httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jaco Kroon <>
Subject Re: [users@httpd] attack on apache
Date Thu, 12 Jan 2012 04:51:38 GMT

On 12/01/12 00:14, Jeroen Geilman wrote:
> On 01/11/2012 10:10 PM, Jaco Kroon wrote:
>> On 11/01/12 22:37, Luisa Ester Navarro wrote:
>>> ------------------------------------------------------------------------
>>> J.
>>> Thanks Jeron:
>>>              any idea how to start researching which is the leaky script
>>> Cheers
>>> Luisa
>> Hehe, this is where they say, RTFS, or as Jeron suggested, see if you 
>> can correlate something in the logs.  If apache is still running and 
>> you happen to have mod_info, it's useful as it at least gives you the 
>> paths being processed, often the "child script" will hold up the 
>> processing and you can then spot the script in use in the mod_info 
>> data, in other cases, it's a wild goose chase.
> I think you are referring to the server-status handler provided by 
> mod_status, which shows the URIs currently being served if you set the 
> gloabl option ExtendedStatus to On.
Of course you right - my mistake.

Kind Regards,

View raw message