LinkBack URL
About LinkBacksIs there still no fix for apache failing? It happens every couple of days, the apache monitor says its up but apache just dies in memory, really makes cpanel useless
apache keeps on failing
Is there still no fix for apache failing? It happens every couple of days, the apache monitor says its up but apache just dies in memory, really makes cpanel useless
same problem here
we had this - if you have resellers its probably because of an error with terminating accounts. Temporarily you can disable the terminate account feature, but we upgraded CPanel a couple of days ago and the problem resolved...
Jo
no just one site on the server no resellers
Same problem here with a server thats been working flawless for 8 months..
Somethings up here?
Apache 1.3.26
redhat 7.1
cPanel5 Build 123
php 4.22
We have the same problem on several servers now -- Apache now fails every couple of days, or at least once a week. Before this, it had never failed before.
The problem started when CPanel was upgraded.
Urban Weigl
http://hostit365.com/
seems its affecting all OS we have:
Apache 1.3.26
redhat 7.3
cPanel5 Build 123
php 4.2.3
I have had apache fail a lot more than normal also. I thought it had something to do with the CPanel 5 upgrade at first, but after searching the access log for the server I see it's something else. I matched the entries in the access log to the time I received the apache warning from the server monitor and found this:
[Wed Sep 25 07:22:32 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:32 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:32 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:33 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:33 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:33 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:33 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:33 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:33 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:34 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:34 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:34 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:34 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:34 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:34 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:34 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:34 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:34 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
This is a snippet of what was in the log, it was many more hits. The timing of these entries are consistent with the timing from the apache &down& warnings from the server monitor. These entries appear in the access_log, not the error_log. I suspect it's somehow related to the new Slapper Worm, but I'm not sure.
duplicate post
Yes, confirmed here too, same error message at the time apache crashed here too..
Has anyone notified Nick though support, this should be sent to him as a ticket since I'm sure it is a problem with lots of servers.
[quote:52cf61dd76][i:52cf61dd76]Originally posted by Curious Too[/i:52cf61dd76]
I have had apache fail a lot more than normal also. I thought it had something to do with the CPanel 5 upgrade at first, but after searching the access log for the server I see it's something else. I matched the entries in the access log to the time I received the apache warning from the server monitor and found this:
[Wed Sep 25 07:22:32 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:32 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:32 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:33 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:33 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:33 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:33 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:33 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:33 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:34 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:34 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:34 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:34 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:34 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:34 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:34 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:34 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Wed Sep 25 07:22:34 2002] [error] [client 204.192.96.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
This is a snippet of what was in the log, it was many more hits. The timing of these entries are consistent with the timing from the apache &down& warnings from the server monitor. These entries appear in the access_log, not the error_log. I suspect it's somehow related to the new Slapper Worm, but I'm not sure.[/quote:52cf61dd76]
confirmed ..thanks for your posts guys. I have seen this crash httpd as well...and it's funny I searched my access_log and even found that same IP hit my box along with a few more. Must be a worm.
Just keeping my "eye" on things....
R. Paul Mathews
RPMWS - diehard cPanel Nutcase
I don't think it's a CPanel issue. There was a discussion on the ISP-Linux list today regarding the issue -- basically the Slapper Worm probes are mimicing a mini DOS attack. Here's a post from the list:
&Recently I have been getting bombarded by slapper probes coming from various IP's around the world... These people are scanning one of our complete class c netblocks, and opening connections to every single one of our virtual domains at once... This is causing Apache to throttle the number of daemons, thereby causing a denial of service attack...&
You can try blocking the IPs but it gets tedious if you have a lot of servers to maintain. Any other suggestions?
ours is not the slapper worm and has been happening for some weeks now
[quote:a35aaaaf2f][i:a35aaaaf2f]Originally posted by Curious Too[/i:a35aaaaf2f]
I don't think it's a CPanel issue. There was a discussion on the ISP-Linux list today regarding the issue -- basically the Slapper Worm probes are mimicing a mini DOS attack. Here's a post from the list:
&Recently I have been getting bombarded by slapper probes coming from various IP's around the world... These people are scanning one of our complete class c netblocks, and opening connections to every single one of our virtual domains at once... This is causing Apache to throttle the number of daemons, thereby causing a denial of service attack...&
You can try blocking the IPs but it gets tedious if you have a lot of servers to maintain. Any other suggestions?
[/quote:a35aaaaf2f]
Slapper can not do anything with Cpanel boxes if you have security updates enabled in WHM; you shouldn't have to worry about this.
http://forums.cpanel.net/read.php?TID=4602
http://forums.cpanel.net/read.php?TID=4634
http://forums.cpanel.net/read.php?TID=4759
About Apache failures, Which modules have you compiled with your Apache?
Please use messengers to contact me:
MSN: patrickay@msn.com
AIM: PatrickITF
[quote:5711b7ef9f][i:5711b7ef9f]Originally posted by itf[/i:5711b7ef9f]
[quote:5711b7ef9f][i:5711b7ef9f]Originally posted by Curious Too[/i:5711b7ef9f]
I don't think it's a CPanel issue. There was a discussion on the ISP-Linux list today regarding the issue -- basically the Slapper Worm probes are mimicing a mini DOS attack. Here's a post from the list:
&Recently I have been getting bombarded by slapper probes coming from various IP's around the world... These people are scanning one of our complete class c netblocks, and opening connections to every single one of our virtual domains at once... This is causing Apache to throttle the number of daemons, thereby causing a denial of service attack...&
You can try blocking the IPs but it gets tedious if you have a lot of servers to maintain. Any other suggestions?
[/quote:5711b7ef9f]
Slapper can not do anything with Cpanel boxes if you have security updates enabled in WHM; you shouldn't have to worry about this.
http://forums.cpanel.net/read.php?TID=4602
http://forums.cpanel.net/read.php?TID=4634
http://forums.cpanel.net/read.php?TID=4759
About Apache failures, Which modules you have compiled with your Apache?[/quote:5711b7ef9f]
Not the worm itself, but probes, supposedly from the worm. Everyone of my apache failures have coincided with these types of attacks:
203.69.74.172 - - [25/Sep/2002:16:09:53 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:09:54 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:09:56 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:09:57 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:09:57 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:09:59 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:00 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:00 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:02 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:02 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:02 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:04 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:05 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:05 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:11 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:12 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:13 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:13 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:13 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:13 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:13 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:13 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:13 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:14 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:14 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:17 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:18 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:18 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:18 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:18 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:18 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:18 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:18 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:19 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:19 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:22 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:23 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:23 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:23 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:23 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:24 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:24 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:24 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:24 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:28 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:28 -0400] &-& 408 - &-& &-&
203.69.74.172 - - [25/Sep/2002:16:10:28 -0400] &-& 408 - &-& &-&
The servers are updated and not infected.
Reply With Quote