FYI, I believe I have tracked this problem down to the Mutex file
being deleted during routine maintenance. Since recreating the Mutex
file (via restart) I haven't seen the problem recur, and there have
been a few hits from the worm.
Sorry for the alarm. Nothing to see here.
On Sun, Sep 29, 2002 at 12:54:02PM -0700, P a u l Guth wrote:
> Starting last Thursday, we started to see one of our webservers
> become unresponsive for about 10 minutes...it seemed to be correlated
> with what appeared to be a slapper/OpenSSL worm attack. We are
> not vulnerable to the worm but the attack seemed to use up some
> resources (not CPU) that prevented apache from answering more requests.
> Note that it corrects itself after 10 minutes or so without manual
> intervention.
>
> Here's the ouput of our Server: header.
> Server: Apache/1.3.26 (Unix) mod_ssl/2.8.9 OpenSSL/0.9.6g mod_jk
>
> The error in the logs is:
> [Thu Sep 26 20:55:18 2002] [error] OpenSSL: error:1406B458:SSL
>routines:GET_CLIENT_MASTER_KEY:key arg too long
>
> There also are a lot of errors like this that start at the same time:
> [Thu Sep 26 20:49:36 2002] [error] mod_ssl: Child could not open SSLMutex lockfile
>/usr/local/apache/logs/ssl_mutex.22003 (System error follows)
>
> And sure enough the mutex file on that server is gone. It comes
> back on restart...but what the heck is going on here? Anyone having
> similar issues?
>
> This is driving me crazy as this is on our production servers and
> I'm not going to get a wink of sleep tonight unless I figure out
> how to stop it....
>
> ___________________________________________________________________
> P a u l
> [EMAIL PROTECTED]
>
--
___________________________________________________________________
P a u l
[EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
