Wouldn't worry too much, the world is full of scan scripts, both good, and some bad.Dear all, I'm the system admin of a web server and I found these errors in my apache logs: [Tue Feb 07 10:35:08 2012] [warn] (43)Identifier removed: Failed to release SSL session cache lock [Tue Feb 07 10:36:04 2012] [warn] (43)Identifier removed: Failed to acquire SSL session cache lock [Tue Feb 07 10:36:04 2012] [warn] (43)Identifier removed: Failed to release SSL session cache lock [Tue Feb 07 10:36:05 2012] [warn] child process 21599 still did not exit, sending a SIGTERM [Tue Feb 07 10:36:06 2012] [notice] caught SIGTERM, shutting down also some traces of Dfind web scanner: [Mon Feb 06 05:54:01 2012] [error] [client 88.46.75.27] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
I have added a rule into my iptables to block this and so far so good However I don't know how these "failed to release SSL session cache lock" managed to bring my apache server down and if they are somehow related to these Dfind scans.
Attachment:
signature.asc
Description: This is a digitally signed message part
|