httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abu Hurayrah <abu_huray...@almaghrib.org>
Subject [users@httpd] Strange user-agents and requests causing Apache processes to explode!
Date Sun, 24 Apr 2005 18:24:21 GMT
Greets to all!

I apologize in advance if I am violating some ettiquettes with regards 
to this mailing list - I joined specifically because I have been 
experiencing some strange behavior that is disrupting my server.

I've included three chunks of my server log that chronicle the requests 
that relate to my problem, each one with some different information.  
These are located at the end of my message (probably should be left out 
of any replies)

Essentially, what is happening is some kind of a request is causing my 
server's Apache's processes to mushroom in size - going from a normal 15 
- 30 MB all the way up to 140+MB

And with 10 - 20 Apache processes running on a system with 1GB of RAM, 
this can be a problem. : -D

The requests are occurring with a custom download script that I have 
written, through which ALL download requests occur. I've optimized it to 
use very little memory by reading in the files in small chunks.  I 
rarely have any problems except with requests that follow a specific 
pattern.  I thought the problem was in my script, but I highly doubt it 
because I cannot duplicate it myself - plus "normal" requests, even a 
barrage of them, trigger no issues whatsoever.

I was previously running Apache 2.0.52, but after reading up on it, I 
discovered there was a security hole that caused a problem similar to 
what I was having:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942

So I upgraded to the latest release (2.0.54) - and I'm STILL having the 
same problem.

The requests usually have a User-Agent string of the following: 
"Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)".  This is easy enough 
to BrowserMatch out with an environmental variable, but not in every 
case does this work.

I think I've talked enough, so I want to see if anyone else is 
experiencing the same problem or not.


84.97.70.235 - - [21/Apr/2005:03:10:05 -0500] "GET 
/download.php?reciter=2&title=020.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:06 -0500] "GET 
/download.php?reciter=2&title=021.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:07 -0500] "GET 
/download.php?reciter=2&title=022.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:08 -0500] "GET 
/download.php?reciter=2&title=023.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:11 -0500] "GET 
/download.php?reciter=2&title=024.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:12 -0500] "GET 
/download.php?reciter=2&title=025.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:13 -0500] "GET 
/download.php?reciter=2&title=026.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:15 -0500] "GET 
/download.php?reciter=2&title=027.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:16 -0500] "GET 
/download.php?reciter=2&title=028.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:18 -0500] "GET 
/download.php?reciter=2&title=029.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:22 -0500] "GET 
/download.php?reciter=2&title=030.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:23 -0500] "GET 
/download.php?reciter=2&title=031.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:24 -0500] "GET 
/download.php?reciter=2&title=032.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:25 -0500] "GET 
/download.php?reciter=2&title=033.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:28 -0500] "GET 
/download.php?reciter=2&title=034.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:30 -0500] "GET 
/download.php?reciter=2&title=035.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:31 -0500] "GET 
/download.php?reciter=2&title=036.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:32 -0500] "GET 
/download.php?reciter=2&title=037.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:33 -0500] "GET 
/download.php?reciter=2&title=038.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:34 -0500] "GET 
/download.php?reciter=2&title=039.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:36 -0500] "GET 
/download.php?reciter=2&title=040.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:37 -0500] "GET 
/download.php?reciter=2&title=041.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:38 -0500] "GET 
/download.php?reciter=2&title=042.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:39 -0500] "GET 
/download.php?reciter=2&title=043.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:39 -0500] "GET 
/download.php?reciter=2&title=044.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:40 -0500] "GET 
/download.php?reciter=2&title=045.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:41 -0500] "GET 
/download.php?reciter=2&title=046.mp3 HTTP/1.1" 200 198 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:43 -0500] "GET 
/download.php?reciter=2&title=002.mp3 HTTP/1.1" 416 395 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:43 -0500] "GET 
/download.php?reciter=2&title=002.mp3 HTTP/1.1" 416 395 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"
84.97.70.235 - - [21/Apr/2005:03:10:43 -0500] "GET 
/download.php?reciter=2&title=002.mp3 HTTP/1.1" 416 395 "Mozilla/4.0 
(compatible; MSIE 5.00; Windows 98)"



