[WBEL-users] DOS attack on Apache?

Benedikt Carda ml at two-wings.net
Mon Jun 20 06:41:38 CDT 2005 

I have deactivated the CGI module and also all but one virtualhosts (on 
the one still active there are no scripts running) but the problem 
persists. Therefore I think the problem does not come from a runaway 
script. Any further ideas?

Thanks,
Benedikt.


Lem Tomas wrote:

> runaway script?
>
> Benedikt Carda wrote:
>
>> Dear All,
>>
>> me again. I have found out, that it does not seem to be a DOS attack 
>> against HTTP. The requested files and directories are too different 
>> (including different virtual hosts, etc.) to be an attack. 
>> Furthermore the log entries show, that only a few request come. 
>> Therefore, the actual problem is, that a child process does not kill 
>> itself after fulfilling the request. Therefore the max child requests 
>> limit is reached after just 10 to 15 seconds and Apache does not 
>> deliver any more documents. How can this happen and how can I get 
>> Apache to work again?
>>
>> Best Regards,
>> Benedikt.
>>
>>
>> Benedikt Carda wrote:
>>
>>> Dear All,
>>>
>>> I am running WBEL 3 including Apache  on a box. Since four days as 
>>> soon as I turn on Apache it reaches the maximum number of child 
>>> processes in just a few seconds. Accessing a website on the server 
>>> is awefully slow. I looked into the logs and found out, that many 
>>> people try to reach a certain URL on the server (on one virtual 
>>> host). First I renamed the directory to another name and the problem 
>>> was solved. But the requests came back for another directory after a 
>>> day. I tried to rename this one too, but unfortunately this time it 
>>> did not work. The requests still produce the reach of the maximum 
>>> number of child processes.
>>>
>>> It seems that somehow the child processes do not exit after 
>>> fullfilling the request. I tried the following:
>>>
>>> * Disconnect from internet, restart Apache
>>> Result: Normal operations, nothing special
>>> * Reconnect to the internet:
>>> Result: A few seconds and maximum number of child processes was reached
>>> * Disconnect again from internet, not restarting Apache
>>> Result: Still the child processes did not exit
>>>
>>> Also when restarting the Apache server I get a whole bunch of these 
>>> kind of entries in the error log:
>>>
>>> [Mon Jun 20 08:32:21 2005] [warn] child process 975 still did not 
>>> exit, sending a SIGTERM
>>>
>>> Does anybody know what to do? Thanks for help in advance.
>>>
>>> Best Regards,
>>> Benedikt.
>>
>>

More information about the Whitebox-users mailing list