From owner-freebsd-questions Thu Aug 1 16:32:32 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E2C6237B400 for ; Thu, 1 Aug 2002 16:32:27 -0700 (PDT) Received: from smtp.a1poweruser.com (oh-chardon6a-62.clvhoh.adelphia.net [68.65.175.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D28A43E65 for ; Thu, 1 Aug 2002 16:32:27 -0700 (PDT) (envelope-from barbish@a1poweruser.com) Received: from barbish (lanwin1 [10.0.10.6]) by smtp.a1poweruser.com (Postfix) with SMTP id BFD1E31; Thu, 1 Aug 2002 19:36:09 -0400 (EDT) Reply-To: From: "Joe & Fhe Barbish" To: "Mohsin Rahman" Cc: "FBSDQ" Subject: RE: Very High HTTPD Usage (Pls help, was urgent) Date: Thu, 1 Aug 2002 19:32:25 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG There is a new security hole in apache that was announced in 1st week of July. You may be under attack. Update your apache to 1.3.26_3 -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Mohsin Rahman Sent: Thursday, August 01, 2002 5:45 PM To: lists@brenius.com Cc: William Palfreman; questions@FreeBSD.ORG Subject: Re: Very High HTTPD Usage (Pls help, was urgent) try "sockstat" to see if there is an IP pattern. Could it be that you are getting hit hard w/ nimda and the like? check you access-logs. Try putting this in your httpd.conf, doing a configtest and then keep an eye on the virus_log file. SetEnvIf Request_URI \.exe$ microsoft_bs SetEnvIf Request_URI \.dll$ microsoft_bs SetEnvIf Request_URI \.default.ida$ microsoft_bs CustomLog /logs/virus_log combined env=microsoft_bs If you have PHP support built into apache, set a max_execution time in php.ini and keep us posted. Good luck! Mohsin AbdulRahman MTech@BuffNET.Net On Thu, 1 Aug 2002 lists@brenius.com wrote: > Hello Bill, you wrote: > > I'm getting the same thing with my Slash installation every day about 2 > > o'clock in the morning. Except for me it is a perl process that is > > wreaking havoc, swallowing all the swap then getting killed off by the > > OS. > > We are still trying to track down the problem, but so far to temporarily > the kill the sucker, we did the following: > > -Sendmail died, because the load went over 12.##. > > -/usr/local/apache/bin/ > -./apachectl retart > > That taimed it down for the time being. > > Then another FreeBSD server, we had an httpd process hoovering around > 97% while looking at a "top". > > Did the same as above and that slowed things down to near normal. > > > As for you, are you doing anything funny with your webserver? > > Not out of the ordinary. Apache 1.3.26, PHP 4.2.1, mySQL 3.23.51...(or close) > > Well things have settled down, but I would really like to track down the problem. > > Thank you. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message