java server causes complete server shutdown

Discussion in 'Java' started by julia, Oct 18, 2004.

  1. julia

    julia Guest

    Hello,

    I am not sure if this is a java problem or a redhat problem.

    I am running a chat server written in java called Bribble. I have
    java2 1.4 installed under Fedora 1. When a client connects to this
    server, at one point or another, several other daemons become
    unresponsive. The httpd, named, sshd servers all stop working. Ping,
    however, remains up. Thus I know the box is still operational. At
    this point, I have to call my ISP to have the box rebooted.

    Does anyone know what could be causing this problem? I find it very
    strange that such a small chat server program could do such damage.
    The chat server is started using: java -server -jar bribble.jar. It
    does some mysql work in the background as well. I have read that this
    may be related to IPv4/IPv6 issues. But I was hoping someone could
    give some insight or pointer to what the problem may be.

    Thanks!
    julia
     
    julia, Oct 18, 2004
    #1
    1. Advertising

  2. julia

    Paul Lutus Guest

    julia wrote:

    > Hello,
    >
    > I am not sure if this is a java problem or a redhat problem.
    >
    > I am running a chat server written in java called Bribble. I have
    > java2 1.4 installed under Fedora 1. When a client connects to this
    > server, at one point or another, several other daemons become
    > unresponsive. The httpd, named, sshd servers all stop working. Ping,
    > however, remains up. Thus I know the box is still operational. At
    > this point, I have to call my ISP to have the box rebooted.
    >
    > Does anyone know what could be causing this problem?


    Yes, I know exactly. It is a problem with your server machine. But for me to
    be more specific, you would have to be more specific.

    > I find it very
    > strange that such a small chat server program could do such damage.
    > The chat server is started using: java -server -jar bribble.jar. It
    > does some mysql work in the background as well. I have read that this
    > may be related to IPv4/IPv6 issues. But I was hoping someone could
    > give some insight or pointer to what the problem may be.


    If, as seems likely, you do not have access to the server's source code and
    are not yourself the programmer responsible for it, and if you are not in a
    position to post the specific server-side error messages, we are not going
    to be able (or perhaps willing) to try to sort it out, because it is simply
    not a Java programming problem as presented.

    --
    Paul Lutus
    http://www.arachnoid.com
     
    Paul Lutus, Oct 18, 2004
    #2
    1. Advertising

  3. julia wrote:

    > Hello,
    >
    > I am not sure if this is a java problem or a redhat problem.
    >
    > I am running a chat server written in java called Bribble. I have
    > java2 1.4 installed under Fedora 1. When a client connects to this
    > server, at one point or another, several other daemons become
    > unresponsive. The httpd, named, sshd servers all stop working. Ping,
    > however, remains up. Thus I know the box is still operational. At
    > this point, I have to call my ISP to have the box rebooted.
    >
    > Does anyone know what could be causing this problem?


    If your server does not exhibit these symptoms over an extended period
    when you are not running the chat server, then very likely your chat
    server is buggy. Have you contacted the developers?

    > I find it very
    > strange that such a small chat server program could do such damage.


    I'm sure I could write a much smaller program that could do much more
    damage. The nature and size of the program are largely irrelevant; if
    it is buggy then it might have all manner of unfortunate effects. One
    thing, though: any program has a much greater potential to cause
    problems if it runs as root. If you are running your chat server that
    way then I strongly recommend that you stop doing so immediately.

    > The chat server is started using: java -server -jar bribble.jar. It


    That tells us almost nothing, I'm afraid.

    > does some mysql work in the background as well. I have read that this
    > may be related to IPv4/IPv6 issues. But I was hoping someone could
    > give some insight or pointer to what the problem may be.


    You haven't given us enough to do more than make wild guesses. Do you
    see anything pertinent in any of the system logs? As what user does the
    program run? Is it started manually, or in some other manner? How long
    does it have to run before problems occur? How much / what kind of
    client activity is required before problems occur? Do the developers
    offer any support? Does the chat server remain usable when the other
    services go down? Indefinitely?


