httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron" <...@idl.net.au>
Subject [users@httpd] Parent: Receiving shutdown signal from outside?
Date Tue, 14 Jan 2003 12:13:46 GMT
"Hello" from Australia,

I'm new to Apache.  I have version 2.0.43 on Windows XP Pro.

I have installed all Microsoft Windows XP security patches prior to SP1.  I
have been reluctant to install SP1 due to warnings I've heard about it
causing problems.

I have used GRC's XPdite, from http://grc.com/xpdite/xpdite.htm

In the Error Log, I find a number of entries like the following examples:

[Sun Jan 12 07:38:58 2003] [warn] pid file C:/Program Files/Apache
Group/Apache2/logs/httpd.pid overwritten -- Unclean shutdown of previous
Apache run?
[Sun Jan 12 07:38:59 2003] [notice] Parent: Created child process 1456
[Sun Jan 12 07:39:00 2003] [notice] Child 1456: Child process is running
[Sun Jan 12 07:39:00 2003] [notice] Child 1456: Acquired the start mutex.
[Sun Jan 12 07:39:01 2003] [notice] Child 1456: Starting 250 worker threads.
[Sun Jan 12 10:43:25 2003] [notice] Parent: Received shutdown signal --
Shutting down the server.
[Sun Jan 12 10:43:25 2003] [notice] Child 1456: Exit event signaled. Child
process is ending.
[Sun Jan 12 10:43:26 2003] [notice] Child 1456: Released the start mutex
[Sun Jan 12 10:43:27 2003] [notice] Child 1456: Waiting for 250 worker
threads to exit.
[Sun Jan 12 10:43:27 2003] [notice] Child 1456: All worker threads have
exited.
[Sun Jan 12 10:43:27 2003] [notice] Child 1456: Child process is exiting
[Sun Jan 12 10:43:28 2003] [notice] Parent: Child process exited
successfully.

[Sun Jan 12 22:02:52 2003] [error] [client 195.166.232.11] Client sent
malformed Host header
[Mon Jan 13 00:33:14 2003] [error] [client 199.243.77.42] Client sent
malformed Host header
[Mon Jan 13 09:42:26 2003] [warn] pid file C:/Program Files/Apache
Group/Apache2/logs/httpd.pid overwritten -- Unclean shutdown of previous
Apache run?

There are more entries in the Error Log like the above examples.  I assume
this is not good.  It appears to me (inexperienced) that someone is
controlling my server from the outside.  I read about Stopping & Restarting
at the Apache.org website, but it did not seem to mention whether this was
something that could be done from outside.

Assuming this is a vulnerability, is it addressed in WinXP SP1?  ....or can
I leave that out and alter some setting in the configuration file to stop
this access?  I seem to remember reading something about a parent/child
vulnerability with Apache on WinXP, but I can't find it now.

I don't know if this helps, but this is how I have the DocumentRoot set
(I've stripped out the commenting here):

UseCanonicalName Off

DocumentRoot "C:/Program Files/Apache Group/Apache2/htdocs"

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Deny from all
</Directory>

....and then a few lines down from that:

<Directory "C:/Program Files/Apache Group/Apache2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

As far as I understand, this allows access to the DocumentRoot folder, but
nothing else.

There are no VirtualHosts set up.

If I need to strip the system clean and start again, I will.  But I wonder
if anyone can otherwise help me sort out this apparent vulnerability.

Thank you in advance,
Aaron Wells


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message