I already started the server couple of times, but still getting the same error in error log. I also checked the access log and there is nothing evident at 4 am.
--- Jason Yates <[EMAIL PROTECTED]> wrote: > I heard of a couple other people complaining the red > hat patch didn't seem > to work. Maybe you didn't restart the service after > you reinstalled the > package. Run like a "service httpd restart" on red > hat. > > -Jason Yates > > -----Original Message----- > From: khan rohail [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, June 26, 2002 3:32 PM > To: [EMAIL PROTECTED] > Subject: RE: Apache Problem, Hack, Worm, or > Something else > > > I have already done that, I mean applied the patch. > I > am running apach 1.3.22 and applied the patch by > redhat which is 1.3.22-6 for Redhat 7.2. > Now I am wondering whether Redhat patch is really > working or is it just me. > > > --- Jason Yates <[EMAIL PROTECTED]> wrote: > > It's sounds like the Apache remote chunk DOS. > Bah, > > has anyone else been > > seeing this? Upgrade your Apache servers > > immediately to Apache 1.3.26. > > > > For more information check out, > > > > http://www.cert.org/advisories/CA-2002-17.html > > > > > > -Jason Yates > > > > > > -----Original Message----- > > From: khan rohail [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, June 25, 2002 11:42 AM > > To: [EMAIL PROTECTED] > > Subject: Apache Problem, Hack, Worm, or Something > > else > > > > > > I am new to this, I searched for the following > > errors > > but wasnt pointed to something specific. I want to > > know whether my machine was hacked or there is > > something. > > I did check my cron jobs and there is nothing > which > > is > > should start the httpd server. > > > > If I am not mistaken the ador worm does the same > > thing > > at 4:02 am but I checked that too throug > ./adorefind > > but negative. > > > > Need some help here from gurus! > > > > > > Tue Jun 25 04:02:04 2002] [warn] child process > 6383 > > did not exit, sending another SIGHUP > > [Tue Jun 25 04:02:04 2002] [warn] child process > 6384 > > did not exit, sending another SIGHUP > > [Tue Jun 25 04:02:04 2002] [warn] child process > 6385 > > did not exit, sending another SIGHUP > > [Tue Jun 25 04:02:04 2002] [warn] child process > 6386 > > did not exit, sending another SIGHUP > > [Tue Jun 25 04:02:04 2002] [warn] child process > 6395 > > did not exit, sending another SIGHUP > > [Tue Jun 25 04:02:04 2002] [warn] child process > 6396 > > did not exit, sending another SIGHUP > > [Tue Jun 25 04:02:04 2002] [warn] child process > 6397 > > did not exit, sending another SIGHUP > > [Tue Jun 25 04:02:04 2002] [warn] child process > 6398 > > did not exit, sending another SIGHUP > > [Tue Jun 25 04:02:04 2002] [warn] child process > 7946 > > did not exit, sending another SIGHUP > > [Tue Jun 25 04:02:04 2002] [warn] child process > 7981 > > did not exit, sending another SIGHUP > > [Tue Jun 25 04:02:04 2002] [warn] child process > 7994 > > did not exit, sending another SIGHUP > > [Tue Jun 25 04:02:04 2002] [warn] child process > 7995 > > did not exit, sending another SIGHUP > > [Tue Jun 25 04:02:04 2002] [warn] child process > 7998 > > did not exit, sending another SIGHUP > > [Tue Jun 25 04:02:04 2002] [warn] child process > 7999 > > did not exit, sending another SIGHUP > > [Tue Jun 25 04:02:04 2002] [warn] child process > 8000 > > did not exit, sending another SIGHUP > > [Tue Jun 25 04:02:04 2002] [warn] child process > 8001 > > did not exit, sending another SIGHUP > > [Tue Jun 25 04:02:04 2002] [warn] child process > 8432 > > did not exit, sending another SIGHUP > > [Tue Jun 25 04:02:06 2002] [notice] SIGHUP > received. > > Attempting to restart > > [Tue Jun 25 04:02:08 2002] [notice] Apache/1.3.22 > > (Unix) (Red-Hat/Linux) mod_ssl/2.8.5 > OpenSSL/0.9.6b > > mod_perl/1.26 configured -- resuming normal > > operations > > [Tue Jun 25 04:02:08 2002] [notice] suEXEC > mechanism > > enabled (wrapper: /usr/sbin/suexec) > > [Tue Jun 25 04:02:08 2002] [notice] Accept mutex: > > sysvsem (Default: sysvsem) > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! - Official partner of 2002 FIFA World Cup > > http://fifaworldcup.yahoo.com > > > > > ATTACHMENT part 2 application/octet-stream > name=Remote Apache 1.3.x Exploit.url > > > > __________________________________________________ > Do You Yahoo!? > Yahoo! - Official partner of 2002 FIFA World Cup > http://fifaworldcup.yahoo.com > __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
