[users@httpd] Strange user-agents and requests causing Apache processes to explode!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Greets to all!
I apologize in advance if I am violating some ettiquettes with regards to this mailing list - I joined specifically because I have been experiencing some strange behavior that is disrupting my server.
I've included three chunks of my server log that chronicle the requests that relate to my problem, each one with some different information. These are located at the end of my message (probably should be left out of any replies)
Essentially, what is happening is some kind of a request is causing my server's Apache's processes to mushroom in size - going from a normal 15 - 30 MB all the way up to 140+MB
And with 10 - 20 Apache processes running on a system with 1GB of RAM, this can be a problem. : -D
The requests are occurring with a custom download script that I have written, through which ALL download requests occur. I've optimized it to use very little memory by reading in the files in small chunks. I rarely have any problems except with requests that follow a specific pattern. I thought the problem was in my script, but I highly doubt it because I cannot duplicate it myself - plus "normal" requests, even a barrage of them, trigger no issues whatsoever.
I was previously running Apache 2.0.52, but after reading up on it, I discovered there was a security hole that caused a problem similar to what I was having: 

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942
So I upgraded to the latest release (2.0.54) - and I'm STILL having the same problem.
The requests usually have a User-Agent string of the following: "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)". This is easy enough to BrowserMatch out with an environmental variable, but not in every case does this work.
I think I've talked enough, so I want to see if anyone else is experiencing the same problem or not.
84.97.70.235 - - [21/Apr/2005:03:10:05 -0500] "GET /download.php?reciter=2&title=020.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:06 -0500] "GET /download.php?reciter=2&title=021.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:07 -0500] "GET /download.php?reciter=2&title=022.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:08 -0500] "GET /download.php?reciter=2&title=023.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:11 -0500] "GET /download.php?reciter=2&title=024.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:12 -0500] "GET /download.php?reciter=2&title=025.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:13 -0500] "GET /download.php?reciter=2&title=026.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:15 -0500] "GET /download.php?reciter=2&title=027.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:16 -0500] "GET /download.php?reciter=2&title=028.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:18 -0500] "GET /download.php?reciter=2&title=029.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:22 -0500] "GET /download.php?reciter=2&title=030.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:23 -0500] "GET /download.php?reciter=2&title=031.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:24 -0500] "GET /download.php?reciter=2&title=032.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:25 -0500] "GET /download.php?reciter=2&title=033.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:28 -0500] "GET /download.php?reciter=2&title=034.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:30 -0500] "GET /download.php?reciter=2&title=035.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:31 -0500] "GET /download.php?reciter=2&title=036.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:32 -0500] "GET /download.php?reciter=2&title=037.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:33 -0500] "GET /download.php?reciter=2&title=038.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:34 -0500] "GET /download.php?reciter=2&title=039.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:36 -0500] "GET /download.php?reciter=2&title=040.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:37 -0500] "GET /download.php?reciter=2&title=041.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:38 -0500] "GET /download.php?reciter=2&title=042.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:39 -0500] "GET /download.php?reciter=2&title=043.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:39 -0500] "GET /download.php?reciter=2&title=044.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:40 -0500] "GET /download.php?reciter=2&title=045.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:41 -0500] "GET /download.php?reciter=2&title=046.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:43 -0500] "GET /download.php?reciter=2&title=002.mp3 HTTP/1.1" 416 395 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:43 -0500] "GET /download.php?reciter=2&title=002.mp3 HTTP/1.1" 416 395 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" 84.97.70.235 - - [21/Apr/2005:03:10:43 -0500] "GET /download.php?reciter=2&title=002.mp3 HTTP/1.1" 416 395 "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
