The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

apache problem

Discussion in 'EasyApache' started by kidc, Aug 22, 2007.

  1. kidc

    kidc Registered

    Joined:
    Apr 22, 2007
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    here is the basic of apache status from cpanel window...it goes all the way to 1550 as thats the MaxClients 1550 this just started doing this to day...nothing updated i have everything set to manual .after it fills up and it gets more hits i start getting emails from cpanel telling me apache crashed and was started automagicly only other error is
    (i have all these ip blocks banned for a few months now)
    [Wed Aug 22 18:24:34 2007] [error] [client 218.57.175.213] File does not exist: /home/gotothew/public_html/403.shtml
    [Wed Aug 22 18:27:24 2007] [warn] pid file /usr/local/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
    [Wed Aug 22 18:27:24 2007] [notice] Apache/1.3.37 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.7 Fro$
    [Wed Aug 22 18:27:24 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec)
    [Wed Aug 22 18:27:24 2007] [notice] Accept mutex: sysvsem (Default: sysvsem)
    [Wed Aug 22 18:27:25 2007] [error] [client 60.10.41.24] client denied by server configuration: /home/surfpc/public_html/index.php
    [Wed Aug 22 18:27:25 2007] [error] [client 60.10.41.24] File does not exist: /home/surfpc/public_html/403.shtml
    [Wed Aug 22 18:27:30 2007] [error] [client 60.28.51.226] client denied by server configuration: /home/gotothew/public_html/index.php
    [Wed Aug 22 18:27:30 2007] [error] [client 60.28.51.226] File does not exist: /home/gotothew/public_html/403.shtml
    [Wed Aug 22 18:27:31 2007] [error] [client 218.25.30.14] client denied by server configuration: /home/gotothew/public_html/index.php
    [Wed Aug 22 18:27:31 2007] [error] [client 218.25.30.14] File does not exist: /home/gotothew/public_html/403.shtml
    [Wed Aug 22 18:27:32 2007] [error] [client 220.154.208.23] client denied by server configuration: /home/gotothew/public_html/index.$
    [Wed Aug 22 18:27:32 2007] [error] [client 220.154.208.23] File does not exist: /home/gotothew/public_html/403.shtml


    ..please help...thanks:)



