-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Artur,
On 11/25/16 8:42 AM, Jaaz Portal wrote: > hi, we are from some weeks struggling with some Polish hackers that > are bringing our server down. After updating apache to latest > version (2.4.23) and tomcat (8.0.38) available for debian systems > we still cannot secure our server. > > Today it has stopped to respond again and we needed to restart > tomcat process to get it back alive. > > There is no too much clues in the logs. The apache error.log gives > just this line: > > [Fri Nov 25 13:08:00.647835 2016] [mpm_event:error] [pid 13385:tid > 1397934896385 92] AH00484: server reached MaxRequestWorkers > setting, consider raising the MaxR equestWorkers setting > > seems that somehow tomcat, mod-jk2 or even apache is vulnerable to > some new exploit, as we certainly does not have such traffic that > would block our server otherwise > > for now we have increased MaxRequestWorkers and we have limited > number of connections from one client to 5 by mod_bw and limited > number of simultaneous connections from one ip by iptables but does > not know if this will help 1. There is no indication here of any exploit being used against any vulnerability. This sounds like a DDOS attack, and server software really can't be used to mitigate these kinds of things. Instead, you need to work at the network level to drop the malicious traffic before it gets to your servers. 2. mod-jk2? That project was abandoned over a decade ago. Please discontinue using it this instant. Seriously, go replace it with mod_jk or mod_proxy_ajp NOW, and then come back to reply. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYON2rAAoJEBzwKT+lPKRYYnQQAJ3EVA56G5LiINdUXL4Ll1wA jSk0G6hPbz02r8K4YNRrb4CiItZIYNQtmzMZQN3cGXptu+wp+sZE6XjvKc1fVcsi 0vnkZJt7sXvaU8s2JYT5XEun+XKmoexFRzBOvm0k+S7FuUiiJve0KeSW04jeNDBW 4JwBQ8VSn3sucpP9W2qvM0MieQAvViCCxI4iaCBJZi1Pa+z3sNKvHpUNFfmRAf4e RfJdf0IAahLIXgWADtpLhPVzdBTpqsccNHHVCHSWGrSn/JAtaAbEbdnsG0J7Ds6d ep8p+fJEwT5jL4s76e7d4Yr5d0cTrxpCWjZp+4eXxxSDWam+kdeShs1iIBxxe0+N 5WEiHTN4gSdTHGElb6owip5HkNE8HlFnlEyyP/tesDl2faHFrKqShzvbJKqaX7Za FYnKzccoUL4oXldisl+q1Barvb4kUWocp4XxbbaxjzYNCfrZ01NvqneANtBR1r6w 38IyiWw7U9GGhAwu2ZAYR7pDETVIpgzCfO1loft8bhF3tW0NlY7W0cGTBx/kmkd/ I5jXKTQFbbfyf1ra23a1umLMMyppb38k073MMcji+HngDo+po9GsIOh9ox5puAH6 oFB65IG8XhvRtgC2AVognjt8kZizIb8iK/ShleM/YsQ+zf/HPFUha32Q2XTDLhUU xvD+NkYL/TAvl8ysJsL8 =WTRu -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org