httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Miguel González Castaños <miguel_3_gonza...@yahoo.es>
Subject [users@httpd] w00t and Dfind web scanner
Date Sun, 12 Feb 2012 19:02:04 GMT
Dear all,

   I'm the system admin of a web server and I found these errors in my 
apache logs:

[Tue Feb 07 10:35:08 2012] [warn] (43)Identifier removed: Failed to 
release SSL session cache lock
[Tue Feb 07 10:36:04 2012] [warn] (43)Identifier removed: Failed to 
acquire SSL session cache lock
[Tue Feb 07 10:36:04 2012] [warn] (43)Identifier removed: Failed to 
release SSL session cache lock
[Tue Feb 07 10:36:05 2012] [warn] child process 21599 still did not 
exit, sending a SIGTERM
[Tue Feb 07 10:36:06 2012] [notice] caught SIGTERM, shutting down

also some traces of Dfind web scanner:

[Mon Feb 06 05:54:01 2012] [error] [client 88.46.75.27] client sent 
HTTP/1.1 request without hostname (see RFC2616 section 14.23): 
/w00tw00t.at.ISC.SANS.DFind:)

I have added a rule into my iptables to block this and so far so good

However I don't know how these "failed to release SSL session cache 
lock" managed to bring my apache server down and if they are somehow 
related to these Dfind scans.

Any ideas?

Regards,

Miguel


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message