Date: Thu, 1 Aug 2002 19:32:25 -0400 From: "Joe & Fhe Barbish" <barbish@a1poweruser.com> To: "Mohsin Rahman" <mtech@buffnet.net> Cc: "FBSDQ" <questions@FreeBSD.ORG> Subject: RE: Very High HTTPD Usage (Pls help, was urgent) Message-ID: <MIEPLLIBMLEEABPDBIEGCEDFCHAA.barbish@a1poweruser.com> In-Reply-To: <Pine.BSF.4.05.10208011738110.64674-100000@buffnet5.buffnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
There is a new security hole in apache that was announced in 1st week of July. You may be under attack. Update your apache to 1.3.26_3 -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Mohsin Rahman Sent: Thursday, August 01, 2002 5:45 PM To: lists@brenius.com Cc: William Palfreman; questions@FreeBSD.ORG Subject: Re: Very High HTTPD Usage (Pls help, was urgent) try "sockstat" to see if there is an IP pattern. Could it be that you are getting hit hard w/ nimda and the like? check you access-logs. Try putting this in your httpd.conf, doing a configtest and then keep an eye on the virus_log file. SetEnvIf Request_URI \.exe$ microsoft_bs SetEnvIf Request_URI \.dll$ microsoft_bs SetEnvIf Request_URI \.default.ida$ microsoft_bs CustomLog /logs/virus_log combined env=microsoft_bs If you have PHP support built into apache, set a max_execution time in php.ini and keep us posted. Good luck! Mohsin AbdulRahman MTech@BuffNET.Net On Thu, 1 Aug 2002 lists@brenius.com wrote: > Hello Bill, you wrote: > > I'm getting the same thing with my Slash installation every day about 2 > > o'clock in the morning. Except for me it is a perl process that is > > wreaking havoc, swallowing all the swap then getting killed off by the > > OS. > > We are still trying to track down the problem, but so far to temporarily > the kill the sucker, we did the following: > > -Sendmail died, because the load went over 12.##. > > -/usr/local/apache/bin/ > -./apachectl retart > > That taimed it down for the time being. > > Then another FreeBSD server, we had an httpd process hoovering around > 97% while looking at a "top". > > Did the same as above and that slowed things down to near normal. > > > As for you, are you doing anything funny with your webserver? > > Not out of the ordinary. Apache 1.3.26, PHP 4.2.1, mySQL 3.23.51...(or close) > > Well things have settled down, but I would really like to track down the problem. > > Thank you. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGCEDFCHAA.barbish>