On Wednesday, January 04, 2006 12:09 PM, suppressed wrote:
site is being brought down by a variant of the Lupper worm - the xmlrpc exploit POST requests that it sends are hanging our site (and a few others).Dear all, We run a site that communicates with external APIs to search details of flight and accommodation availability to build holiday packages online. Because of the necessity for up-to-date information and the variety of searches that are performed, we perform all searches and API requests live. Recently, the site has started being unresponsive when traffic volume is high. Our testing seems to show that all available page servers are being tied up waiting for responses, and because they are not 'busy', further instances are not being spawned.From the description of your problem I think it is quite possible that your
If you are using mod_interchange, the best fix at the moment is to add /xmlrpc.php to your DropRequestList in httpd.conf e.g.
DropRequestList /default.ida /x.ida /cmd.exe /root.exe /xmlrpc.phpThe problem is discussed at *length* in the thread "mod_interchange and Apache MaxClients".
The DropRequestList is just a temporary workaround - Kevin Walsh is looking into the cause and hence a proper fix as we speak. I hope this is of help.
___________________________________________________________ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com
_______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.