80.125.64.106 - - [23/Apr/2005:15:16:38 -0500] "GET 
/download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 52587960 "-" 
"FreshDownload/4.40"
80.125.64.106 - - [23/Apr/2005:15:15:58 -0500] "GET 
/download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 26293981 "-" 
"FreshDownload/4.40"
80.125.64.106 - - [23/Apr/2005:15:15:58 -0500] "GET 
/download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 78881939 "-" 
"FreshDownload/4.40"
80.125.64.106 - - [23/Apr/2005:15:15:58 -0500] "GET 
/download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 105175918 "-" 
"FreshDownload/4.40"
80.125.64.106 - - [23/Apr/2005:15:20:03 -0500] "GET 
/download.php?reciter=1&title=111.mp3 HTTP/1.1" 200 578038 "-" 
"Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)"
80.125.64.106 - - [23/Apr/2005:15:16:37 -0500] "GET 
/download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 105175918 "-" 
"FreshDownload/4.40"
80.125.64.106 - - [23/Apr/2005:15:17:14 -0500] "GET 
/download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 78881939 "-" 
"FreshDownload/4.40"
80.125.64.106 - - [23/Apr/2005:15:16:37 -0500] "GET 
/download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 78881939 "-" 
"FreshDownload/4.40"
80.125.64.106 - - [23/Apr/2005:15:17:14 -0500] "GET 
/download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 52587960 "-" 
"FreshDownload/4.40"
80.125.64.106 - - [23/Apr/2005:15:17:14 -0500] "GET 
/download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 26293981 "-" 
"FreshDownload/4.40"
80.125.64.106 - - [23/Apr/2005:15:17:14 -0500] "GET 
/download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 105175918 "-" 
"FreshDownload/4.40"
193.251.8.224 - - [23/Apr/2005:15:22:19 -0500] "GET 
/download.php?reciter=9&title=009.mp3 HTTP/1.1" 200 50000 
"http://www.hidayahonline.org/?page=audio&reciter=9" "Mozilla/4.0 
(compatible; MSIE 6.0; Windows NT 5.1; SV1)"
193.251.8.224 - - [23/Apr/2005:15:22:24 -0500] "GET 
/download.php?reciter=9&title=009.mp3 HTTP/1.1" 200 50000 "-" 
"Windows-Media-Player/9.00.00.3250"
80.125.64.106 - - [23/Apr/2005:15:19:07 -0500] "GET 
/download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 26293981 "-" 
"FreshDownload/4.40"
80.125.64.106 - - [23/Apr/2005:15:17:53 -0500] "GET 
/download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 52587960 "-" 
"FreshDownload/4.40"
80.125.64.106 - - [23/Apr/2005:15:17:53 -0500] "GET 
/download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 78881939 "-" 
"FreshDownload/4.40"
80.125.64.106 - - [23/Apr/2005:15:17:53 -0500] "GET 
/download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 105175918 "-" 
"FreshDownload/4.40"
80.125.64.106 - - [23/Apr/2005:15:19:07 -0500] "GET 
/download.php?reciter=1&title=002.mp3 HTTP/1.0" 206 105175918 "-" 
"FreshDownload/4.40"



202.152.172.1 - - [24/Apr/2005:11:43:15 -0500] "GET 
/download.php?reciter=2&title=003.ogg HTTP/1.1" 206 12186804 "-" "DA 5.5"
202.152.172.1 - - [24/Apr/2005:11:40:54 -0500] "GET 
/download.php?reciter=1&title=003.ogg HTTP/1.1" 206 75769833 "-" "DA 5.5"
202.152.172.1 - - [24/Apr/2005:11:46:00 -0500] "GET 
/download.php?reciter=1&title=002.ogg HTTP/1.1" 206 30064471 "-" "DA 5.5"
202.152.172.1 - - [24/Apr/2005:11:39:33 -0500] "GET 
/download.php?reciter=2&title=004.ogg HTTP/1.1" 206 14488897 "-" "DA 5.5"
202.152.172.1 - - [24/Apr/2005:11:10:58 -0500] "GET 
/download.php?reciter=2&title=003.ogg HTTP/1.1" 206 14202189 "-" "DA 5.5"
202.152.172.1 - - [24/Apr/2005:11:44:29 -0500] "GET 
/download.php?reciter=1&title=002.ogg HTTP/1.1" 206 29758105 "-" "DA 5.5"
202.152.172.1 - - [24/Apr/2005:11:43:05 -0500] "GET 
/download.php?reciter=1&title=003.ogg HTTP/1.1" 206 18942459 "-" "DA 5.5"
202.152.172.1 - - [24/Apr/2005:11:43:01 -0500] "GET 
/download.php?reciter=1&title=003.ogg HTTP/1.1" 206 18942458 "-" "DA 5.5"
202.152.172.1 - - [24/Apr/2005:11:39:43 -0500] "GET 
/download.php?reciter=2&title=004.ogg HTTP/1.1" 206 14399197 "-" "DA 5.5"

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message