Security Incidents mailing list archives
Re: apache problem
From: cory <loon () loadedpenguin com>
Date: Tue, 15 Oct 2002 08:53:18 -0500
This is a DoS from the chunk encoding exploits produced earlier this year. http://httpd.apache.org/info/security_bulletin_20020617.txt cheers, loon Andre Guimaraes wrote:
Hi all, I have one webserver dedicated for a client communication running apache 1.3.22-6 on linux red hat 7.3 and almost unused. Today the machine had no memory or swap left (1 gig memory,512 meg swap). Analyzing the error logs I found this: Lots of in /var/log/messages: Oct 12 20:31:24 web01 kernel: Out of Memory: Killed process 1023 (httpd). Oct 12 20:31:52 web01 kernel: Out of Memory: Killed process 1016 (httpd). Oct 12 20:32:22 web01 kernel: Out of Memory: Killed process 1020 (httpd). Oct 12 20:34:04 web01 kernel: Out of Memory: Killed process 1026 (httpd). Oct 12 20:34:53 web01 kernel: Out of Memory: Killed process 1025 (httpd). Oct 12 20:35:55 web01 kernel: Out of Memory: Killed process 1031 (httpd). Lots of this in error log: [Sat Oct 12 20:41:44 2002] [error] child process 1227 still did not exit, sending a SIGKILL [Sat Oct 12 20:41:44 2002] [error] child process 1228 still did not exit, sending a SIGKILL [Sat Oct 12 20:41:46 2002] [error] could not make child process 1072 exit, attempting to continue anyway [Sat Oct 12 20:41:46 2002] [error] could not make child process 1080 exit, attempting to continue anyway Few minutes before in error log: [Sat Oct 12 20:16:19 2002] [error] [client 217.223.216.186] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): / [Sat Oct 12 20:21:09 2002] [error] [client 207.99.78.36] request failed: erroneous characters after protocol string: CONNECT maila.microsoft.com:25 / HTTP/1.0 This connect maila looks like someone trying to find some kind of proxy. What about the empty hostname? I cant figure out why that happened. Thanks ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- apache problem Andre Guimaraes (Oct 14)
- Re: apache problem Ryan Sweat (Oct 15)
- Re: apache problem zeno (Oct 15)
- RE: apache problem Jonathan A. Zdziarski (Oct 15)
- Re: apache problem Bob Johnson (Oct 16)
- Re: apache problem SZALAY Attila (Oct 15)
- Re: apache problem cory (Oct 15)
- Re: apache problem Bob Johnson (Oct 16)
- Re: apache problem Hugo van der Kooij (Oct 15)
- Re: apache problem Homer Wilson Smith (Oct 16)
- Re: apache problem Hugo van der Kooij (Oct 16)
- Re: apache problem Stephen Smoogen (Oct 17)
- RE: apache problem Jonathan A. Zdziarski (Oct 18)
- Re: apache problem Jason Giglio (Oct 18)
- Re: apache problem Stephen Smoogen (Oct 18)
- RE: apache problem Jonathan A. Zdziarski (Oct 18)
- Re: apache problem Homer Wilson Smith (Oct 16)
- Re: apache problem Ryan Sweat (Oct 15)