You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Dany Paquette <da...@emergis.com> on 2001/11/01 21:16:44 UTC
general/8661: I think a virus is killing the apache child process
>Number: 8661
>Category: general
>Synopsis: I think a virus is killing the apache child process
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: apache
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Thu Nov 01 12:20:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: dany.paquette@emergis.com
>Release: 1.3.19
>Organization:
apache
>Environment:
Sun solaris 5.8
SunOS e-news-web 5.8 Generic_108528-10 sun4u sparc SUNW,UltraAX-i2
>Description:
In th error log their is multiple diffrent IP adress that do the same sequence of request and it keeps killing the child process here is the sequence in question.
[Sun Oct 28 14:17:01 2001] [error] [client 211.22.71.115] File does not exist: /export/home/httpd/www/scripts/root.exe
[Sun Oct 28 14:17:02 2001] [error] [client 211.22.71.115] File does not exist: /export/home/httpd/www/MSADC/root.exe
[Sun Oct 28 14:17:02 2001] [error] [client 211.22.71.115] File does not exist: /export/home/httpd/www/c/winnt/system32/c
md.exe
[Sun Oct 28 14:17:03 2001] [error] [client 211.22.71.115] File does not exist: /export/home/httpd/www/d/winnt/system32/c
md.exe
[Sun Oct 28 14:17:04 2001] [error] [client 211.22.71.115] File does not exist: /export/home/httpd/www/scripts/..%5c../wi
nnt/system32/cmd.exe
[Sun Oct 28 14:17:05 2001] [error] [client 211.22.71.115] File does not exist: /export/home/httpd/www/_vti_bin/..%5c../.
.%5c../..%5c../winnt/system32/cmd.exe
[Sun Oct 28 14:17:09 2001] [error] [client 211.22.71.115] File does not exist: /export/home/httpd/www/_mem_bin/..%5c../.
.%5c../..%5c../winnt/system32/cmd.exe
[Sun Oct 28 14:17:10 2001] [error] [client 211.22.71.115] File does not exist: /export/home/httpd/www/msadc/..%5c../..%5
c../..%5c/..�../..�../..�../winnt/system32/cmd.exe
[Sun Oct 28 14:17:11 2001] [error] [client 211.22.71.115] File does not exist: /export/home/httpd/www/scripts/..�../winn
t/system32/cmd.exe
[Sun Oct 28 14:17:12 2001] [notice] child pid 15214 exit signal Segmentation Fault (11)
[Sun Oct 28 14:17:12 2001] [error] [client 211.22.71.115] File does not exist: /export/home/httpd/www/scripts/..��../win
nt/system32/cmd.exe
[Sun Oct 28 14:17:13 2001] [error] [client 211.22.71.115] File does not exist: /export/home/httpd/www/scripts/..��../win
nt/system32/cmd.exe
[Sun Oct 28 14:17:15 2001] [notice] child pid 12186 exit signal Segmentation Fault (11)
[Sun Oct 28 14:17:15 2001] [notice] child pid 14225 exit signal Segmentation Fault (11)
here is the version of code we are using
we are using apache 1.3.19
with the following module
Compiled-in modules:
http_core.c
mod_env.c
mod_log_config.c
mod_mime.c
mod_negotiation.c
mod_status.c
mod_include.c
mod_autoindex.c
mod_dir.c
mod_cgi.c
mod_asis.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_rewrite.c
mod_access.c
mod_auth.c
mod_expires.c
mod_setenvif.c
mod_ssl.c
mod_perl.c
and we are using the follwing cpan module
html parser 3.23
application IFMMD5 MD5 module for perl(2.13)
application IFMOssl OpenSSL ssl library and tools(0.9.6a)
application IFMadbi Athentication DBI module for perl
application IFMapache Apache & Mod_SSL & Mod_Perl (1.3.19)
application IFMasess Apache Session module for perl (1.53)
application IFMdate Date Calc module for perl(4.3)
application IFMdbd DBD Oracle module for perl(1.06)
application IFMdbi DBI module for perl(1.16)
application IFMhpars HTML Parser module for perl(3.23)
application IFMhtag HTML Tagset module for perl(3.03)
application IFMhtemp HTML Template module for perl(2.2)
application IFMimage Image Size module for perl(2.93)
application IFMimmag Image Magick with Perl Magick(5.3.4)
application IFMlibn Libnet module for perl(1.0703)
application IFMlibw Libwww module for perl(5.5394)
application IFMmail Mail Sender module for perl(0.7.08)
application IFMmd5 Digest MD5 for perl(2.13)
application IFMmime MIME Base 64 module for perl(2.12)
application IFMmm MM Shared Memory library(1.1.13)
application IFMpmag Perl Magick interface module for perl(5.34)
application IFMsto Storable module for perl(1.0.12)
application IFMtauf Text Auto Format module for perl(1.04)
application IFMtime Time Date module for perl(1.10)
application IFMtxtp Text Parse Word module for perl(3.1)
application IFMuri URI module for perl(1.12)
And we are using perl 5.6.1
I am kind of desperate, it keeps our server down :(
It looks like it is a virus that keeps scanning us but what really bugs me is that child process are killed. I would not really mind if the virus kepps on getting 404 http error, but i don't like when it puts my server down.
Please help me!
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <ap...@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]