    John Bollinger
     
    John C. Bollinger, Oct 18, 2004
    #3
  4. julia

    julia Guest

    Hi Paul,

    Thanks so much for taking the time to read my post... It is really
    appreciated.

    The server is running Fedora 1 with java2 1.4.2 and I have root access
    so I can send anything you want. I'm not quite sure where to begin.

    I my opinion, the worst part is the fact that this problem causes sshd
    to become unresponsive. named and httpd also become unresponsive, but
    I'll start with sshd. But first I'll check /var/log/messages. There
    are a bunch of these:

    Oct 17 04:28:42 207-234-145-112 sshd(pam_unix)[7359]: check pass; user
    unknown
    Oct 17 04:28:42 207-234-145-112 sshd(pam_unix)[7359]: authentication
    failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
    rhost=140.134.31.166

    I'm assuming that this is some hacker trying to break in at 4AM EST.
    It seems like they never got in, but I'm not an expert, maybe they
    found a way? Everything else in /var/log/messages looks pretty
    normal.

    Then I check /var/log/secure:

    Oct 17 04:28:36 207-234-145-112 sshd[7357]: Illegal user test from
    140.134.31.166
    Oct 17 04:28:40 207-234-145-112 sshd[7357]: Failed password for
    illegal user test from 140.134.31.166 port 2433 ssh2
    Oct 17 04:28:42 207-234-145-112 sshd[7359]: Illegal user guest from
    140.134.31.166

    Ok someone is definitely trying to break in. They *seem* to be
    unsuccessful.

    Is there anymore information I should send?

    Once again, thank you so much for helping. I'm really curious to
    learn how to debug problems like this: problems where there is no hope
    :)

    Best,
    julia

    Paul Lutus <> wrote in message news:<>...
    > julia wrote:
    >
    > > Hello,
    > >
    > > I am not sure if this is a java problem or a redhat problem.
    > >
    > > I am running a chat server written in java called Bribble. I have
    > > java2 1.4 installed under Fedora 1. When a client connects to this
    > > server, at one point or another, several other daemons become
    > > unresponsive. The httpd, named, sshd servers all stop working. Ping,
    > > however, remains up. Thus I know the box is still operational. At
    > > this point, I have to call my ISP to have the box rebooted.
    > >
    > > Does anyone know what could be causing this problem?

    >
    > Yes, I know exactly. It is a problem with your server machine. But for me to
    > be more specific, you would have to be more specific.
    >
    > > I find it very
    > > strange that such a small chat server program could do such damage.
    > > The chat server is started using: java -server -jar bribble.jar. It
    > > does some mysql work in the background as well. I have read that this
    > > may be related to IPv4/IPv6 issues. But I was hoping someone could
    > > give some insight or pointer to what the problem may be.

    >
    > If, as seems likely, you do not have access to the server's source code and
    > are not yourself the programmer responsible for it, and if you are not in a
    > position to post the specific server-side error messages, we are not going
    > to be able (or perhaps willing) to try to sort it out, because it is simply
    > not a Java programming problem as presented.
     
    julia, Oct 19, 2004
    #4
  5. julia

    julia Guest

    Hi John,

    Thanks so much for responding... I really appreciate it.

    I checked /var/log/messages and didn't really find anything out of the
    ordinary, but then again, not too sure what to be looking for. There
    are some people trying to break in to the server as indicated in
    /var/log/secure, but they seem to be unsuccessful.

    The problem starts when a client connects to the server. The server
    can run on its own, listening, for any amount of time. But when a
    client connects, sshd, httpd, named and the chatserver itself all go
    down. I've waited hours, but they never come back.

    I think I'll check the source and see exactly what's happening. I'll
    check back soon.

    Thanks again!
    julia

    "John C. Bollinger" <> wrote in message news:<cl0qih$9cj$>...
    > julia wrote:
    >
    > > Hello,
    > >
    > > I am not sure if this is a java problem or a redhat problem.
    > >
    > > I am running a chat server written in java called Bribble. I have
    > > java2 1.4 installed under Fedora 1. When a client connects to this
    > > server, at one point or another, several other daemons become
    > > unresponsive. The httpd, named, sshd servers all stop working. Ping,
    > > however, remains up. Thus I know the box is still operational. At
    > > this point, I have to call my ISP to have the box rebooted.
    > >
    > > Does anyone know what could be causing this problem?

