21:06:15]: crit: calling user mismatch (root instead of apache)
[2005-09-26 21:07:02]: crit: calling user mismatch (root instead of apache)
[2005-09-26 21:07:16]: crit: calling user mismatch (root instead of apache)
 
DA support wrote you:
Can you please update us on the changes that you made with the apache and php settings. It seems like suexec doc root is pointing to / of the server and hence the error.
Click to expand...
They're telling you that suexec doc root has been changed to point to the / (server root) directory.

If you didn't change it then someone else did; perhaps a hacker?

This sounds like something a hacker might to do gain access to a whole server.

Jeff
 
you said:

This sounds like something a hacker might to do gain access to a while server.

What does that mean? What is a while server?

What can they do with the info?

How did it happen?

Why does my Ikonboard forum work as that is in the same cgi bin?

What can the hacker do with this info?

I have a password on my cgi script tracking program so how could this of happened?

Can they fix it?
 
The DOC_ROOT of suexec should be set to / as far as DA is concerened. The line:
Code: 
--suexec-docroot=/
in configure.apache_ssl tells it to use that as the doc root. The problem is that root is trying to call suexec, and it should not be. I would take a look at the user httpd is running as. Make sure it is apache and not root. If it is root, you will need to change the user in /etc/httpd/conf/httpd.conf.
 
Hello. DA fixed the problem. Told me that my permissions were wong with Suexec but my question is how did my script work for a year and then one day stop working? They said it had nothing to do with a hacker.
 
Maybe you can help me with a question I have had about my account. Since Sept 11th I have received this error message in my service messages:

The service 'vm-pop3d' on server host.yourmilitary.com is currently down

What is vm-pop3d?
 
alexismya said:
you said:

This sounds like something a hacker might to do gain access to a while server.

What does that mean? What is a while server?
Click to expand...
It means I made a typo; I should have written "whole server".

Sorry.

I'm glad to hear that DA staff looked at your server and was able to find the problem.

They found it quickly because they were able to log in and they knew what to look for.

That's always an advantage :) .

Jeff
 
You must log in or register to reply here.
Back
Top