Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Sign In   
  • Create Account

Subscribe to HRA Now!

 



Are you a Google Analytics enthusiast?

Share and download Custom Google Analytics Reports, dashboards and advanced segments--for FREE! 

 



 

 www.CustomReportSharing.com 

From the folks who brought you High Rankings!



Photo
- - - - -

Can't Make Http Request From The Server


  • Please log in to reply
3 replies to this topic

#1 Scottie

Scottie

    Psycho Mom

  • Admin
  • 6,294 posts
  • Location:Columbia, SC

Posted 18 September 2009 - 02:07 PM

OK, here's the issue.

The server is running Ubuntu (Intrepid Ibix), Apache, MySQL and PHP are all recent and up to date.

We have never been able to run a cron job on this server because all http requests fail. I can run cron from an external server, but not from our own server.

I can't run link checking scripts or other scripts that make an http call back to the server... unless I run them from an external server.

I suspect some sort of Linux firewall setting is causing the issue but am curious as to why it allows external requests but not self requests... I've checked the settings but don't see anything that could be causing the issue.

Any thoughts on where to look or what to edit?

Thanks!

#2 Randy

Randy

    Convert Me!

  • Moderator
  • 17,540 posts

Posted 19 September 2009 - 10:12 AM

Taking a bit of a wild stab, but most of the time it seems to come down to permission issues. I believe by default only root cron jobs get executed. This happens because there is no cron.allow or cron.deny file, so only root has cron execute ability. And of course you do not want root running cron jobs for user level scripts.

A couple of things to check. Look to see if cron.allow exists. If it's there the user who owns the script should appear in there. If there is no cron.allow there at least needs to be a cron.deny, and this file cannot list the user in question. If neither file exists only root is going to have cron ability.

You might be able to get some hints as to what's really happening by having a look at /var/log/auth.log. If the user level crontab is set up correctly, and the user has permission to run cron jobs you should see sessions being opened for that user. If the user isn't authorized you'll see it fail.

As a general rule you won't want to use /etc/crontab for something like this. It's for system wide cron jobs. Instead you'll want a user level cron job. Which is crontab -u username -e where username is the owner of the script. If you need to see the output of a user's cron job you can use something like crontab -u username -l.





#3 Scottie

Scottie

    Psycho Mom

  • Admin
  • 6,294 posts
  • Location:Columbia, SC

Posted 23 September 2009 - 08:35 AM

Love ya, Randy! hug.gif

That gives me some new paths to follow up on; I really want to solve this issue but have not made any headway.

Thanks!

#4 Randy

Randy

    Convert Me!

  • Moderator
  • 17,540 posts

Posted 23 September 2009 - 03:26 PM

Love ya too Scottie. naughty.gif

Well when you get your cron jobs sorted please come over and help me track down the latest little hacker who is trying to exploit a weakness in Apache and Bash in a (vain in my case) attempt to hack one of my servers. I've spent all day on it so far and still haven't figured out how they got in in the first place. Let alone how they're getting a file owned by a user that doesn't even exist on the server to run masking itself as root.

I tell ya though, the simplest things are still the best when it comes to security procedures. Cuz without having my bash set up to email me every time someone successfully SSH's in I'd have never known someone was attempting to exploit this server. Because I had this very simple thing set up I got an immediate notice at 3:53am this morning, so was able to immediately engage them in hand-to-hand combat.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

SPAM FREE FORUM!
 
If you are just registering to spam,
don't bother. You will be wasting your
time as your spam will never see the
light of day!