[thelist] Stupid linux/router problem

Eduardo Kienetz eduardok at gmail.com
Thu Jul 5 21:17:32 CDT 2007

On 7/5/07, Brent Eades <beades at almonte.com> wrote:
> OK, this is probably a little off-topic. But here goes anyway.
> I've been running a personal web server through my DSL connection for
> several years. A few days ago I was hacked by some SOB's who planted a
> rootkit on the server, and kept using the back door to install a
> phishing site on my server. Yikes.
> So anyway; I soon realized that the only way to get rid of this rootkit
> was to reformat my drive and reinstall Linux. I decided to go with
> Fedora Core 6.
> So: traffic to this server (foo.com) is handled by a dLink router
> (address = I've assigned a permanent internal IP, via the
> router, to this server ( and placed it in the DMZ.
> I've reinstalled Apache, of course, and fiddled with KDE's 'network
> configuration' utility.
> And this is where things fall apart. At one point I guess I tried
> entering as the IP address for foo.com in some Linux
> config file.
> And now that I try to start the Apache httpd daemon, I keep getting an
> error: "cannot assign requested address: make sock: could not bind to
> address"
> I thought I'd removed all references to that address,,
> from my system -- apart from httpd.conf, which reads:
> Listen
> Anyway, it's been years since I last had to install a Linux distro; I
> just can't figure out how to get httpd up and running in this context.
> Suggestions?

Run as root: ifconfig eth0
It will show something like: inet addr:X.Y.Z.W
That is the IP you got and the one you should use in httpd.conf
Now, some other software/instance might be using that port already, so run:
netstat -anp | grep LISTEN | grep ":80"
That should show you the process binding to port 80.

Then we would be better able to help you.

In last case, if you run:
ifconfig > /root/info.txt
cat /etc/hosts >> /root/info.txt
cat /etc/httpd/conf/httpd.conf >> /root/info.txt
netstat -anp >> /root/info.txt
route -n >> /root/info.txt

And e-mail-me that info.txt file I could help you (remove any
sensitive info you might find).

P.S.: It would have been interesting if you had ran chkrootkit in that
server before formating/reinstalling (www.chkrootkit.org).
Also, reviewing logs would have probably shown how they got in, where
they are from, etc.


Eduardo Bacchi Kienetz
LPI Certified - Level 2

More information about the thelist mailing list