Apache goes berserk

From: Brett Glass (brett@lariat.org)
Date: 06/27/02


Date: Wed, 26 Jun 2002 21:37:41 -0600
To: incidents@securityfocus.com
From: Brett Glass <brett@lariat.org>

This evening, I returned from dinner to find that my Apache 2.0.39 Web
server, running on FreeBSD, was completely unresponsive. A "ps" command
revealed that the server had spawned dozens of child processes. And the
error log had filled up with messages that looked like this:

[Wed Jun 26 15:55:01 2002] [error] server reached MaxClients setting,
consider raising the MaxClients setting
[Wed Jun 26 21:28:36 2002] [warn] child process 164 still did not exit,
sending a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 165 still did not exit,
sending a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 166 still did not exit,
sending a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 167 still did not exit,
sending a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 168 still did not exit,
sending a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 497 still did not exit,
sending a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 498 still did not exit,
sending a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 1307 still did not exit,
sending a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 2965 still did not exit,
sending a SIGTERM

...and many more similar messages. These were followed by a continuous
stream of messages like the following:

httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free

It doesn't LOOK as if anyone broke in, but the fact that the Web server
was tied up in knots until I shut it down and restarted it is disturbing.
Anyone else seeing such activity?

--Brett Glass

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • RE: httpd in /tmp - Sound advice sought
    ... shellbind.c:16: warning: passing arg 2 of `memset' makes integer from ... httpd in /tmp - Sound advice sought ...
    (freebsd-questions)
  • Re: Php apachec problem
    ... httpd in free: warning: chunk is already free. ... httpd in free: warning: junk pointer, ...
    (freebsd-questions)
  • Php apachec problem
    ... httpd in free: warning: chunk is already free. ... To unsubscribe, ...
    (freebsd-questions)
  • why did my apache restart?
    ... Jan 30 21:36:31 newserver httpd: httpd shutdown succeeded ... and my httpd error log says: ... sending a SIGTERM ...
    (comp.os.linux.security)