On Tue, 22 May 2012, Bill Unruh wrote:
Madriva 2010.2 running httpd apache 2.2.22I am having trouble with httpd requests staying active and multiplying. I just came off having 160 versions of httpd running and completely slowingdown the system. I upgraded to 2.2.22 and it still happens (it went from the normal 10 servers running to 15 in about a 1/2 hour.) According to the start times, these seem to be associated with totally bizarre requests from google (forged addresses?) Eg, here is one entry from the ps auxww listapache 18137 0.0 0.5 26844 5744 ? S 09:34 0:00 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DAPACHE2 -DHAVE_PERL -DHAVE_PHP5 -DHAVE_ACTIONS -DHAVE_ALIAS -DHAVE_ASIS -DHAVE_AUTH_BASIC -DHAVE_AUTH_DIGEST -DHAVE_AUTHN_ALIAS -DHAVE_AUTHN_ANON -DHAVE_AUTHN_DBM -DHAVE_AUTHN_DEFAULT -DHAVE_AUTHN_FILE -DHAVE_AUTHZ_DBM -DHAVE_AUTHZ_DEFAULT -DHAVE_AUTHZ_GROUPFILE -DHAVE_AUTHZ_HOST -DHAVE_AUTHZ_OWNER -DHAVE_AUTHZ_USER -DHAVE_AUTOINDEX -DHAVE_BUCKETEER -DHAVE_CASE_FILTER -DHAVE_CASE_FILTER_IN -DHAVE_CERN_META -DHAVE_CGI -DHAVE_CGID -DHAVE_CHARSET_LITE -DHAVE_DIR -DHAVE_DUMPIO -DHAVE_ECHO -DHAVE_ENV -DHAVE_EXAMPLE -DHAVE_EXPIRES -DHAVE_EXT_FILTER -DHAVE_FILTER -DHAVE_HEADERS -DHAVE_IDENT -DHAVE_IMAGEMAP -DHAVE_INCLUDE -DHAVE_INFO -DHAVE_LOG_CONFIG -DHAVE_LOG_FORENSIC -DHAVE_LOGIO -DHAVE_MIME -DHAVE_MIME_MAGIC -DHAVE_NEGOTIATION -DHAVE_OPTIONAL_FN_EXPORT -DHAVE_OPTIONAL_FN_IMPORT -DHAVE_OPTIONAL_HOOK_EXPORT -DHAVE_OPTIONAL_HOOK_IMPORT -DHAVE_REWRITE -DHAVE_SETENVIF -DHAVE_SPELING -DHAVE_SSL -DHAVE_STATUS -DHAVE_SUBSTITUTE -DHAVE_SUEXEC -DHAVE_UNIQUE_ID -DHAVE_USERTRACK -DHAVE_VERSION -DHAVE_VHOST_ALIASAt that time in the access_log I have a whole bunch of entries like: : 1 - - [22/May/2012:09:34:22 -0700] "OPTIONS * HTTP/1.0" 200 - "-" : : "Apache/2.2.22 (Mandriva Linux/PREFORK-0.1mdv2010.2) (internal dummy : : connection)"In the past I have also had connections like 66.249.68.198 - - [22/May/2012:09:35:25 -0700] "GET /aggregator/www.umsl.edu/~keelr/010/www.twitter.com/www.iaea.org/Publications/Documents/Board/2008/www.environment-agency.gov.uk/homeandleisure/floods/node/www.guardian.co.uk/business/2012/feb/21/node/node/22?page=11 HTTP/1.1" 200 58609 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"associated with the times of the startup of those persistant connections. This looks to be a totally bizzare GET. since that address certainly has nothing todo with my site. In the error log around that time I get nothing that looks suspicious[Tue May 22 09:31:54 2012] [error] [client 119.63.196.27] File does not exist: /usr/local/http/htdocs/robots.txt [Tue May 22 09:32:25 2012] [error] [client 86.68.18.171] File does not exist: /usr/local/http/htdocs/favicon.ico [Tue May 22 09:36:47 2012] [error] [client 89.144.206.157] File does not exist: /usr/local/http/htdocs/thirdman/reichs/blank.gif, referer: http://axion.physics.ubc.ca/thirdman/reichs/reichsbruecke.htm
OK, I have closed down that virtual host I had set up ( which was the source of those aggregator web page requests), but I am still getting the same problems. It starts out with 9 copies of httpd daemon running. After a fewhours it is up to 15 or 20. I have no idea what is causing this. I have now put in a cron job which checks every 10 min and if it finds more
than 24 instances of httpd running, it restarts httpd (service httpd restart)But this is clearly a horrible kludge. Is there any way I can figure out what is triggering these versions of httpd
to be piling up? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|