[ic] mod_interchange and Apache MaxClients

designersilversmiths hillary at designersilversmiths.com
Tue Nov 22 06:01:55 EST 2005 

I suggest you also inform the police because some of these attacks  
are precursors to demands for money "or we stop your site" extortion  
rackets.

If you site is not big enough to be worth stopping they may have  
picked smaller sites to test attacks before using the exploit against  
bigger organisations. I know of at least one e-commerce site which  
has been threatened with a DOS and asked for money in the last couple  
of months.

Cheers

Hillary

On 22 Nov 2005, at 7:28 am, Kevin Walsh wrote:

> John1 [list_subscriber at yahoo.co.uk] wrote:
>> Kevin, I am rather hoping that you may be able to spot a reason why
>> mod_interchange may not be coping well with these POST requests to  
>> the
>> non-existent xmlrpc.php page?  Thank you everyone for your  
>> continued help
>> on trying to solve this one - hopefully we are getting closer...
>>
> I'm still not entirely sure that mod_interchange is being tripped up
> by this.  Something certainly is, that's for sure, so I can't rule it
> out just yet.  I didn't hear back about whether the same problem  
> occurs
> when using the cgi-bin executables.
>
> Thanks for posting the packet data.  I'll use that to try to recreate
> the problem locally.  I imagine I'll have to throttle the link and/or
> fire truck-loads of simultaneous requests to get the problem to show
> itself.  If the problem can be recreated on demand then it can be  
> found
> and fixed.  I have an old P200 that I use for performance tests.  Test
> time differences are amplified massively when running Interchange on a
> P200 with 128MB of memory. :-)
>
> My previous tests centred around GET requests, so POST requests might
> be more useful.  Mod_interchange doesn't really know the difference
> between the two, but more work is done on the Interchange side when
> a POST comes in - adding to the load.
>
> If I find the culprit then I'll make the appropriate changes in
> mod_interchange and/or Interchange itself.  Talking of culprits, you
> have the kiddie's IP address, so I'm assuming you'll be emailing a  
> huge
> slap via his ISP.
>
> -- 
>    _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
>   _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l  
> s h
>  _/ _/    _/          _/ _/     _/    _/  _/_/    kevin at cursor.biz
> _/   _/  _/_/_/_/      _/    _/_/_/  _/    _/
>
> _______________________________________________
> interchange-users mailing list
> interchange-users at icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users
>

More information about the interchange-users mailing list