You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Rob Tanner <rt...@linfield.edu> on 2005/03/16 19:41:53 UTC
[users@httpd] Possible symptoms of a web DOS attack
Hi,
We've had a couple of instances in the past week where CPU load average on
the server running apache was up at 60 when it normally stays at a nice
healthy 1 to 2. In each case, bringing down the apache server brought the
load down. We're also running PHP on the server but register_globals is off
and safe_mode on. I'm runnign apache httpd-2.0.47. Is there any chance I've
got a hacker exploiting some DOS vulnerability?
Thanks.
--
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Possible symptoms of a web DOS attack
Posted by Joshua Slive <js...@gmail.com>.
On Wed, 16 Mar 2005 10:41:53 -0800, Rob Tanner <rt...@linfield.edu> wrote:
> Hi,
>
> We've had a couple of instances in the past week where CPU load average on
> the server running apache was up at 60 when it normally stays at a nice
> healthy 1 to 2. In each case, bringing down the apache server brought the
> load down. We're also running PHP on the server but register_globals is off
> and safe_mode on. I'm runnign apache httpd-2.0.47. Is there any chance I've
> got a hacker exploiting some DOS vulnerability?
Use the server-status display from the mod_status module to figure out
what the server is doing at these times (or just page back through
your access logs). That should help you figure out if anything
unusual is going on. Also, be sure to keep MaxClients low enough to
prevent your server from using swap memory.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org