|
Search tenon.com
Thanks to:
|
|
WebTen
Re: Webten asphixy (The Continuing Saga)
>Alas, it seems to report the proper thing for me. But my server hung
>at 1:47am last night and wasn't discovered until 10am this morning. I
>hate this...at least when it was crashing, I could deal with it. All
>I get now is a email telling me it's down, which doesn't help when
>I'm asleep at home.
>
>I still think the problem has to be related to this error:
>
>[Wed Oct 3 11:14:50 2001] accept: (client socket): Connection refused
>[Wed Oct 3 11:14:51 2001] pid 75 Child 90 returned a fatal error -
>Apache is exiting!
>
>I did a search through my archived error logs from 5/9/01 through
>10/2/01 and this error first appeared 9/18/01. It showed up:
>
>9/18 1 time
>9/24 15 times
>9/25 3 times
>9/26 4 times
>9/27 2 times
>9/28 1 time
>10/1 5 times
>10/2 10 times
>
>I have looked up some of the times in the transfer log and see
>nothing obvious as far as requested file or any other sort of
>pattern. They seem to be regular files being served at that time. So
>unless the offending thing isn't being logged, it might not be an
>offending request made to the server but perhaps some other type of
>attack?
>
>McAffee reports that the date of discovery for NIMDA is 9/18 which is
>when this started showing up. It's also about the time these stalls
>started to occur for me. On around 9/26 I did a full format and
>reinstall of my server software, and copied over only the settings
>files from WebTen, while reconfiguring everything else from scratch.
>I think this helped overall stability, but the stalls continue.
>
>Anyone know how to write an applescript that I can run remotely to
>tell Webten on that machine to quit and restart? For now I'm having
>Kickoff restart nightly, but that'll only help if the stall happens
>before the restart. I thought I was forming a pattern, last nights
>stall was around 2am, the night before around 1:45am, but the two
>before that were like 8:30pm and 2:10pm.
>
>Michael
>
Hi again,
I wish I had some more advice, but my WebTen is running flawlessly
since disabling Squid & faster too. Perhaps you could trial IPNetsentry &
see what happend when you 'screen' stuff using the on the filters it
creates. If it is indeed Nimda that's creating the problems, at least it
should stop the Nimda machines actually probing your server. Some people
seem to be having success with that.
My own stalling prior to disabling Squid also began at the time
Nimda appeared, so I think you're right there.
I noticed in my own logs, apart from the Nimda attacks which call
up files such as cmd.exe etc... that I'm getting a lot of port 80 scans
with the error code 408. This morning I noticed in the logs a call which
ended in: 80x 400 It has me stumped as well.
Bye for now, Terry Allen
___________________________________________________________________
hEARd
Postal Address:
hEARd
c/o 128 The Entrance Rd
The Entrance
NSW 2261
Australia
Internet -
WWW:
http://heard.com.au or http://www.ozemail.com.au/~hmag
http://hosting.heard.com.au
Interactive Message Board - http://heard.com.au/wwwboard/
EMAIL: (checked every Thursday & Sunday, sometimes more often)
hmag@xxxxxxxxxxxxxx
----------------------------------
Non profit promotion for new music
----------------------------------
Also, check out the Educate site - http://www.educate.net.au
--------- ----------
Tenon Intersystems' webten Mailing List
To unsubscribe: send mailto://webten-request@xxxxxxxxxxxxxxx
with the body: unsubscribe
Find searchable Mailing List archives at:
http://listsearch.blueworld.com/webtensearch.lasso
|
| Tenon Home |
Products |
Order |
Contact Us |
About Tenon |
Register |
Tech Support |
Resources |
Press Room |
Mailing Lists |
|
Copyright©2003 Tenon Intersystems, 232 Anacapa Street, Suite 2A, Santa Barbara,
CA 93101. All rights reserved.
Questions about our website - Contact:
webmaster@tenon.com.
|
|
