| View previous topic :: View next topic |
| Author |
Message |
quijibo
n00b
Joined: 27 Feb 2003
Posts: 20
|
 Posted: Thu Oct 14, 2004 7:39 pm Post subject: My Apache server has gone crazy (maybe?) |
 |
|
Hello,
I need some advice/help on what to do about my ailing apache server. I am using the 2.6 kernel and the 2.0.52 version of apache right now with ssl and php. Everything works fine as well. the problem is that my apache server as of this last sunday has mysteriously decided to start talking with itself. I first noticed this when my webcounter was going up three or four times every time i refreshed the page. at first i thought my content management system was the problem, but after looking at the access_log I can see that its the apache server thats causing the problem. I get messages such as:
| Code: | | 221.184.188.65 - - [10/Oct/2004:16:38:47 +0900] "GET /index.php? HTTP/1.1" 200 16918 "-" "-" |
And lots of them!  Acually I have an entry for every second. So as you can imagine the log file will fill up quite quickly.
The reason that I believe that it is the apache server is because I ran sniffit to see where these requests are originating from, and they come from behind my router out ot my current IP address, my connection is dynamic. I do have everything behind here setup as static though. The thing that I can't really understand is that, it was working fine 100% when I first started this in April up until the 10th around 1pm or so. After that it just suddently decided to talk to itself.
Would anyone out there happen to know what I could do to fix this? I really dont have to have to re-install everything all over again. I tried re-emerging apache which didnt help, at the time this happened I wasn't doing anything to the server either. I didn't sync until two nights ago. Again, I have no problem with getting it to work, its just that the server keeps sending requests to itself every second. Thats not good for my counter or my file log size. Any help would really be appreciated. I am going crazy over this one.
Thanks. |
|
| Back to top |
|
 |
stickboy2642
Tux's lil' helper
Joined: 21 Jan 2004
Posts: 129
Location: MT, USA
|
| Posted: Thu Oct 14, 2004 9:43 pm Post subject: |
|
|
I am a little bit confused by your post:
| Quote: | | they come from behind my router out ot my current IP address, my connection is dynamic. I do have everything behind here setup as static though. |
Does this mean that all of the machines behind your router (including the webserver) have static IP addresses while your router itself has a dynamic address (I am assuming from your ISP)? Do the requests originate from the IP of your Apache server or the dynamic IP?
Also, do you have any monitoring systems installed such as Mon or Nagios? These are sometimes configured to hit your website to make sure that the webserver is still alive and answering requests. Is this a possibility?
_________________
<?PHP
if ($desireToSolveProblem > 0){
solve($problem);
}else{
drink($beer);
} ?> |
|
| Back to top |
|
|
quijibo
n00b
Joined: 27 Feb 2003
Posts: 20
|
| Posted: Fri Oct 15, 2004 4:05 am Post subject: ocnfused |
|
|
I have three machines hooked into my router. Two PCs and a PS2. They are all assigned static IPs from my router. The router itself is assigned a dynamic IP from the ISP. After running sniffit on my network, it shows my server is talking to itself. What i mean by that is sniff it shows this: 192.168.1.100 80 -> 221.184.188.65 66325 While watching this call I can see that it is repeteadly hitting the web server over and over again. It only appears to run when I start apache. It also doesnt connect to the same port everytime. But usually some other port in the high end range (30000 or higher).
As for any of the monitoring systems, I do not have any installed. I'm really confused because it all worked fine last week. Just this week, it suddenly started to call (attack?) itself. I can see it in the access_log file. There were however some SEARCH commands before apache started doing this. Could have have any affect on it? I really don't see how since that time, I have rebooted all my machines and recompiled apache.
Hope this gives a better idea. |
|
| Back to top |
|
|
xbmodder
Guru
Joined: 25 Feb 2004
Posts: 404
|
| Posted: Fri Oct 15, 2004 4:31 am Post subject: |
|
|
| do you have any X-girl friends? your geting DoSed |
|
| Back to top |
|
|
quijibo
n00b
Joined: 27 Feb 2003
Posts: 20
|
| Posted: Fri Oct 15, 2004 5:57 am Post subject: really? |
|
|
from my own machine? @.@
i have to go to work, I will try changing the IP but the "attack" is coming from my own server, since it only appears to happen when I turn on the apache server. but then again i guess it cant happen until i open that port.
i would think that if i am being attacked though it would be coming from an IP other than my own though. |
|
| Back to top |
|
|
Jeremy_Z
l33t
Joined: 05 Apr 2004
Posts: 671
Location: Shanghai
|
| Posted: Fri Oct 15, 2004 6:11 am Post subject: |
|
|
Just shut down apache and sniff the packets comming, you should see unreplyed request if you are being dosed.
_________________
"Because two groups of consumers drive the absolute high end of home computing: the gamers and the porn surfers." /.
My gentoo projects, Kelogviewer and a QT4 gui for etc-proposals |
|
| Back to top |
|
|
quijibo
n00b
Joined: 27 Feb 2003
Posts: 20
|
| Posted: Sat Oct 16, 2004 7:11 am Post subject: hm... |
|
|
Well, thats what I did at first, I stopped the server and sniffed but there are no incoming packets until only after I start the server.
fwiw, I did go ahead and change my IP. And that seems to have fixed whatever problem was happening. My only problem now is that my zoneedit isnt properly forwarding my MX address. Sigh, the saga continues. Thanks for all the help though. |
|
| Back to top |
|
|
|
Networking & Security
