Apache under attack and eating resources?

Philip Paeps philip+freebsd at paeps.cx
Sun Sep 28 16:59:43 PDT 2003 

This might be more related to an Apache-security list, but as the machine is
running FreeBSD, I thought I'd ask here first.

In the last two weeks, I've been seeing some very strange errors in my logs a
few times daily around the same times.  While this happens, load averages go
through the roof (I've seen 36+, which is outragous), and the machine becomes
very unresponsive.

First there's a few million of these:

  httpd in free(): warning: recursive call

Many megs of logfiles, in fact, then, suddenly, I get some that yell:

  httpd in malloc(): warning: recursive call

Those are followed closely by:

  [Mon Sep 29 01:10:57 2003] [notice] child pid 88809 exit signal Segmentation fault (11)

And then it repeats, frequently saying these as well:

  httpd in free(): warning: page is already free
  FATAL:  emalloc():  Unable to allocate 40 bytes
  Allowed memory size of 8388608 bytes exhausted (tried to allocate 10 bytes)
  httpd in free(): warning: chunk is already free

My logs are filling up with these, and I'm not sure where to look.
Crossreferencing the times with vhost error logs and access logs isn't turning
up anything spectacular.  The loads around the times when this occurs aren't
staggering either, so I'm thinking perhaps someone is DoS'ing my machine :-/

Has anyone else seen this problem recently?  I found some posts in Google and
other archives mentioning Apache going berzerk like this, but no real
solutions.

I have MaxClients set to 175, and Apache never complains about that being too
low.  I don't have any particular ulimits set, as the defaults always worked
well.  In fact, this is the first time I've ever seen a FreeBSD scream for
resources without me sitting at it and torturing it myself.

Any ideas?

Thanks!

 - Philip [worried]

-- 
Philip Paeps                                          Please don't CC me, I am
                                                       subscribed to the list.

  A real diplomat is one who can cut his neighbor's throat without having
  his neighbor notice it.  -- Trygve Lie

More information about the freebsd-security mailing list