logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Suspicipus Hit
Author
vipinexecutive@gmail.com



Joined: 12 Jul 2014
Posts: 10
Location: Indiia
PostPosted: Sun 31 Aug '14 5:15    Post subject: Suspicipus Hit Reply with quote
Hi,

Our website are running on 80 port only and we are not using ssl certificate right now.Past week,we observer our site down three times.Yesterday we collect the log & found some warning & suspicious hot on our website.Currently Apache hosted on Windows Server & Amazon Clud.
Please help me why this other site hit my site & how di I prevent.

[Sat Aug 30 21:27:13.698000 2014] [mpm_winnt:warn] [pid 1236:tid 2336] (OS 64)The specified network name is no longer available. : AH00341: winnt_accept: Asynchronous AcceptEx failed.
[
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
PostPosted: Sun 31 Aug '14 11:25    Post subject: Reply with quote
Which Apache version ?
Next time please read the forum rules before posting.


Try settings:

for 2.4

AcceptFilter http none
AcceptFilter https none
EnableSendfile off
EnableMMAP off

For 2.2

Win32DisableAcceptEx
EnableSendfile Off
EnableMMAP off
Back to top
vipinexecutive@gmail.com



Joined: 12 Jul 2014
Posts: 10
Location: Indiia
PostPosted: Sun 31 Aug '14 18:15    Post subject: Reply with quote
Apache version is 2.4.10.

Please let me know why it's type of request come in apache
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 692
PostPosted: Mon 01 Sep '14 12:37    Post subject: Reply with quote
Not all clear what your issue is.

Do you mean the : https://mf.sitescout.com:443/disp... ?

Looks you are proxying (backend), be sure you have:

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

Above advise is related to the log entries; winnt_accept: Asynchronous AcceptEx failed

You wrote: ... our site down three times ...

Do not see in the log that Apache is down.
What do you mean with down ?
Back to top
vipinexecutive@gmail.com



Joined: 12 Jul 2014
Posts: 10
Location: Indiia
PostPosted: Mon 01 Sep '14 15:14    Post subject: Reply with quote
Hi,

Sorry for inconvience.Our main issue is

https://mf.sitescout.com:443/disp... ?
trying to understand of suspicios hit.
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
PostPosted: Mon 01 Sep '14 21:51    Post subject: Reply with quote
You mean that the client/computer at 23.244.125.99 probably has some malware on it which is calling home? Other than that I see nothing suspicious about it.

Looking at all the client IP addresses in those log entries I would say you proxy is open to the world for use so you have to expect things like this.

On the bright side, you stopped whatever was on 23.244.125.99 from connecting.
Back to top


Reply to topic   Topic: Suspicipus Hit View previous topic :: View next topic
Post new topic   Forum Index -> Apache