Posts: 4,143
Threads: 665
Joined: May 2024
My site has been up and running fine for years. All of a sudden this morning, all request that don't have an index.html or index.php are being redirected to 127.0.0.1.
For instance, h*tp://www.mysite.com/website usually goes to h*tp://www.mysite.com/website/index.html (or index.php, if .html is not available).
Now, requests get redirected to 127.0.0.1. So, the above redirects to h*tp://127.0.0.1/website, which does not work, of course.
The site has been fine for years, I have not upgraded the OS - it is at 10.4.11, and no one else has access to change anything but me. I restarted the webserver (but did not restart the server). I checked httpd.conf and it looks fine - both index.html and index.php are in there.
Any other ideas?
Posts: 10,327
Threads: 1,362
Joined: May 2025
Reputation:
0
I'd restart the machine if you have that option. If you haven't changed anything and don't think anyone else has, it may just be a mucked up prefs file or something. Restart the machine, or better yet, restart in safe mode to clear the caches, then restart normally.
let us know how it all works out.
Posts: 31,861
Threads: 708
Joined: Jun 2024
Reputation:
0
There are a lot of different attacks these days. It does not matter if you are the only one with "access" if they are using an injection attack.
Is this 10.4.11 Server? Do you have a backup of all the working website and server files you can restore from?
Posts: 4,143
Threads: 665
Joined: May 2024
Filliam H. Muffman wrote:
There are a lot of different attacks these days. It does not matter if you are the only one with "access" if they are using an injection attack.
Is this 10.4.11 Server? Do you have a backup of all the working website and server files you can restore from?
This is not 10.4.11 server. This is a small departmental website running a Joomla installation. I have an onsite and offsite backup of the important apps and data. We also have a mirror backup of the drive ready to go in case of drive failure.
Thanks for the advice - I'll restart the machine and report back.
Thanks.
sam
Posts: 10,327
Threads: 1,362
Joined: May 2025
Reputation:
0
you may want to check also and see if you're running the most recent Joomla installation with the latest security updates. Major CMS's like Joomla are often the target of hackers, especially if they can find an unpatched security hole or vulnerability that can be exploited across a variety of servers.
Posts: 31,861
Threads: 708
Joined: Jun 2024
Reputation:
0
That info helps. I agree with clay about installing updates.
You might want to look at IP logs. They could have taken part of the server over to send spam or something.
Posts: 4,143
Threads: 665
Joined: May 2024
Thanks for the tips. Fortunately, this is a small departmental webserver that sits behind a firewall - no access without first logging onto a workstation, and no outside access without VPN.
I agree that there are vulnerabilities to consider, and I will look carefully into them, starting with the IP logs.
Thanks for the tips. I told the group I would restart the server early tomorrow morning, and then I will report back here.
Posts: 4,143
Threads: 665
Joined: May 2024
OK. Changed this part of the httpd.conf:
# 127.0.0.1 is the TCP/IP local loop-back address, often named localhost. Your
# machine always knows itself by this address. If you use Apache strictly for
# local testing and development, you may use 127.0.0.1 as the server name.
#
#ServerName new.host.name
ServerName ourhostname.org
Restarted Apache and everything works fine again.
One of the webadmins is looking through the access logs....
Thanks for the advice.
