Lots of OpenSSL errors in log

V

vod

Verified User
Joined
Oct 25, 2005
Messages
129
Hi All,

I have lots of such errors in my apache error_log and ssl_request_log.

[26/Dec/2005 22:51:52 01347] [error] SSL handshake failed (server localhost:443, client xx.xxx.xx.xxx) (OpenSSL library error follows)
[26/Dec/2005 22:51:52 01347] [error] OpenSSL: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

Here is my apache information:
Apache/1.3.34 (Unix) mod_ssl/2.8.25 OpenSSL/0.9.8a PHP/4.4.0 mod_perl/1.29 FrontPage/5.0.2.2510

Any idea whats the problem and how can i fix this?

thanks
 
Can you log in with ssh?

Does apache work?

These are probably errors caused by hack attempts.

Jeff
 
Hi Jeff,

Can you log in with ssh?
Click to expand...
Yep. without problem

Does apache work?
Click to expand...
yes. apache works perfectly allright except random errors when accessing SSL pages. Not very often though and when such erorr occured, the log will have the rror i posted earlier.

These are probably errors caused by hack attempts.
Click to expand...
oh my god. what should i do now? :confused:

thanks
 
Probably nothing.

Every server on the 'net gets hundreds/thousands of hack attempts per day.

You should make sure your sshd daemon doesn't allow version 1 connections, and make sure certain users can't log in.

For example, if you make sure Root can't log in, but instead log in as either admin, or your own username, and then su to root, you're making your system a lot safer.

Of course make sure you use a random password for admin, instead of something easy to remember and easy to guess.

For example, jSKe82ux (which isn't really random, but it's close enough) would be agreat admin password if it weren't published here (you should never use a set of characters published anywhere as a password).

Jeff
 
yep. already did that and even changed ssh port.

so far i did not see any attempts to login to my box from other IPs except from our workplace.

what i am interested in is what the error really mean and how to solve it. it happens randomly. sometimes it happens when i login to squirrelmail, click on lnavigation link within squirrelmail and logout from squirrelmail.
 
I looked at your post again, and not as quickly this time.

I misread it the first time.

It's probably malformed browser requests, perhaps from automatic bots trying to break into your server.

Jeff
 
You must log in or register to reply here.
Back
Top