causes of this freeze that
happened one or two times a week.
best wishes,
artur
2016-12-01 2:46 GMT+01:00 Christopher Schultz
:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Jaaz,
>
> On 11/30/16 1:41 PM, Jaaz Portal wrote:
> > no it looks like dos, its dos
>
hi mark,
thanks, i have fixed configuration as you pointed out,
maybe this will mitigate the attack
before there was no connection_timeout in configuration
and this things was occurring too
best,
artur
2016-11-30 20:29 GMT+01:00 Mark Eggers :
> Artur,
>
> On 11/30/2016 10:41 AM, Ja
ncer.type=lb
worker.loadbalancer.balance_workers=ajp13_worker
server.xml
best,
artur
2016-11-30 19:21 GMT+01:00 Mark Eggers :
> Artur,
> On 11/30/2016 8:36 AM, Jaaz Portal wrote:
> > hi,
> > they has tried again with success despite setting connection_timeout and
> >
and debug of mod_jk
we are no step closer to find out the cause
any idea what to do next?
best
artur
2016-11-30 18:58 GMT+01:00 Mark Eggers :
> Artur,
>
> On 11/30/2016 9:02 AM, Jaaz Portal wrote:
> > hi,
> > sorry, there was two open connection on port 80
> > from 194
hi,
sorry, there was two open connection on port 80
from 194.135.88.32 that is somwhere on epix.net.pl
an association of internet traffick exchange (some pirate hub)
best,
artur
2016-11-30 17:52 GMT+01:00 Jaaz Portal :
> hi,
> i looked at the logs but there are no strange things,
> t
what to do next?
best,
artur
2016-11-30 17:36 GMT+01:00 Jaaz Portal :
> hi,
> they has tried again with success despite setting connection_timeout and
> limiting number of clients by mod_bw
> the tomcat has frozen again.
>
> netstat does not showed any connections on por
(no slowlaris)
im looking into debug files of mod_jk and forensic for some hints. If you
want i can share them (they have 4mb compressed)
best wishes
artur
2016-11-29 11:01 GMT+01:00 André Warnier (tomcat) :
> On 28.11.2016 22:04, Jaaz Portal wrote:
>
>> hi Andre,
>> y
.
regarding you suggestion on our application, it does not dos bind server
nether does not scan for various vulnerabilities in apache, what i have
also in the logs
kindly regards,
artur
2016-11-28 21:33 GMT+01:00 André Warnier (tomcat) :
> On 28.11.2016 20:34, Jaaz Portal wrote:
>
>> hi mar
k once again
anyway, thank you for all informations, it was very useful and educational
reading for all of us
best wishes,
artur
2016-11-28 19:46 GMT+01:00 Mark Eggers :
> Jaaz,
>
> On 11/27/2016 2:46 PM, André Warnier (tomcat) wrote:
> > On 27.11.2016 19:03, Jaaz Portal wrote:
>
Hash: SHA256
>
> Jaaz,
>
> On 11/27/16 1:03 PM, Jaaz Portal wrote:
> > Then they exploited some well know vulnerability in mod_proxy. We
> > have updated apache to the latest but again they has exploited it,
> > so we have switched to mod_jk. And then guess what. They exp
2016-11-27 18:30 GMT+01:00 André Warnier (tomcat) :
> On 27.11.2016 14:26, Jaaz Portal wrote:
>
>> hi,
>> everything i know so far is just this single log line that appeared in
>> apache error.log
>>
>> [Fri Nov 25 13:08:00.647835 2016] [mpm_event:error] [
it out but need some hints which debug options
enable to catch the bad guys
when they will try next time
best regards,
artur
2016-11-27 13:58 GMT+01:00 André Warnier (tomcat) :
> On 27.11.2016 13:23, Jaaz Portal wrote:
>
>> hi Andre,
>> thank you very much this was very educat
or the request URI line to be presented. Use a value of -1 to
> indicate no (i.e. infinite) timeout. The default value is 6 (i.e. 60
> seconds) but note that the standard server.xml that ships with Tomcat sets
> this to 2 (i.e. 20 seconds). Unless disableUploadTimeout is set to
in
> firewall.
>
> ex to find the IP:
>
> cat /var/log/apache2/access.log |cut -d' ' -f1 |sort |uniq -c|sort -gr
>
>
>
> On Fri, Nov 25, 2016 at 8:42 AM, Jaaz Portal wrote:
>
> > hi,
> > we are from some weeks struggling with some Polish hackers that are
hi,
we are from some weeks struggling with some Polish hackers that are
bringing our server down. After updating apache to latest version (2.4.23)
and tomcat (8.0.38) available for debian systems we still cannot secure our
server.
Today it has stopped to respond again and we needed to restart tomc
15 matches
Mail list logo
