Date: Wed, 11 Mar 1998 21:16:10 -0500 From: "Gary Palmer" <gpalmer@FreeBSD.ORG> To: "Jeffrey J. Mountin" <jeff-ml@mountin.net> Cc: Kevin Day <toasty@home.dragondata.com>, dev@wopr.inetu.net (Dev), isp@FreeBSD.ORG Subject: Re: Runaway web server. Message-ID: <17178.889668970@gjp.erols.com> In-Reply-To: Your message of "Wed, 11 Mar 1998 19:03:15 CST." <3.0.3.32.19980311190315.00752e34@156.46.92.70>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jeffrey J. Mountin" wrote in message ID <3.0.3.32.19980311190315.00752e34@156.46.92.70>: > In either case there was nothing suspicious/malicious in the logs around the > time of the runaways, but someone did try to exploit a bug of 1.2.4 (or earli > er?) with an invalid URL that was _really_ long, which didn't work. :) Since Apache doesn't log until completion (either through erroring out or the URL being delivered) its possible its an exploitable bug. > At least this was only one child process on 2 different occasions, but consid > ering how far both FBSD and Apache have come, it bothers me somewhat and now > someone else has a more serious problem. It would be really helpful if ppl experiencing this ran apache with debugging symbols compiled in and gdb attached to the runaway process and traced it to see what it was doing. We can speculate until we're blue in the face, but thats all it is... We use FreeBSD where I work too, and in a fairly heavily hit area (our POP servers see 100 pop sessions a second, probably gone up since that figure was calculated a few months ago). To date I haven't seen a runaway process on our servers. Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17178.889668970>