Date: Wed, 11 Mar 1998 19:03:15 -0600 From: "Jeffrey J. Mountin" <jeff-ml@mountin.net> To: Kevin Day <toasty@home.dragondata.com>, dev@wopr.inetu.net (Dev) Cc: isp@FreeBSD.ORG Subject: Re: Runaway web server. Message-ID: <3.0.3.32.19980311190315.00752e34@156.46.92.70> In-Reply-To: <199803112304.RAA18688@home.dragondata.com> References: <Pine.BSF.3.95q.980311174734.6707A-100000@wopr.inetu.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 05:04 PM 3/11/98 -0600, Kevin Day wrote: >> >> We have a freebsd 2.2.5 server w/96 megs of ram >> running 13 instances of apache. (each spawning >> about 5-10 children). >> >> it seems something triggers _all_ of the servers >> to become in the run state. about 4 or 5 children >> seem to be using about 8 mb of ram. it is very >> hard to actually kill the processes. (not just >> from lag, but the process not dying after being >> sent a kill signal). >> >> when trying to kill the session leader it does not >> seem to die. >> >> The servers get stuck in a "waiting for reply" >> state and never seem to respond. This server has >> been up for over 40 days running fine. >> >> We have finally rebooted the machine, and after >> about four hours it happened again. >> >> Anyone have any suggestions? >> > >Is this a somewhat old version of apache? I've gotten 2 runaway children on 2.2.5 with both Apache 1.2.4 and 1.2.5 so far and both are the only instances I've ever encountered in over 10 years of server time on various servers. >If so, someone's exploiting a bug... adding a ton of /'s in a URL will >cause apache to come to a crawl... In either case there was nothing suspicious/malicious in the logs around the time of the runaways, but someone did try to exploit a bug of 1.2.4 (or earlier?) with an invalid URL that was _really_ long, which didn't work. :) At least this was only one child process on 2 different occasions, but considering how far both FBSD and Apache have come, it bothers me somewhat and now someone else has a more serious problem. Have to like the reliability of FBSD and Apache, but am starting to wonder. Jeff Mountin - Unix Systems TCP/IP networking jeff@mountin.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.3.32.19980311190315.00752e34>