i just got a DV server with mediatemple. Here is the basic setup:
- CentOS 5.5 x86_64 (64-bit)
- Apache 2.2.3
- MySQL 5.1.54
- PHP 5.3.5
- Perl 5.8.8
- Ruby 1.8.5
- Plesk Panel 10.4
- YUM package management
i've added mod_pagespeed, and suPHP, but that's about it.
on to the issue.
one of two test sites only loads in chrome (and default android browser), though not in IE or FF (internal server error). the other loads fine in all browsers i tested with. both are in pass-protected directories. visiting either in all browsers leads to password dialogue, but once info is entered, one gives the internal server error in IE and FF.
here's what i see in the httpd error log: (the same prints every time i restart httpd over ssh)
[Fri Feb 24 19:40:51 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Feb 24 19:40:52 2012] [warn] RSA server certificate CommonName (CN) `Parallels Panel' does NOT match server name!?
[Fri Feb 24 19:40:52 2012] [warn] RSA server certificate CommonName (CN) `Parallels Panel' does NOT match server name!?
[Fri Feb 24 19:40:52 2012] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Fri Feb 24 19:40:52 2012] [notice] Digest: generating secret for digest authentication ...
[Fri Feb 24 19:40:52 2012] [notice] Digest: done
[Fri Feb 24 19:40:52 2012] [notice] mod_bw : Memory Allocated 0 bytes (each conf takes 32 bytes)
[Fri Feb 24 19:40:52 2012] [notice] mod_bw : Version 0.8 - Initialized [0 Confs]
[Fri Feb 24 19:40:52 2012] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Fri Feb 24 19:40:52 2012] [warn] RSA server certificate CommonName (CN) `Parallels Panel' does NOT match server name!?
[Fri Feb 24 19:40:52 2012] [warn] RSA server certificate CommonName (CN) `Parallels Panel' does NOT match server name!?
[Fri Feb 24 19:40:52 2012] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Fri Feb 24 19:40:52 2012] [notice] Apache/2.2.19 (Unix) DAV/2 mod_fcgid/2.3.6 PHP/5.3.5 mod_python/3.2.8 Python/2.4.3 mod_ssl/2.2.19 OpenSSL/0.9.8f mod_perl/2.0.4 Perl/v5.8.8 configured -- resuming normal operations
not sure if this is enough info, but is all i could come up with for the time being.
UPDATE: i just also noticed that, when accessing through IE or FF, my antivirus pops up, stating it has detected a 'DNS poisoning attack' - not sure if legitimate, or just a false positive.
UPDATE 2:
ok, the error that popped up for the domain in question:
[error] [client xx.xx.xx.xx] Script timed out before returning headers: index.php.
when i looked it up, it was related to the TimeOut setting in the httpd.conf, which was set at 20. i increased it to 300 (5min), and the site now loads in all 3 browsers.
however, it takes about 1-2 minutes to load essentially plain-text pages in FF and IE, while chrome seems normal.
It appears that the cause of the issue was the site being hacked, and several of the files being infected. For whatever reason, Chrome opened the site fine from the get go.
In any case, I've taken measures to correct the issue, as described in the following few threads:
I am doing this for a client who had not updated the CMS and a few core components for a long time, which is likely how the intrusion, and ensuing infection, occurred.