Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 88316 invoked from network); 13 Jun 2007 20:56:32 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 13 Jun 2007 20:56:32 -0000 Received: (qmail 4176 invoked by uid 500); 13 Jun 2007 20:56:24 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 4160 invoked by uid 500); 13 Jun 2007 20:56:24 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 4149 invoked by uid 99); 13 Jun 2007 20:56:24 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Jun 2007 13:56:24 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (herse.apache.org: local policy) Received: from [64.202.165.221] (HELO smtpout05.prod.mesa1.secureserver.net) (64.202.165.221) by apache.org (qpsmtpd/0.29) with SMTP; Wed, 13 Jun 2007 13:56:20 -0700 Received: (qmail 29370 invoked from network); 13 Jun 2007 20:55:57 -0000 Received: from unknown (69.225.174.130) by smtpout05-04.prod.mesa1.secureserver.net (64.202.165.221) with ESMTP; 13 Jun 2007 20:55:57 -0000 Message-ID: <467059DD.60200@rowe-clan.net> Date: Wed, 13 Jun 2007 13:55:57 -0700 From: "William A. Rowe, Jr." User-Agent: Thunderbird 1.5.0.12 (X11/20070530) MIME-Version: 1.0 To: users@httpd.apache.org References: <5f0f8dba0706130454q1fefc330tb88dcc83d43fd2be@mail.gmail.com> In-Reply-To: <5f0f8dba0706130454q1fefc330tb88dcc83d43fd2be@mail.gmail.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Suspicious logging in access.log Asrai khn wrote: > Hi from last few days i am getting the below in access.log, and also > duno what had been changed this virtaul machine which is hosting our > clients domains going unresponsive after running for few hours. before > it was running cool from last 2 years. > Version : httpd-2.2.4-2.fc6 Well, it isn't this attack... %u0aeb tells you it targets IIS, plus this hit the access logs. You want to know which request kills things. To find that out, you need to load mod_log_forensic and capture all the requests as they arrive, and see which ones run to completion v.s. which ones hang up the server. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org