My XOOPS site pacocalderon.net went down at 23:39


It was running OK. Now I can't log in. I get an error 500 message. Most pages show the same problem

I tried repairing the MySQL database, but to no avail.

In my XOOPS root directory I see some funny files: core.8091, core.7887, core.7804, core.7778, etc.

These files were created AFTER the site went down What are they????


Checking the error log I see things like this:
[Wed May 24 01:22:51 2006] [error] [client 201.155.135.67] Premature end of script headers: /home/scintnl/public_html/pacocalderon/xoops/modules/myalbum/photo.php
[Wed May 24 01:22:36 2006] [error] [client 207.248.39.151] Premature end of script headers: /home/scintnl/public_html/pacocalderon/xoops/modules/myalbum/photo.php
[Wed May 24 01:22:29 2006] [error] [client 207.248.39.151] Premature end of script headers: /home/scintnl/public_html/pacocalderon/xoops/modules/myalbum/photo.php
[Wed May 24 01:22:29 2006] [error] [client 71.131.193.80] Premature end of script headers: /home/scintnl/public_html/pacocalderon/xoops/modules/myalbum/photo.php
[Wed May 24 01:22:21 2006] [error] [client 207.248.39.151] Premature end of script headers: /home/scintnl/public_html/pacocalderon/xoops/user.php
[Wed May 24 01:22:07 2006] [error] [client 207.248.39.151] Premature end of script headers: /home/scintnl/public_html/pacocalderon/xoops/user.php
[Wed May 24 01:22:03 2006] [error] [client 201.155.179.79] Premature end of script headers: /home/scintnl/public_html/pacocalderon/xoops/register.php
[Wed May 24 01:22:00 2006] [error] [client 201.155.179.79] Premature end of script headers: /home/scintnl/public_html/pacocalderon/xoops/register.php
[Wed May 24 01:21:51 2006] [error] [client 200.78.4.58] Premature end of script headers: /home/scintnl/public_html/pacocalderon/xoops/modules/newbb/index.php


What went wrong? Please somebody help me

Looks like something dumped. Is this a dedicated server, more info?

hey.. I had 3 sites do the exact same thing yesterday.. the 24th.. whats up.. I put the security patch on after the problem.. but still can access the admin files.. I get a premature end of script error in the log files. It is a dedicated server.. can anyone helpppppppp

sounds more like a server problem.. try doing a safe reboot if u have control of the server..

also this tends to happen when a script is prematurely closed due to resource limitations, low memory, high cpu usage etc..

Hey.. did he reboot thing.. no help, I had the server customer support try to access the admin.php, they can, I had my partner access the files and she can.. it is only from my IP group that the problem exists. I have 3 workstations on the same IP group and they all error 500 and log the Premature end of script headers message. It is in 2 urls, on the same shared domain host. One site has 2 installs of xoops, latest build.. and I get the error on both admin.php files. On the other url, I can access the admin.php for xoops, but not the admin.php for my modules/ipboard. They all have the core.dumps in the roots, only difference is that in the root directory of the XOOPS I can ACCESS, I had a ip deny htacess set to several word press hackers ip's.. and that may have protected the admin.php in that directory.. I can access it... I noticed that in the error log, one of the ip's that was blocked was fishing around in some funny places on my app. so he may have been gathering info to plug into the exploit script... anybody have any ideas... of what may have been hacked... I could sure use access to my admin files again
:O( thanks..

Yeah, it sounds like the scripts are puking (the premature errors) and causing the core dumps. Tricky part is trying to figure out the exact problem, and the Premature End of Script error is oft times not so easy to pin down.

Do you have ssh access to dig around?

hey VSW.. this is the error .. have any ideas..?

/usr/bin/php: relocation error: /usr/bin/php: symbol deflateInit2_, version libmysqlclient_14 not defined in file libmysqlclient.so.14 with link time reference

Quote:

Done any upgrades? (mysql, glibc, php, etc) Have to do some digging on that, but deflate is dealing zlib I believe. Have you recompiled anything lately?

That did the trick...!! Recompiled the Apache and the PHP and back in business. Thanks for your help