Security Incidents mailing list archives
Apache goes berserk
From: Brett Glass <brett () lariat org>
Date: Wed, 26 Jun 2002 21:37:41 -0600
This evening, I returned from dinner to find that my Apache 2.0.39 Web server, running on FreeBSD, was completely unresponsive. A "ps" command revealed that the server had spawned dozens of child processes. And the error log had filled up with messages that looked like this:
[Wed Jun 26 15:55:01 2002] [error] server reached MaxClients setting, consider raising the MaxClients setting [Wed Jun 26 21:28:36 2002] [warn] child process 164 still did not exit, sending a SIGTERM [Wed Jun 26 21:28:36 2002] [warn] child process 165 still did not exit, sending a SIGTERM [Wed Jun 26 21:28:36 2002] [warn] child process 166 still did not exit, sending a SIGTERM [Wed Jun 26 21:28:36 2002] [warn] child process 167 still did not exit, sending a SIGTERM [Wed Jun 26 21:28:36 2002] [warn] child process 168 still did not exit, sending a SIGTERM [Wed Jun 26 21:28:36 2002] [warn] child process 497 still did not exit, sending a SIGTERM [Wed Jun 26 21:28:36 2002] [warn] child process 498 still did not exit, sending a SIGTERM [Wed Jun 26 21:28:36 2002] [warn] child process 1307 still did not exit, sending a SIGTERM [Wed Jun 26 21:28:36 2002] [warn] child process 2965 still did not exit, sending a SIGTERM
...and many more similar messages. These were followed by a continuous stream of messages like the following:
httpd in free(): warning: page is already free httpd in free(): warning: page is already free httpd in free(): warning: page is already free httpd in free(): warning: page is already free httpd in free(): warning: page is already free httpd in free(): warning: page is already free httpd in free(): warning: page is already free httpd in free(): warning: page is already free httpd in free(): warning: page is already free httpd in free(): warning: page is already free httpd in free(): warning: page is already free httpd in free(): warning: page is already free httpd in free(): warning: page is already free httpd in free(): warning: page is already free httpd in free(): warning: page is already free httpd in free(): warning: page is already free httpd in free(): warning: page is already free httpd in free(): warning: page is already free httpd in free(): warning: page is already free httpd in free(): warning: page is already freeIt doesn't LOOK as if anyone broke in, but the fact that the Web server was tied up in knots until I shut it down and restarted it is disturbing. Anyone else seeing such activity?
--Brett Glass ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Apache goes berserk Brett Glass (Jun 27)
- Re: Apache goes berserk Tobias Rosenstock (Jun 27)
- Message not available
- Re: Apache goes berserk Brett Glass (Jun 28)