httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeroen Geilman <jer...@adaptr.nl>
Subject Re: [users@httpd] attack on apache
Date Wed, 11 Jan 2012 22:14:22 GMT
On 01/11/2012 10:10 PM, Jaco Kroon wrote:
> On 11/01/12 22:37, Luisa Ester Navarro wrote:
>>
>>
>> ------------------------------------------------------------------------
>> J.
>> Thanks Jeron:
>>              any idea how to start researching which is the leaky script
>> Cheers
>> Luisa
> Hehe, this is where they say, RTFS, or as Jeron suggested, see if you 
> can correlate something in the logs.  If apache is still running and 
> you happen to have mod_info, it's useful as it at least gives you the 
> paths being processed, often the "child script" will hold up the 
> processing and you can then spot the script in use in the mod_info 
> data, in other cases, it's a wild goose chase.

I think you are referring to the server-status handler provided by 
mod_status, which shows the URIs currently being served if you set the 
gloabl option ExtendedStatus to On.

-- 
J.


Mime
View raw message