httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Mobily <mer...@mobily.com>
Subject RE: [users@httpd] Bug, attack or what?
Date Tue, 18 May 2004 01:29:03 GMT
Hello Roger,

I wrote a book about Apache Security that has just come out (see the  
bottom of the email), so... well, I guess I ought to answer your  
message!

On May, 10  you wrote:

----------------------------------
I am running Apache 2.0.40 on RH Linux 9. It's a fairly active server.
Recently installed. It's been running stable for about 2 weeks. Apache  
child
processes at about 10MB apiece. Yesterday the server was unresponsive.  
In
checking the child processes had all jumped to about 50MB and the error  
log
showed a long string of:
[Sun May 09 16:05:40 2004] [warn] child process 5649 still did not exit,
sending a SIGTERM
[Sun May 09 16:05:40 2004] [warn] child process 2981 still did not exit,
sending a SIGTERM
[...]
------------------------------------------

This could be happening for a number of reasons. If you go to this URL:

http://www.apacheweek.com/features/security-20

You will find a (rather scary) list of bugs that affect Apache 2.0.40  
through 2.0.49.
So, the best piece of advice I can give you is: update your server. And  
do it... now!

Having said that, the problem could have been caused by a third-party  
module such as PHP being attacked. That's why you shouldn't have  
anything less than PHP PHP 4.3.6.

There are many things you can do to increase your server's security, a  
part from updating it (which is anyway the best thing). You can for  
example install modules such as mod_security, mod_dosevasive,  
mod_parmguard, mod_hackprotect and mod_hackdetect (find them on  
http://modules.apache.org/). You could also "jail" your Apache - there  
are some cool documents out there which explain you how to do that, for  
example:

http://penguin.epfl.ch/chroot.html
http://worldserver3.oleane.com/bouynot/gabuzomeu/alex/doc/apache/index- 
en.html

Finally, I have to mention (I hope it's OK...) that I I wrote a book,  
"Hardening Apache", which covers pretty much everything regarding  
Apache and security. Here is a link:

http://www.amazon.com/exec/obidos/tg/detail/-/1590593782/ 
qid=1084667530/sr=8-1/ref=sr_8_xs_ap_i1_xgl14/103-2589130-6111827? 
v=glance&s=books&n=507846

It has only just come out (and already has one very good review by an  
Amazon "top" reviewer!), I am keeping my fingers crossed...

Bye!

Merc.

P.S.
I hope I didn't answer too late...



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message