    >
    > If your server does not exhibit these symptoms over an extended period
    > when you are not running the chat server, then very likely your chat
    > server is buggy. Have you contacted the developers?
    >
    > > I find it very
    > > strange that such a small chat server program could do such damage.

    >
    > I'm sure I could write a much smaller program that could do much more
    > damage. The nature and size of the program are largely irrelevant; if
    > it is buggy then it might have all manner of unfortunate effects. One
    > thing, though: any program has a much greater potential to cause
    > problems if it runs as root. If you are running your chat server that
    > way then I strongly recommend that you stop doing so immediately.
    >
    > > The chat server is started using: java -server -jar bribble.jar. It

    >
    > That tells us almost nothing, I'm afraid.
    >
    > > does some mysql work in the background as well. I have read that this
    > > may be related to IPv4/IPv6 issues. But I was hoping someone could
    > > give some insight or pointer to what the problem may be.

    >
    > You haven't given us enough to do more than make wild guesses. Do you
    > see anything pertinent in any of the system logs? As what user does the
    > program run? Is it started manually, or in some other manner? How long
    > does it have to run before problems occur? How much / what kind of
    > client activity is required before problems occur? Do the developers
    > offer any support? Does the chat server remain usable when the other
    > services go down? Indefinitely?
    >
    >
    > John Bollinger
    >
     
    julia, Oct 19, 2004
    #5
  6. julia

    Paul Lutus Guest

    julia wrote:

    > Hi Paul,
    >
    > Thanks so much for taking the time to read my post... It is really
    > appreciated.
    >
    > The server is running Fedora 1 with java2 1.4.2 and I have root access
    > so I can send anything you want. I'm not quite sure where to begin.
    >
    > I my opinion, the worst part is the fact that this problem causes sshd
    > to become unresponsive. named and httpd also become unresponsive, but
    > I'll start with sshd. But first I'll check /var/log/messages. There
    > are a bunch of these:


    / ...

    > Ok someone is definitely trying to break in. They *seem* to be
    > unsuccessful.


    Okay, please step back for a moment. This is clearly a Linux server security
    and configuration issue. It is not a Java-related issue at all.

    Why not choose a Linux newsgroup to discuss it?

    --
    Paul Lutus
    http://www.arachnoid.com
     
    Paul Lutus, Oct 19, 2004
    #6
  7. julia

    Sudsy Guest

    julia wrote:
    <snip>
    > Oct 17 04:28:36 207-234-145-112 sshd[7357]: Illegal user test from
    > 140.134.31.166
    > Oct 17 04:28:40 207-234-145-112 sshd[7357]: Failed password for
    > illegal user test from 140.134.31.166 port 2433 ssh2
    > Oct 17 04:28:42 207-234-145-112 sshd[7359]: Illegal user guest from
    > 140.134.31.166
    >
    > Ok someone is definitely trying to break in. They *seem* to be
    > unsuccessful.


    So someone at Feng Chia University in Taiwan is trying to "crack" your
    system. Must be some education they're getting... :-(
    Have you checked CERT (<http://www.cert.org>) for vulnerabilities?

    --
    Java/J2EE/JSP/Struts/Tiles/C/UNIX consulting and remote development.
     
    Sudsy, Oct 19, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Xavier Osa
    Replies:
    0
    Views:
    663
    Xavier Osa
    Jan 9, 2004
  2. Dave
    Replies:
    0
    Views:
    910
  3. wurznsepp
    Replies:
    2
    Views:
    4,845
    wurznsepp
    Jan 26, 2004
  4. Replies:
    4
    Views:
    2,603
    Simon
    May 5, 2006
  5. Replies:
    4
    Views:
    3,427
    Brandon McCombs
    Jun 16, 2007
Loading...

Share This Page