    0-0 3268 0/1/1 R 0.00 10 1 0.0 0.00 0.00 ? ? ..reading..
    1-0 3269 0/1/1 R 0.00 9 1 0.0 0.00 0.00 ? ? ..reading..
    2-0 3270 0/0/0 R 0.00 10 0 0.0 0.00 0.00 ? ? ..reading..
    3-0 3271 0/0/0 R 0.00 10 0 0.0 0.00 0.00 ? ? ..reading..
    4-0 3272 0/0/0 R 0.00 10 0 0.0 0.00 0.00 ? ? ..reading..
    5-0 3273 0/0/0 R 0.00 9 0 0.0 0.00 0.00 ? ? ..reading..
    6-0 3274 0/0/0 R 0.00 8 0 0.0 0.00 0.00 ? ? ..reading..
    7-0 3275 0/0/0 R 0.00 8 0 0.0 0.00 0.00 ? ? ..reading..
    8-0 3280 0/2/2 R 0.00 3 0 0.0 0.00 0.00 ? ? ..reading..
    9-0 3281 0/2/2 R 0.00 3 0 0.0 0.000 0.000 ? ? ..reading..
    10-0 3282 0/2/2 R 0.00 3 0 0.0 0.00 0.00 ? ? ..reading..
    11-0 3283 0/1/1 R 0.00 3 0 0.0 0.0000 0.0000 ? ? ..reading..
    12-0 3284 0/3/3 R 0.00 4 1 0.0 0.01 0.01 ? ? ..reading..
    13-0 3285 0/1/1 R 0.00 2 0 0.0 0.0000 0.0000 ? ? ..reading..
    14-0 3286 0/1/1 R 0.00 4 2 0.0 0.00 0.00 ? ? ..reading..
    15-0 3287 0/1/1 R 0.00 4 2 0.0 0.00 0.00 ? ? ..reading..
    16-0 3288 0/0/0 R 0.00 6 0 0.0 0.00 0.00 ? ? ..reading..
    17-0 3289 0/2/2 R 0.00 4 1 0.0 0.00 0.00 ? ? ..reading..
    18-0 3290 0/1/1 R 0.00 4 1 0.0 0.000 0.000 ? ? ..reading..
    19-0 3291 0/1/1 R 0.00 4 1264 0.0 0.000 0.000 ? ? ..reading..
    20-0 3292 0/1/1 R 0.00 4 1 0.0 0.00 0.00 ? ? ..reading..
    21-0 3293 0/1/1 R 0.00 3 1 0.0 0.00 0.00 ? ? ..reading..
    22-0 3294 0/1/1 R 0.00 4 1 0.0 0.00 0.00 ? ? ..reading..
    23-0 3295 0/1/1 R 0.00 4 1 0.0 0.00 0.00 ? ? ..reading..
    24-0 3296 0/1/1 R 0.00 4 1 0.0 0.00 0.00 ? ? ..reading..
    25-0 3297 0/1/1 R 0.00 4 1 0.0 0.00 0.00 ? ? ..reading..
    26-0 3298 0/1/1 R 0.00 3 1 0.0 0.000 0.000 ? ? ..reading..
    27-0 3299 0/0/0 R 0.00 4 0 0.0 0.00 0.00 ? ? ..reading..
    28-0 3300 0/0/0 R 0.00 4 0 0.0 0.00 0.00 ? ? ..reading..
    29-0 3302 0/0/0 R 0.00 4 0 0.0 0.00 0.00 ? ? ..reading..
    30-0 3303 0/1/1 R 0.00 3 1 0.0 0.00 0.00 ? ? ..reading..
    31-0 3304 0/0/0 R 0.00 4 0 0.0 0.00 0.00 ? ? ..reading..
    32-0 3305 0/0/0 R 0.00 4 0 0.0 0.00 0.00 ? ? ..reading..
    33-0 3306 0/0/0 R 0.00 4 0 0.0 0.00 0.00 ? ? ..reading..
    34-0 3307 0/0/0 R 0.00 4 0 0.0 0.00 0.00 ? ? ..reading..
    35-0 3317 0/0/0 R 0.00 2 0 0.0 0.00 0.00 ? ? ..reading..
    36-0 3316 0/0/0 R 0.00 3 0 0.0 0.00 0.00 ? ? ..reading..
    37-0 3318 0/0/0 R 0.00 2 0 0.0 0.00 0.00 ? ? ..reading..
    38-0 3324 0/0/0 R 0.00 1 0 0.0 0.00 0.00 ? ? ..reading..
    39-0 3326 0/0/0 R 0.00 1 0 0.0 0.00 0.00 ? ? ..reading..
    40-0 3327 0/0/0 R 0.00 1 0 0.0 0.00 0.00 ? ? ..reading..
    41-0 3328 0/0/0 R 0.00 1 0 0.0 0.00 0.00 ? ? ..reading..
    42-0 3329 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    43-0 3330 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    44-0 3331 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    45-0 3332 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    46-0 3333 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    47-0 3334 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    48-0 3335 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    49-0 3336 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    50-0 3337 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    51-0 3338 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    52-0 3339 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    53-0 3340 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    54-0 3341 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    55-0 3342 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    56-0 3343 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    57-0 3344 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    58-0 3345 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    59-0 3346 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    60-0 3347 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    61-0 3348 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    62-0 3349 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..
    63-0 3350 0/0/0 R 0.00 0 0 0.0 0.00 0.00 ? ? ..reading..

    centos 4.5
     
    #1 kidc, Aug 22, 2007
    Last edited: Aug 22, 2007
  2. madaboutlinux

    madaboutlinux Well-Known Member

    Joined:
    Jan 24, 2005
    Messages:
    1,052
    Likes Received:
    2
    Trophy Points:
    38
    Location:
    Earth
    Looking at all those lines, it seems to be an attack. No one can give you an exact solution without having a look at your server. So get an admin and have it checked.


    When the attack is heavy you will not be able to trace the domain under attack or the attacking IP(s). So just kill all the apache connections and as soon as you start it, execute command as:

    http://localhost/whm-server-status

    To trace the domain, try the above command 3-4 in succession and you will see those connections coming back.
     
  3. Bravo

    Bravo Well-Known Member

    Joined:
    Oct 30, 2001
    Messages:
    71
    Likes Received:
    0
    Trophy Points:
    6
    Same problem here.... don't think it's an attack, running R16448

    there are a couple of hundred lines like this when I check ps -aux
    Code:
    nobody    9245  0.0  1.1 65420 22760 ?       S    06:38   0:00 /usr/local/apache/bin/httpd -DSSL
    updats.... well, what d'ya know, it was an attack... checked /usr/local/apache/domlogs to see latest modified domain log file to figure out which domain was getting hammered, tailed the log file and blocked the attacking IPs.

    is there some way to have lfd or cphulk do this automatically? something like if more than x accesses from a single IP in y minutes, then block IP
     
    #3 Bravo, Aug 23, 2007
    Last edited: Aug 23, 2007
Loading...

Share This Page