500 - Internal Server Error

HugoS. · May 2, 2012

My Plesk panel stopped working, returning the error 500.

I've checked:
- the basic files permissions and owner (all OK)
- the is much space available on disk
- the pp10.13.4-bootstrapper/bootstrapper.sh repair finishes with one error on starting drweb
- the log sw-cp-server/error_log shows this errors:

Must be suid root
2012-05-03 02:13:14: (mod_fastcgi.c.1000) the fastcgi-backend /usr/bin/sw-engine-cgi -c /usr/local/psa/admin/conf/php.ini -d auto_prepend_file=auth.php3 -u psaadm failed to start:
2012-05-03 02:13:14: (mod_fastcgi.c.1004) child exited with status 1 /usr/bin/sw-engine-cgi -c /usr/local/psa/admin/conf/php.ini -d auto_prepend_file=auth.php3 -u psaadm
2012-05-03 02:13:14: (mod_fastcgi.c.1007) if you try do run PHP as FastCGI backend make sure you use the FastCGI enabled version.
You can find out if it is the right one by executing 'php -v' and it should display '(cgi-fcgi)' in the output, NOT (cgi) NOR (cli)
For more information check http://www.lighttpd.net/documentation/fastcgi.html#preparing-php-as-a-fastcgi-program
2012-05-03 02:13:14: (mod_fastcgi.c.1012) If this is PHP on Gentoo add fastcgi to the USE flags
2012-05-03 02:13:14: (mod_fastcgi.c.1105) [ERROR]: spawning fcgi failed.
2012-05-03 02:14:42: (connections.c.299) SSL: 1 error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
2012-05-03 02:15:47: (connections.c.299) SSL: 1 error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure

We are running a VPS:
CentOS release 5.6 (Final)
PHP 5.3.3 (cli) (built: Nov 2 2011 23:35:28)
PHP 5.3.3 (cgi-fcgi) (built: Nov 2 2011 23:29:27)
psa-10.4.4-cos5.build1013111102.18

I saw many posts like this, but the given solutions didn't worked out...

Thanks for your time,
HugoS

IgorG · May 2, 2012

Did you check it? http://kb.parallels.com/en/8119

HugoS. · May 3, 2012

Hello IgorS.

I've never thought that it could be a security problem...

Has I see on /etc/logs/secure there is a strange port sniffing, although the mentioned 8880 is quiet...

Since that this IP is from a datacenter in Netherlands (I also have my server at a Netherland datacenter from godaddy) I'll check with them if this tests are being performed by them.

May 3 06:38:08 ip-46-***-***-** sshd[20047]: Invalid user produtch from 91.196.170.231
May 3 06:38:08 ip-46-***-***-** sshd[20047]: reverse mapping checking getaddrinfo for no-record-set.rijndata.nl failed - POSSIBLE BREAK-IN ATTEMPT!
May 3 06:38:08 ip-46-***-***-** sshd[20048]: input_userauth_request: invalid user produtch
May 3 06:38:08 ip-46-***-***-** sshd[20047]: error: Could not get shadow information for NOUSER
May 3 06:38:08 ip-46-***-***-** sshd[20047]: Failed password for invalid user produtch from 91.196.170.231 port 45391 ssh2
May 3 06:38:08 ip-46-***-***-** sshd[20048]: Received disconnect from 91.196.170.231: 11: Bye Bye
May 3 06:38:27 ip-46-***-***-** sshd[20050]: Invalid user produtch from 91.196.170.231
May 3 06:38:27 ip-46-***-***-** sshd[20050]: reverse mapping checking getaddrinfo for no-record-set.rijndata.nl failed - POSSIBLE BREAK-IN ATTEMPT!
May 3 06:38:27 ip-46-***-***-** sshd[20051]: input_userauth_request: invalid user produtch
May 3 06:38:27 ip-46-***-***-** sshd[20050]: error: Could not get shadow information for NOUSER
May 3 06:38:27 ip-46-***-***-** sshd[20050]: Failed password for invalid user produtch from 91.196.170.231 port 34384 ssh2
May 3 06:38:27 ip-46-***-***-** sshd[20051]: Received disconnect from 91.196.170.231: 11: Bye Bye
May 3 06:38:28 ip-46-***-***-** sshd[20052]: Invalid user produtch from 91.196.170.231
May 3 06:38:28 ip-46-***-***-** sshd[20052]: reverse mapping checking getaddrinfo for no-record-set.rijndata.nl failed - POSSIBLE BREAK-IN ATTEMPT!
May 3 06:38:28 ip-46-***-***-** sshd[20053]: input_userauth_request: invalid user produtch
May 3 06:38:28 ip-46-***-***-** sshd[20052]: error: Could not get shadow information for NOUSER
May 3 06:38:28 ip-46-***-***-** sshd[20052]: Failed password for invalid user produtch from 91.196.170.231 port 60034 ssh2
May 3 06:38:28 ip-46-***-***-** sshd[20053]: Received disconnect from 91.196.170.231: 11: Bye Bye
May 3 08:52:58 ip-46-***-***-** sshd[21743]: Invalid user produtch from 91.196.170.231
May 3 08:52:58 ip-46-***-***-** sshd[21743]: reverse mapping checking getaddrinfo for no-record-set.rijndata.nl failed - POSSIBLE BREAK-IN ATTEMPT!
May 3 08:52:58 ip-46-***-***-** sshd[21744]: input_userauth_request: invalid user produtch
May 3 08:52:58 ip-46-***-***-** sshd[21743]: error: Could not get shadow information for NOUSER
May 3 08:52:58 ip-46-***-***-** sshd[21743]: Failed password for invalid user produtch from 91.196.170.231 port 45909 ssh2
May 3 08:52:58 ip-46-***-***-** sshd[21744]: Received disconnect from 91.196.170.231: 11: Bye Bye
May 3 08:53:17 ip-46-***-***-** sshd[21746]: Invalid user produtch from 91.196.170.231
May 3 08:53:17 ip-46-***-***-** sshd[21746]: reverse mapping checking getaddrinfo for no-record-set.rijndata.nl failed - POSSIBLE BREAK-IN ATTEMPT!
May 3 08:53:17 ip-46-***-***-** sshd[21747]: input_userauth_request: invalid user produtch
May 3 08:53:17 ip-46-***-***-** sshd[21746]: error: Could not get shadow information for NOUSER
May 3 08:53:17 ip-46-***-***-** sshd[21746]: Failed password for invalid user produtch from 91.196.170.231 port 42047 ssh2
May 3 08:53:17 ip-46-***-***-** sshd[21747]: Received disconnect from 91.196.170.231: 11: Bye Bye
May 3 08:53:18 ip-46-***-***-** sshd[21748]: Invalid user produtch from 91.196.170.231

This could cause the shutdown?

Regards,
HugoS

HugoS. · May 8, 2012

You took it all wrong...

i live in italy and my server is under dos attack from your ip
91.196.170.231

That is not my IP.... I'm also beeing attacked from that IP...

Regards,
HS

500 - Internal Server Error

HugoS.

Guest

IgorG

Plesk addicted!

HugoS.

Guest

HugoS.

Guest

Similar threads