TO MANY HTTP SESSIONS - HACKED!

[Killnfritz]

On our BSDI servers, if you use the tool "TOP" it is filled up with http sessions and the processor is pegged at 0% idle. If you restart apache it goes away for awhile. We are running apache 1.3.12, just upgraded to 2.0.40 and the problem is worse! It appears to be a denial of service attack, each process will consume large portions of the processor for long periods of time. Thank you!

 

[Newposter]

What do your logs and your firewall tell you? Can you identify IP addresses so you can block them? Newposter
"Good judgment comes from experience. Experience comes from bad judgment."

 

[Killnfritz]

That could be a problem too. No there is no firewall on these servers. I also cannot find anything in the logs. It has seemed to cool down, but I'm sure it will happen again.

 

[Newposter]

It's very unwise to run any server without firewall software. There are several effective packages out there, and to my knowledge I haven't been successfully hacked in the year that I've been running. Newposter
"Good judgment comes from experience. Experience comes from bad judgment."