httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Mobily <>
Subject RE: [users@httpd] Bug, attack or what?
Date Tue, 18 May 2004 01:29:03 GMT
Hello Roger,

I wrote a book about Apache Security that has just come out (see the  
bottom of the email), so... well, I guess I ought to answer your  

On May, 10  you wrote:

I am running Apache 2.0.40 on RH Linux 9. It's a fairly active server.
Recently installed. It's been running stable for about 2 weeks. Apache  
processes at about 10MB apiece. Yesterday the server was unresponsive.  
checking the child processes had all jumped to about 50MB and the error  
showed a long string of:
[Sun May 09 16:05:40 2004] [warn] child process 5649 still did not exit,
sending a SIGTERM
[Sun May 09 16:05:40 2004] [warn] child process 2981 still did not exit,
sending a SIGTERM

This could be happening for a number of reasons. If you go to this URL:

You will find a (rather scary) list of bugs that affect Apache 2.0.40  
through 2.0.49.
So, the best piece of advice I can give you is: update your server. And  
do it... now!

Having said that, the problem could have been caused by a third-party  
module such as PHP being attacked. That's why you shouldn't have  
anything less than PHP PHP 4.3.6.

There are many things you can do to increase your server's security, a  
part from updating it (which is anyway the best thing). You can for  
example install modules such as mod_security, mod_dosevasive,  
mod_parmguard, mod_hackprotect and mod_hackdetect (find them on You could also "jail" your Apache - there  
are some cool documents out there which explain you how to do that, for  

Finally, I have to mention (I hope it's OK...) that I I wrote a book,  
"Hardening Apache", which covers pretty much everything regarding  
Apache and security. Here is a link: 

It has only just come out (and already has one very good review by an  
Amazon "top" reviewer!), I am keeping my fingers crossed...



I hope I didn't answer too late...

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message