Date: Wed, 19 Mar 2003 07:53:54 -0500 From: "Dave [Hawk-Systems]" <dave@hawk-systems.com> To: <freebsd-questions@freebsd.org>, <hwg-servers@hwg.org> Subject: apache exiting signal 11, high request period Message-ID: <DBEIKNMKGOBGNDHAAKGNCENEKHAB.dave@hawk-systems.com>
next in thread | raw e-mail | index | archive | help
Following showed up in our morning security mailer Unusual System Events =-=-=-=-=-=-=-=-=-=-= Mar 19 06:01:00 web1 /kernel: pid 62342 (httpd), uid 65534: exited on signal 11 Mar 19 06:01:00 web1 /kernel: pid 62343 (httpd), uid 65534: exited on signal 11 Mar 19 06:01:00 web1 /kernel: pid 62344 (httpd), uid 65534: exited on signal 11 Mar 19 06:01:01 web1 /kernel: pid 62345 (httpd), uid 65534: exited on signal 11 ... and doing a cat of the /var/log/httpd*.log [Wed Mar 19 06:31:00 2003] [notice] child pid 69197 exit signal Segmentation fault (11) [Wed Mar 19 06:31:00 2003] [notice] child pid 69196 exit signal Segmentation fault (11) [Wed Mar 19 06:31:00 2003] [notice] child pid 69195 exit signal Segmentation fault (11) [Wed Mar 19 06:31:00 2003] [notice] child pid 69194 exit signal Segmentation fault (11) ... Looking at the input and output of the NIC for that period of time, there was a burst of access attempts between 5am-7am (same period covered by the above log anomalies) doing a cat of all the log files for virtual host directories showed the culprit (or suspected culprit at least) [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user cobras not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user loredana not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user steve not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user e not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user horno not found: /members/members.htm ... Now aside from the fact that this schmuck is trying to get in and won't given the password and userid scheme that this hosting client is using(and the method he is using to circumvent this), it does concern me that the httpd process is crashing. Is it just child processes? Is the cause likely the burst of traffic, and if so, is there a tweak to allow apache to weather a volume of requests more successfully? Or is there other mitigating factors that need to be investigated? Server Version: FreeBSD 4.3(with patches) Apache/1.3.19 (Unix) mod_ssl/2.8.2 OpenSSL/0.9.6 PHP/4.2.2 Appreciate any insight. Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DBEIKNMKGOBGNDHAAKGNCENEKHAB.dave>