httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <>
Subject RE: [users@httpd] Help with DoS attack
Date Mon, 03 Feb 2003 14:15:27 GMT
>-----Original Message-----
>From: Robert Mena []
>I have been facing some DoS attacks in my apache
>server (1.3) and I was wondering what kind of
>tools/tips are available in order to identify 

Try using the Mark I Eyeball on the TransferLog...

Look for funny request strings, same client IP, rapid requests etc.
Check the response codes - do you get a lot of 404s?

>I am assuming that the problem it with apache since
>the number of httpd processes goes from ~70 (where
>everything is ok) to ~152 about the same time every

What content do you serve? E.g. if you have financial data, you might
expect this at the close of business each day.

Actually, hackers are unlikely to be so punctual. More probably, you
have a robot or webcrawler indexing your site on a cron job.

Owen Boyle

>Do you Yahoo!?
>Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:> for more info.
>To unsubscribe, e-mail:
>   "   from the digest:
>For additional commands, e-mail:

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message