Apache/perl very huge loads

D

decafranky

Verified User
Joined
Aug 22, 2004
Messages
120
I have very huge loads, command run on perl by user apache.

I can't find any reason, only thing i can do is a cron job with killall -9 perl processes.

Command is always syslogd (perl), anybody knows how to disable this?

Need help!

14192 apache 16 0 9676 3844 968 S 0.3 0.3 0:00.04 perl
14200 apache 16 0 9676 3844 968 S 0.3 0.3 0:00.04 perl
14204 apache 16 0 9676 3844 968 S 0.3 0.3 0:00.05 perl
14214 apache 16 0 9524 3844 968 S 0.3 0.3 0:00.05 perl
14218 apache 16 0 9524 3844 968 S 0.3 0.3 0:00.04 perl
14220 apache 16 0 9524 3844 968 S 0.3 0.3 0:00.04 perl
14229 apache 16 0 9524 3844 968 S 0.3 0.3 0:00.05 perl
14234 apache 16 0 9676 3844 968 S 0.3 0.3 0:00.04 perl
14242 apache 16 0 9524 3844 968 S 0.3 0.3 0:00.04 perl
14245 apache 16 0 9676 3844 968 S 0.3 0.3 0:00.03 perl
14250 apache 16 0 9524 3844 968 S 0.3 0.3 0:00.04 perl
14254 apache 16 0 9524 3844 968 S 0.3 0.3 0:00.04 perl
14262 apache 16 0 9524 3844 968 S 0.3 0.3 0:00.04 perl
14264 apache 16 0 9524 3848 968 S 0.3 0.3 0:00.04 perl
14272 apache 16 0 9524 3844 968 S 0.3 0.3 0:00.03 perl
14276 apache 16 0 9524 3844 968 S 0.3 0.3 0:00.03 perl
14284 apache 16 0 9524 3844 968 S 0.3 0.3 0:00.03 perl
14287 apache 16 0 9676 3848 968 S 0.3 0.3 0:00.03 perl
14292 apache 16 0 9524 3848 968 S 0.3 0.3 0:00.04 perl
14294 apache 16 0 9676 3848 968 S 0.3 0.3 0:00.04 perl
14309 apache 16 0 9524 3848 968 S 0.3 0.3 0:00.04 perl
14315 apache 16 0 9524 3848 968 S 0.3 0.3 0:00.03 perl
14327 apache 16 0 9524 3848 968 S 0.3 0.3 0:00.02 perl
14331 apache 16 0 9524 3848 968 S 0.3 0.3 0:00.04 perl
14339 apache 16 0 9524 3848 968 S 0.3 0.3 0:00.03 perl
14360 apache 16 0 9676 3848 968 S 0.3 0.3 0:00.03 perl
14366 apache 16 0 9676 3848 968 S 0.3 0.3 0:00.02 perl
14370 apache 16 0 9676 3848 968 S 0.3 0.3 0:00.02 perl
14376 apache 16 0 9676 3856 968 S 0.3 0.3 0:00.03 perl
14390 apache 16 0 9676 3848 968 S 0.3 0.3 0:00.02 perl
14395 apache 16 0 9676 3848 968 S 0.3 0.3 0:00.02 perl
14404 apache 16 0 9524 3848 968 S 0.3 0.3 0:00.02 perl
14406 apache 16 0 9676 3848 968 S 0.3 0.3 0:00.02 perl
14409 apache 16 0 9524 3848 968 S 0.3 0.3 0:00.03 perl
14412 apache 16 0 9524 3848 968 S 0.3 0.3 0:00.02 perl
14416 apache 16 0 9524 3848 968 S 0.3 0.3 0:00.02 perl
14436 apache 16 0 9524 3848 968 S 0.3 0.3 0:00.02 perl
14477 apache 16 0 9676 3848 968 S 0.3 0.3 0:00.02 perl


PID TTY STAT TIME COMMAND
14333 ? S 0:00 [syslogd]
 
Possible DOS attack?

Found this interesting article on http://www.egr.msu.edu/decs/about/whatsnew.php?id=920&selcat=4#920-4 :

Package : apache-perl
Problem type : remote DoS / exploit
Debian-specific: no
CVE name : CAN-2002-0392
CERT advisory : VU#944335

Mark Litchfield found a denial of service attack in the Apache
web-server. While investigating the problem the Apache Software
Foundation discovered that the code for handling invalid requests which
use chunked encoding also might allow arbitrary code execution.

This has been fixed in version 1.3.9-14.1-1.21.20000309-1 of the Debian
apache-perl package and we recommand that you upgrade your apache-perl
package immediately.

An update for the soon to be released Debian GNU/Linux 3.0/woody
distribution will be available soon.
 
Hi,

how can i upgrade apache if customapache of directadmin is fixed on 1.3.37 version?

I wanna solve this problem too.

Thanks
 
You must log in or register to reply here.
Back
Top