apache problem very urgent
Dear all, I am having a strang problem. I found that in apache error log that a lots of error messages are coming telling that the files b.jpg,5.jpg,6.jpg are not finding. This has nothing to do with that domain (or that document root path) as if i remove this virtual host from apache the same error comes for other domain( i.g showing another path for above missing files) and it goes on. I tried to check for comman ips but i was unable to get it(i tried for around 2000 to 2500 ip's). At the same time i get unique visitors for a site (in awstats) are very less. This very strang and it is increasing data tranfer. (around 1GB in last four day's) I having a suse 8.2 with apache 1.3.27(through rpm) I already updated system for patches. So help me to solve out this problem as early as possible. Thanks Ramchandra Dhupkar
If these files are not referenced by the html code and do not exist and you
have that much data transfered, you are under a Distributed Denial of
Service attack. This would appear to be outside your control.
Again if these files do not exist and are not referenced in the html code,
it would quite a few requests to make up that much data transfer...
Lyle
----- Original Message -----
From: "Ramchandra Dhupkar"
Dear all,
I am having a strang problem. I found that in apache error log that a lots of error messages are coming telling that the files b.jpg,5.jpg,6.jpg are not finding. This has nothing to do with that domain (or that document root path) as if i remove this virtual host from apache the same error comes for other domain( i.g showing another path for above missing files) and it goes on. I tried to check for comman ips but i was unable to get it(i tried for around 2000 to 2500 ip's). At the same time i get unique visitors for a site (in awstats) are very less. This very strang and it is increasing data tranfer. (around 1GB in last four day's)
I having a suse 8.2 with apache 1.3.27(through rpm) I already updated system for patches.
So help me to solve out this problem as early as possible.
Thanks Ramchandra Dhupkar
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
"Lyle Giese" schrieb:
If these files are not referenced by the html code and do not exist and you have that much data transfered, you are under a Distributed Denial of Service attack. This would appear to be outside your control.
Looks like. I do remember some kind of worm is requesting files with names like n.jpg where n is - mostly - a number? Ah, http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ao@mm.htm... seems to do something like that, for example. -thh
On Monday 06 September 2004 15:04, Peter Wiersig wrote:
Ramchandra Dhupkar wrote:
So help me to solve out this problem as early as possible.
Create empty files. The non existing files cause more filesystem lookups.
I was thinking of a solution along the lines of using iptables' --string to spot the packets looking for the filenames, then sending anything from that source IP address to a tarpit. If it could be made to work that would stop the problem. :o) I don't have time to try the idea out though... :o(
participants (5)
-
Derek Fountain -
Lyle Giese -
Peter Wiersig -
Ramchandra Dhupkar -
Thomas Hochstein