The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Multiple apache failures

Discussion in 'EasyApache' started by remik, May 1, 2005.

  1. remik

    remik Guest

    Hi,
    I have a big problem with my apache server. Chkserv.d restarts the server every ten minutes. I reckon it is connected with some DOS attacks, this is a fragment from my access_log:

    Code:
    195.137.94.62 - - [01/May/2005:19:06:16 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    195.137.94.62 - - [01/May/2005:19:06:20 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    195.137.94.62 - - [01/May/2005:19:06:21 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    195.137.94.62 - - [01/May/2005:19:06:26 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    83.237.36.135 - - [01/May/2005:19:06:28 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    195.137.94.62 - - [01/May/2005:19:06:30 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    195.137.94.62 - - [01/May/2005:19:06:34 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    83.237.36.135 - - [01/May/2005:19:06:34 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    195.137.94.62 - - [01/May/2005:19:06:35 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    195.137.94.62 - - [01/May/2005:19:06:37 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    83.237.36.135 - - [01/May/2005:19:06:40 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    127.0.0.1 - - [01/May/2005:19:06:43 +0200] "GET /whm-server-status/ HTTP/1.0" 200 8964
    83.237.36.135 - - [01/May/2005:19:06:44 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    83.237.36.135 - - [01/May/2005:19:06:52 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    83.237.36.135 - - [01/May/2005:19:06:55 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    83.237.36.135 - - [01/May/2005:19:06:57 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    83.237.36.135 - - [01/May/2005:19:06:59 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    83.237.36.135 - - [01/May/2005:19:07:01 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    83.237.36.135 - - [01/May/2005:19:07:03 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    83.237.36.135 - - [01/May/2005:19:07:04 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    83.237.36.135 - - [01/May/2005:19:07:05 +0200] "GET /~siggies/dscripting/images/dinstaller.gif HTTP/1.1" 404 715
    212.138.47.14 - - [01/May/2005:19:08:29 +0200] "GET /~siggies/dscripting/forums/html/dreadme.gif HTTP/1.0" 404 7
    15
    212.138.113.16 - - [01/May/2005:19:08:29 +0200] "GET /~siggies/dscripting/forums/html/dreadme.gif HTTP/1.0" 404
    715
    12.151.162.14 - - [01/May/2005:18:16:34 +0200] "GET /%7ebestygo/eps/yugioh1/dub/ygo147.zip HTTP/1.1" 404 715
    
    I configured my iptables to block evil IP's, but the attacks are coming from many different adresses. Is there a way to block these attacks using for instance httpd configuration?

    Remik
     
  2. remik

    remik Guest

    I solved the problem. It was not connected with apache configuration and dos attacks :eek:

    Remik
     
  3. WebVandals

    WebVandals Member

    Joined:
    Sep 8, 2003
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    For the benefit of people like me who found this thread because we're having a similar problem, would you mind explaining what the problem was and how you fixed it?
     
  4. remik

    remik Guest

    Hi,
    it was my webpage specific problem. I was using a link exchange system and the server on the other end was down. This caused my webpage to load for an infinite time, chkserv.d treated it as an apache failure and restarted it every time.
     
Loading...

Share This Page