On Sun, 2012-02-12 at 20:02 +0100, Miguel González Castaños wrote: > Dear all, > > I'm the system admin of a web server and I found these errors in my > apache logs: > > [Tue Feb 07 10:35:08 2012] [warn] (43)Identifier removed: Failed to > release SSL session cache lock > [Tue Feb 07 10:36:04 2012] [warn] (43)Identifier removed: Failed to > acquire SSL session cache lock > [Tue Feb 07 10:36:04 2012] [warn] (43)Identifier removed: Failed to > release SSL session cache lock > [Tue Feb 07 10:36:05 2012] [warn] child process 21599 still did not > exit, sending a SIGTERM > [Tue Feb 07 10:36:06 2012] [notice] caught SIGTERM, shutting down > > also some traces of Dfind web scanner: > > [Mon Feb 06 05:54:01 2012] [error] [client 88.46.75.27] client sent > HTTP/1.1 request without hostname (see RFC2616 section 14.23): > /w00tw00t.at.ISC.SANS.DFind:) >
Wouldn't worry too much, the world is full of scan scripts, both good, and some bad. > I have added a rule into my iptables to block this and so far so good > > However I don't know how these "failed to release SSL session cache > lock" managed to bring my apache server down and if they are somehow > related to these Dfind scans. > What OS, kernel, httpd version? If linux, /var/log/messages|kernel_log|daemon_log can also often give some indication of problems.
signature.asc
Description: This is a digitally signed message part
