Re: xmlrpc.php causing system hang?
From: Bernard Cheah [MVP] (qbernard_at_hotmail.com.discuss)
Date: 11/15/05
- Next message: Bernard Cheah [MVP]: "Re: Wildcard SSL possible at domain level?"
- Previous message: Miha Pihler [MVP]: "Re: What do these Account Names mean?"
- In reply to: Mark Lordi: "xmlrpc.php causing system hang?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Nov 2005 16:07:37 +0800
Well, look at the iis log file and see if the request reach IIS.
Next, this is the latest worm targeting on various php application... so
make sure you are patch
http://www.securityfocus.com/bid/14088
-- Regards, Bernard Cheah http://www.iis-resources.com/ http://www.iiswebcastseries.com/ http://www.msmvps.com/bernard/ "Mark Lordi" <mlordi@gmail.com> wrote in message news:1131981337.665453.118180@z14g2000cwz.googlegroups.com... > Hello everyone! first time posting here. I have a windows 2000 server > running iis 5. I am having this weird problem of late (started around > 11/7/2005). I noticed in my event viewer under system that I have been > getting these timeout messages from a file called xmlrpc.php. Now the > weird thing is that this message is happening about every fifteen > minutes. The exact error message is: > > > The script started from the URL '/blog/xmlsrv/xmlrpc.php' with > parameters '' has not responded within the configured timeout period. > The HTTP server is terminating the script. > For additional information specific to this message please visit the > Microsoft Online Support site located at: > http://www.microsoft.com/contentredirect.asp. > > > The URL changes though to a few different locations. > Here are some: > blog/xmlrpc.php > blogs/xmlrpc.php > wordpress/xmlrpc.php > blog/xmlsrv/xmlrpc.php > blog/xmlsrv/xmlrpc.php > > > Now eventually my webserver seems to not be able to handle the timeout > sessions and then sometime overnight will eventually stop servering web > > requests. It seems as though everything is running normally (services > and everything look fine.) But when you bring up the URL it comes up > with a DNS error. Now if I go and stop and restart the WWW publishing > service everything starts running fine again. > > > I have found some information about a virus called lupii or lupper. > This virus is targeted at Linux machines though. > > > So does anyone know of other things I can check to make sure I am > protected, or how to filter out these requests? I really need help > since this is just getting so bothersome now. Any help or ideas are > appreciated. Thank you very much for your time. > > > Mark >
- Next message: Bernard Cheah [MVP]: "Re: Wildcard SSL possible at domain level?"
- Previous message: Miha Pihler [MVP]: "Re: What do these Account Names mean?"
- In reply to: Mark Lordi: "xmlrpc.php causing system hang?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
