Results 1 to 8 of 8
Thread: 501 error in apache
-
07-31-2005, 12:20 AM #1Newbie
- Join Date
- Apr 2005
- Location
- Bangalore
- Posts
- 20
501 error in apache
501errors killing apache. Httpd connection increase so high that apache goes down as soon as it is restarted. Do any one have any clue about this weird problem.
==========
#tail -f /usr/local/apache/logs/error_log
[Sat Jul 30 23:42:40 2005] [error] [client xxxxxxx] Invalid method in request OfQSnUBjyyyN2JxjJSWuLx2six8MP9u4Zr3JVSXHJ6MgASFOliMOq7RBybGjWBtyHPYgg8UdbFbXjkLVikcsiIOoaXmjjC3p71P3oERHyRNGhUTsIB0HQ4ZuIiNNQOSN
[Sat Jul 30 23:42:40 2005] [error] [client xxxxxxx] Invalid method in request Vp8YPNvIN7giIBGolK3dZvEzFDmDOi5KP5EoCilYSKLhP
[Sat Jul 30 23:42:45 2005] [error] [client xxxxxxx] Invalid method in request vV1uIP4TztKBWD5EwdxIyBg2CZijw5GFKmZoJc
#tail -f /usr/local/apache/logs/access_log
xxxxxx- - [30/Jul/2005:23:44:35 -0400] "r0Lfl0eoJtoibvNTxPsLmRBX" 501 -
xxxxxx - - [30/Jul/2005:23:44:35 -0400] "dr6DmXXypNS2bRf3l11cwMrNS2jP1Sq0wEWrTnERqmdDN5xgbM2ngD0IhNboqslx" 501 -
xxxxxx - - [30/Jul/2005:23:44:35 -0400] "-" 408 -
xxxxxx - - [30/Jul/2005:23:44:35 -0400] "GaLk1AAeG9bnx6ZsbcllqGUqwMt2h9KltrISnD6SX0ooxyW86AjLCaZmlKwYWq1RPxULUH6SmhFZHgaTA" 501 -
xxxxxx- - [30/Jul/2005:23:44:36 -0400] "i8hRuSwYAfWOA0vYuHEPXs52SexVLqML2NLEs23gKtEQRF23j2j78LwbgMJZLFks46qiJV7pUKf8i8EILQ6yU0g4gcEFwWfNnQCW3nUSAl6WHPkCRa" 501 -
# ps -aux |grep http|wc -l
212
=============
I have replaced IPs with xxxxx in the logs.Agent Smith: We have come here for you Mr. Anderson. To do to you what you have tried to do to us.
-
07-31-2005, 02:28 AM #2Web Hosting Master
- Join Date
- Jun 2003
- Location
- United States of America
- Posts
- 1,847
what programs running off of apache there? prolly php or cgi my guess? it could be running to many times if you got people accessing a site
please insite us on your website(s) and ram and processorComputer Steroids - Full service website development solutions since 2001.
(612)234-2768 - Locally owned and operated in the Minneapolis, Minnesota area.
-
07-31-2005, 07:23 AM #3Junior Guru
- Join Date
- Dec 2003
- Location
- Sunny So. Calif.
- Posts
- 213
Wouldn't this be more of a flood of requests coming in to his server? PHP or cgi running internally on his server would not show in the access_log. To me it looks like someone is trying to possibly do a buffer overflow.
@thejas - if the IP addresses are the same or just a few, you may want to consider blocking them in APF/Iptables, then restart Apache. If they are all within the same netblock of addresses, then you may have to (at least temporarily) block a range.
-
08-02-2005, 04:34 PM #4Newbie
- Join Date
- Apr 2005
- Location
- Bangalore
- Posts
- 20
Yeh, it was an attempt to do buffer overflow, a kind of DoS attack.
Thank youAgent Smith: We have come here for you Mr. Anderson. To do to you what you have tried to do to us.
-
08-02-2005, 06:38 PM #5Junior Guru Wannabe
- Join Date
- Nov 2002
- Location
- British Columbia, Canada
- Posts
- 47
That's a SYN Flood, not trying to compromise your server.
-
08-03-2005, 05:58 PM #6Newbie
- Join Date
- Apr 2005
- Location
- Bangalore
- Posts
- 20
Can this be stopped, other than by blocking IP`s.
Agent Smith: We have come here for you Mr. Anderson. To do to you what you have tried to do to us.
-
08-03-2005, 07:44 PM #7Junior Guru
- Join Date
- Dec 2003
- Location
- Sunny So. Calif.
- Posts
- 213
There was another post recently in the Technical & Security forum with APF/Iptables rules.
http://www.webhostingtalk.com/showth...hreadid=363499
http://www.webhostingtalk.com/showth...23#post2169023
http://www.webhostingtalk.com/showth...85#post2786185
There are more, use Search, terms: apf iptables syn
-
08-03-2005, 08:10 PM #8Newbie
- Join Date
- Apr 2005
- Location
- Bangalore
- Posts
- 20
I have noticed that most of the hostile IPs were from China and Taiwan.
Is it Chinese Language that is seen as garbage in logs.Agent Smith: We have come here for you Mr. Anderson. To do to you what you have tried to do to us.