Home / ubuntu / Questions / 540842
Accepted
Nathan J.B.
Asked: 2014-10-24 20:00:32 +0800 CST

Nginx Suddenly Appeared

  • 772

I've never heard of this happening, so I'm baffled and not sure where to begin debugging.

I'm on 14.04 and have had LAMP installed (as instructed here) for 3-6 months. Today, my laptop rebooted, and when I launched the browser to a localhost domain, I got the following:

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to nginx.org. Commercial support is available at nginx.com.

Thank you for using nginx.

I have no idea how/why nginx is appearing to be used. I've personally never installed it. I did recently do a "software update" via the GUI updater.

My apt/history.log does mention installing nginx, but I did not run that command (I checked my bash history):

Start-Date: 2014-10-18  08:55:48
Commandline: apt-get install nginx
Install: nginx-core:amd64 (1.4.6-1ubuntu3.1, automatic), nginx-common:amd64 (1.4.6-1ubuntu3.1, automatic), nginx:amd64 (1.4.6-1ubuntu3.1)
End-Date: 2014-10-18  08:55:53

Start-Date: 2014-10-18  08:56:01
Commandline: apt-get install uwsgi
Install: libjansson4:amd64 (2.5-2, automatic), libpgm-5.1-0:amd64 (5.1.118-1~dfsg-0.1ubuntu3, automatic), libzmq3:amd64 (4.0.4+dfsg-2, automatic), sqlite3:amd64 (3.8.2-1ubuntu2, automatic), uwsgi-core:amd64 (1.9.17.1-5build5, automatic), uwsgi:amd64 (1.9.17.1-5build5)
End-Date: 2014-10-18  08:56:03

Start-Date: 2014-10-18  08:56:05
Commandline: apt-get install uwsgi-plugin-python
Install: uwsgi-plugin-python:amd64 (1.9.17.1-5build5)
End-Date: 2014-10-18  08:56:05

Start-Date: 2014-10-23  10:40:27
Upgrade: tzdata:amd64 (2014e-0ubuntu0.14.04, 2014i-0ubuntu0.14.04)
End-Date: 2014-10-23  10:40:29

Start-Date: 2014-10-23  10:43:45
Commandline: aptdaemon role='role-commit-packages' sender=':1.858'
Upgrade: libpangoxft-1.0-0:amd64 (1.36.3-1ubuntu1, 1.36.3-1ubuntu1.1), libpangoxft-1.0-0:i386 (1.36.3-1ubuntu1, 1.36.3-1ubuntu1.1), libpango-1.0-0:amd64 (1.36.3-1ubuntu1, 1.36.3-1ubuntu1.1), libpango-1.0-0:i386 (1.36.3-1ubuntu1, 1.36.3-1ubuntu1.1), gir1.2-pango-1.0:amd64 (1.36.3-1ubuntu1, 1.36.3-1ubuntu1.1), libpangocairo-1.0-0:amd64 (1.36.3-1ubuntu1, 1.36.3-1ubuntu1.1), libpangocairo-1.0-0:i386 (1.36.3-1ubuntu1, 1.36.3-1ubuntu1.1), libpangoft2-1.0-0:amd64 (1.36.3-1ubuntu1, 1.36.3-1ubuntu1.1), libpangoft2-1.0-0:i386 (1.36.3-1ubuntu1, 1.36.3-1ubuntu1.1), libpango1.0-0:amd64 (1.36.3-1ubuntu1, 1.36.3-1ubuntu1.1), libpango1.0-0:i386 (1.36.3-1ubuntu1, 1.36.3-1ubuntu1.1)
End-Date: 2014-10-23  10:43:47

Has anyone else experienced this? (Please comment.) Does anyone know why Nginx was suddenly installed and how to get back to where I was at (Apache owning :80)?

Many thanks!

apt

2 Answers

  1. Best Answer

    Since both nginx and apache use port 80, there's a race condition here during start up. If nginx starts up first, Apache fails and vice-versa. So either:

    1. Remove nginx: sudo apt-get remove nginx - better option, since you apparently don't need it.

    2. Change /etc/nginx/sites-available/default so that it doesn't use port 80:

      listen   8080;
# or any unused port
    • 5

  2. It sounds like your machine is compromised. Stop using it. Do not log in to email or banks. It's tough to know how badly you're compromised. Is someone targeting you specifically? Are they just looking for a spam host? A node for ddosing? There may now be software keyloggers capturing every username and password you type. Or maybe just rogue web and mail servers.

    If you already have a livecd, boot from that and nuke the drive(s). You have backups of your data, right? If you don't already have a livecd, decide how paranoid you are. Do you trust your machine to correctly download a livecd? An attacker with root access can spoof secure websites (for users on that machine).

    Of course, there are more benign options, like someone you trust has access to the machine and installed nginx. *shrug*

    • 1