Greetings,
I need some help in troubleshooting this problem. I'm running Apache 2.4.27
with PHP 7.2, using thread safe shared module (apache2handler).
The problem is that when a script is executing and I run apachectl
graceful-stop, the server terminates immediately, killing all running PHP
Our server started to get hit with a particular URL from many different IPs.
The URL was for the file wp-login.php. We are running PHP but we are not
running Word Press. This looks like some sort of brute force attack. We have
thousands of error log entries that look like this:
[Mon Sep 25
opensuse 42.2
linux v4.4.87-18.29-default x86_64
apache 2.4.23 (Linux/SUSE)
(I did ask this question at a general opensuse forum. No response.)
After a recent Apache2 update by zypper, a series of messages were emitted:
Output of apache2-2.4.23-8.12.1.x86_64.rpm %posttrans script:
Am Dienstag, den 26.09.2017, 09:42 +0200 schrieb Torsten Krah:
> Hm ... so at least the docs should be changed?
FYI: Made a pull request https://github.com/apache/httpd/pull/38
Torsten
smime.p7s
Description: S/MIME cryptographic signature
Am Dienstag, den 26.09.2017, 09:28 +0200 schrieb Torsten Krah:
> I thought and wanted to use what the docs are suggesting to use the
> LuaHookAuthChecker to customize user authentication.
> Implementation seems todo something else.
To answer myself, changing:
LuaHookAuthChecker
Am Montag, den 25.09.2017, 10:29 -0400 schrieb Eric Covener:
> Sorry, a bit swamped today, but AFAICT that is not what an
> auth_checker is underlying httpd API, so I tentatively think that lua
> dev doc is incorrect.
>
> Please have a look at include/http_request.h and server/request.c
> where
