From owner-freebsd-security@FreeBSD.ORG Sun Sep 28 19:27:55 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 09CF916A4B3 for ; Sun, 28 Sep 2003 19:27:55 -0700 (PDT) Received: from mail.silverwraith.com (66-214-182-79.la-cbi.charterpipeline.net [66.214.182.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4516F43FE9 for ; Sun, 28 Sep 2003 19:27:54 -0700 (PDT) (envelope-from avleen@silverwraith.com) Received: from avleen by mail.silverwraith.com with local (Exim 4.22) id 1A3nlR-000Hmz-S5 for security@freebsd.org; Sun, 28 Sep 2003 19:27:53 -0700 Date: Sun, 28 Sep 2003 19:27:53 -0700 From: Avleen Vig To: security@freebsd.org Message-ID: <20030929022753.GC334@silverwraith.com> References: <20030928235939.GH629@hermes.home.paeps.cx> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030928235939.GH629@hermes.home.paeps.cx> User-Agent: Mutt/1.5.4i Sender: Avleen Vig Subject: Re: Apache under attack and eating resources? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Sep 2003 02:27:55 -0000 On Mon, Sep 29, 2003 at 01:59:39AM +0200, Philip Paeps wrote: > This might be more related to an Apache-security list, but as the machine is > running FreeBSD, I thought I'd ask here first. > > In the last two weeks, I've been seeing some very strange errors in my logs a > few times daily around the same times. While this happens, load averages go > through the roof (I've seen 36+, which is outragous), and the machine becomes > very unresponsive. > > First there's a few million of these: [snip] Are you running any CGI's, or other server-side scripts? Bugs in your scripts could cause things like this, and make it look like it's apache which is at fault.