80.125.64.106 - - [23/Apr/2005:15:16:38 -0500] "GET /download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 52587960 "-" "FreshDownload/4.40" 80.125.64.106 - - [23/Apr/2005:15:15:58 -0500] "GET /download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 26293981 "-" "FreshDownload/4.40" 80.125.64.106 - - [23/Apr/2005:15:15:58 -0500] "GET /download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 78881939 "-" "FreshDownload/4.40" 80.125.64.106 - - [23/Apr/2005:15:15:58 -0500] "GET /download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 105175918 "-" "FreshDownload/4.40" 80.125.64.106 - - [23/Apr/2005:15:20:03 -0500] "GET /download.php?reciter=1&title=111.mp3 HTTP/1.1" 200 578038 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)" 80.125.64.106 - - [23/Apr/2005:15:16:37 -0500] "GET /download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 105175918 "-" "FreshDownload/4.40" 80.125.64.106 - - [23/Apr/2005:15:17:14 -0500] "GET /download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 78881939 "-" "FreshDownload/4.40" 80.125.64.106 - - [23/Apr/2005:15:16:37 -0500] "GET /download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 78881939 "-" "FreshDownload/4.40" 80.125.64.106 - - [23/Apr/2005:15:17:14 -0500] "GET /download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 52587960 "-" "FreshDownload/4.40" 80.125.64.106 - - [23/Apr/2005:15:17:14 -0500] "GET /download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 26293981 "-" "FreshDownload/4.40" 80.125.64.106 - - [23/Apr/2005:15:17:14 -0500] "GET /download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 105175918 "-" "FreshDownload/4.40" 193.251.8.224 - - [23/Apr/2005:15:22:19 -0500] "GET /download.php?reciter=9&title=009.mp3 HTTP/1.1" 200 50000 "http://www.hidayahonline.org/?page=audio&reciter=9"; "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 193.251.8.224 - - [23/Apr/2005:15:22:24 -0500] "GET /download.php?reciter=9&title=009.mp3 HTTP/1.1" 200 50000 "-" "Windows-Media-Player/9.00.00.3250" 80.125.64.106 - - [23/Apr/2005:15:19:07 -0500] "GET /download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 26293981 "-" "FreshDownload/4.40" 80.125.64.106 - - [23/Apr/2005:15:17:53 -0500] "GET /download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 52587960 "-" "FreshDownload/4.40" 80.125.64.106 - - [23/Apr/2005:15:17:53 -0500] "GET /download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 78881939 "-" "FreshDownload/4.40" 80.125.64.106 - - [23/Apr/2005:15:17:53 -0500] "GET /download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 105175918 "-" "FreshDownload/4.40" 80.125.64.106 - - [23/Apr/2005:15:19:07 -0500] "GET /download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 105175918 "-" "FreshDownload/4.40"
202.152.172.1 - - [24/Apr/2005:11:43:15 -0500] "GET /download.php?reciter=2&title=003.ogg HTTP/1.1" 206 12186804 "-" "DA 5.5" 202.152.172.1 - - [24/Apr/2005:11:40:54 -0500] "GET /download.php?reciter=1&title=003.ogg HTTP/1.1" 206 75769833 "-" "DA 5.5" 202.152.172.1 - - [24/Apr/2005:11:46:00 -0500] "GET /download.php?reciter=1&title=002.ogg HTTP/1.1" 206 30064471 "-" "DA 5.5" 202.152.172.1 - - [24/Apr/2005:11:39:33 -0500] "GET /download.php?reciter=2&title=004.ogg HTTP/1.1" 206 14488897 "-" "DA 5.5" 202.152.172.1 - - [24/Apr/2005:11:10:58 -0500] "GET /download.php?reciter=2&title=003.ogg HTTP/1.1" 206 14202189 "-" "DA 5.5" 202.152.172.1 - - [24/Apr/2005:11:44:29 -0500] "GET /download.php?reciter=1&title=002.ogg HTTP/1.1" 206 29758105 "-" "DA 5.5" 202.152.172.1 - - [24/Apr/2005:11:43:05 -0500] "GET /download.php?reciter=1&title=003.ogg HTTP/1.1" 206 18942459 "-" "DA 5.5" 202.152.172.1 - - [24/Apr/2005:11:43:01 -0500] "GET /download.php?reciter=1&title=003.ogg HTTP/1.1" 206 18942458 "-" "DA 5.5" 202.152.172.1 - - [24/Apr/2005:11:39:43 -0500] "GET /download.php?reciter=2&title=004.ogg HTTP/1.1" 206 14399197 "-" "DA 5.5" 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux