httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] Possible symptoms of a web DOS attack
Date Wed, 16 Mar 2005 18:45:19 GMT
On Wed, 16 Mar 2005 10:41:53 -0800, Rob Tanner <rtanner@linfield.edu> wrote:
> Hi,
> 
> We've had a couple of instances in the past week where CPU load average on
> the server running apache was up at 60 when it normally stays at a nice
> healthy 1 to 2.  In each case, bringing down the apache server brought the
> load down.  We're also running PHP on the server but register_globals is off
> and safe_mode on.  I'm runnign apache httpd-2.0.47.  Is there any chance I've
> got a hacker exploiting some DOS vulnerability?

Use the server-status display from the mod_status module to figure out
what the server is doing at these times (or just page back through
your access logs).  That should help you figure out if anything
unusual is going on.  Also, be sure to keep MaxClients low enough to
prevent your server from using swap memory.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message