Re: [users@httpd] apache attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Apache 2+
Linux Kernel version?

crontab -e
0 * * * * * analog -f /var/logs/access_log

keep backups of the logs, saved to non-user
owned map, rotating
logname=log`date +%d%m%y%H%M%S


----- Original Message -----
From: "seb hould" <apache.ml@xxxxxxxxx>
To: <users@xxxxxxxxxxxxxxxx>
Sent: Tuesday, March 29, 2005 2:18 PM
Subject: [users@httpd] apache attack


> I believe I was recently attacked but still there seems to be
> something missing.  Yesterday my web server went pretty slow at a
> certain point.   When I checked my Linux process list there we're
> roughly 10 times as much processes as usual (maxed from the apache
> configs) and Apache was killing the oldest processes.  This is not
> normal traffic, and I for sure thought I was either attacked or
> someone made a very bad script.  Strangely enough, there are
> absolutely no sign of additional requests in the apache logfile.  By
> looking at the file there are no more traffic at the time of the
> incident than in normal circumstances.  There ain't no sign of a bad
> script (same source IP, same URI).  So I'm supposing it was a DOS
> attack but can someone explain why it wouldn't show up in the logs.
> Is it that we recieved so many requests all at the same time and
> Apache wasn't able to process them ?  The load average on my server
> went over 33 and the MySQL server was also quite busy (it is located
> on another server).
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux