httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Noel Butler <noel.but...@ausics.net>
Subject Re: [users@httpd] w00t and Dfind web scanner
Date Sun, 12 Feb 2012 23:12:00 GMT
On Sun, 2012-02-12 at 20:02 +0100, Miguel González Castaños wrote:

> Dear all,
> 
>    I'm the system admin of a web server and I found these errors in my 
> apache logs:
> 
> [Tue Feb 07 10:35:08 2012] [warn] (43)Identifier removed: Failed to 
> release SSL session cache lock
> [Tue Feb 07 10:36:04 2012] [warn] (43)Identifier removed: Failed to 
> acquire SSL session cache lock
> [Tue Feb 07 10:36:04 2012] [warn] (43)Identifier removed: Failed to 
> release SSL session cache lock
> [Tue Feb 07 10:36:05 2012] [warn] child process 21599 still did not 
> exit, sending a SIGTERM
> [Tue Feb 07 10:36:06 2012] [notice] caught SIGTERM, shutting down
> 
> also some traces of Dfind web scanner:
> 
> [Mon Feb 06 05:54:01 2012] [error] [client 88.46.75.27] client sent 
> HTTP/1.1 request without hostname (see RFC2616 section 14.23): 
> /w00tw00t.at.ISC.SANS.DFind:)
> 

Wouldn't worry too much, the world is full of scan scripts, both good,
and some bad.


> I have added a rule into my iptables to block this and so far so good
> 
> However I don't know how these "failed to release SSL session cache 
> lock" managed to bring my apache server down and if they are somehow 
> related to these Dfind scans.
> 


What OS, kernel, httpd version?
If linux, /var/log/messages|kernel_log|daemon_log   can also often give
some indication of problems.


Mime
View raw message