Results 1 to 8 of 8
  1. #1
    Join Date
    Apr 2005
    Location
    Bangalore
    Posts
    20

    Question 501 error in apache

    501errors killing apache. Httpd connection increase so high that apache goes down as soon as it is restarted. Do any one have any clue about this weird problem.
    ==========
    #tail -f /usr/local/apache/logs/error_log
    [Sat Jul 30 23:42:40 2005] [error] [client xxxxxxx] Invalid method in request OfQSnUBjyyyN2JxjJSWuLx2six8MP9u4Zr3JVSXHJ6MgASFOliMOq7RBybGjWBtyHPYgg8UdbFbXjkLVikcsiIOoaXmjjC3p71P3oERHyRNGhUTsIB0HQ4ZuIiNNQOSN
    [Sat Jul 30 23:42:40 2005] [error] [client xxxxxxx] Invalid method in request Vp8YPNvIN7giIBGolK3dZvEzFDmDOi5KP5EoCilYSKLhP
    [Sat Jul 30 23:42:45 2005] [error] [client xxxxxxx] Invalid method in request vV1uIP4TztKBWD5EwdxIyBg2CZijw5GFKmZoJc

    #tail -f /usr/local/apache/logs/access_log
    xxxxxx- - [30/Jul/2005:23:44:35 -0400] "r0Lfl0eoJtoibvNTxPsLmRBX" 501 -
    xxxxxx - - [30/Jul/2005:23:44:35 -0400] "dr6DmXXypNS2bRf3l11cwMrNS2jP1Sq0wEWrTnERqmdDN5xgbM2ngD0IhNboqslx" 501 -
    xxxxxx - - [30/Jul/2005:23:44:35 -0400] "-" 408 -
    xxxxxx - - [30/Jul/2005:23:44:35 -0400] "GaLk1AAeG9bnx6ZsbcllqGUqwMt2h9KltrISnD6SX0ooxyW86AjLCaZmlKwYWq1RPxULUH6SmhFZHgaTA" 501 -
    xxxxxx- - [30/Jul/2005:23:44:36 -0400] "i8hRuSwYAfWOA0vYuHEPXs52SexVLqML2NLEs23gKtEQRF23j2j78LwbgMJZLFks46qiJV7pUKf8i8EILQ6yU0g4gcEFwWfNnQCW3nUSAl6WHPkCRa" 501 -

    # ps -aux |grep http|wc -l
    212
    =============

    I have replaced IPs with xxxxx in the logs.
    Agent Smith: We have come here for you Mr. Anderson. To do to you what you have tried to do to us.

  2. #2
    Join Date
    Jun 2003
    Location
    United States of America
    Posts
    1,847
    what programs running off of apache there? prolly php or cgi my guess? it could be running to many times if you got people accessing a site

    please insite us on your website(s) and ram and processor
    Computer Steroids - Full service website development solutions since 2001.
    (612)234-2768 - Locally owned and operated in the Minneapolis, Minnesota area.

  3. #3
    Join Date
    Dec 2003
    Location
    Sunny So. Calif.
    Posts
    213
    Wouldn't this be more of a flood of requests coming in to his server? PHP or cgi running internally on his server would not show in the access_log. To me it looks like someone is trying to possibly do a buffer overflow.

    @thejas - if the IP addresses are the same or just a few, you may want to consider blocking them in APF/Iptables, then restart Apache. If they are all within the same netblock of addresses, then you may have to (at least temporarily) block a range.

  4. #4
    Join Date
    Apr 2005
    Location
    Bangalore
    Posts
    20
    Yeh, it was an attempt to do buffer overflow, a kind of DoS attack.

    Thank you
    Agent Smith: We have come here for you Mr. Anderson. To do to you what you have tried to do to us.

  5. #5
    Join Date
    Nov 2002
    Location
    British Columbia, Canada
    Posts
    47
    That's a SYN Flood, not trying to compromise your server.

  6. #6
    Join Date
    Apr 2005
    Location
    Bangalore
    Posts
    20
    Can this be stopped, other than by blocking IP`s.
    Agent Smith: We have come here for you Mr. Anderson. To do to you what you have tried to do to us.

  7. #7
    Join Date
    Dec 2003
    Location
    Sunny So. Calif.
    Posts
    213
    There was another post recently in the Technical & Security forum with APF/Iptables rules.

    http://www.webhostingtalk.com/showth...hreadid=363499

    http://www.webhostingtalk.com/showth...23#post2169023

    http://www.webhostingtalk.com/showth...85#post2786185

    There are more, use Search, terms: apf iptables syn

  8. #8
    Join Date
    Apr 2005
    Location
    Bangalore
    Posts
    20
    I have noticed that most of the hostile IPs were from China and Taiwan.
    Is it Chinese Language that is seen as garbage in logs.
    Agent Smith: We have come here for you Mr. Anderson. To do to you what you have tried to do to us.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •