Dear all,
I'm the system admin of a web server and I found these errors in my
apache logs:
[Tue Feb 07 10:35:08 2012] [warn] (43)Identifier removed: Failed to
release SSL session cache lock
[Tue Feb 07 10:36:04 2012] [warn] (43)Identifier removed: Failed to
acquire SSL session cache lock
[Tue Feb 07 10:36:04 2012] [warn] (43)Identifier removed: Failed to
release SSL session cache lock
[Tue Feb 07 10:36:05 2012] [warn] child process 21599 still did not
exit, sending a SIGTERM
[Tue Feb 07 10:36:06 2012] [notice] caught SIGTERM, shutting down
also some traces of Dfind web scanner:
[Mon Feb 06 05:54:01 2012] [error] [client 88.46.75.27] client sent
HTTP/1.1 request without hostname (see RFC2616 section 14.23):
/w00tw00t.at.ISC.SANS.DFind:)
I have added a rule into my iptables to block this and so far so good
However I don't know how these "failed to release SSL session cache
lock" managed to bring my apache server down and if they are somehow
related to these Dfind scans.
Any ideas?
Regards,
Miguel
Dear all,
I'm the system admin of a web server and I found these errors in my
apache logs:
[Tue Feb 07 10:35:08 2012] [warn] (43)Identifier removed: Failed to
release SSL session cache lock
[Tue Feb 07 10:36:04 2012] [warn] (43)Identifier removed: Failed to
acquire SSL session cache lock
[Tue Feb 07 10:36:04 2012] [warn] (43)Identifier removed: Failed to
release SSL session cache lock
[Tue Feb 07 10:36:05 2012] [warn] child process 21599 still did not
exit, sending a SIGTERM
[Tue Feb 07 10:36:06 2012] [notice] caught SIGTERM, shutting down
also some traces of Dfind web scanner:
[Mon Feb 06 05:54:01 2012] [error] [client 88.46.75.27] client sent
HTTP/1.1 request without hostname (see RFC2616 section 14.23):
/w00tw00t.at.ISC.SANS.DFind:)
I have added a rule into my iptables to block this and so far so good
However I don't know how these "failed to release SSL session cache
lock" managed to bring my apache server down and if they are somehow
related to these Dfind scans.
Any ideas?
Regards,
Miguel
