[ic] IC hanging whilst waiting for external responses

[John1]

On Wednesday, January 04, 2006 12:09 PM, samp at webmaint.com wrote:

> Dear all,
>
> We run a site that communicates with external APIs to search details
> of flight and accommodation availability to build holiday packages
> online.
>
> Because of the necessity for up-to-date information and the variety of
> searches that are performed, we perform all searches and API requests
> live.
>
> Recently, the site has started being unresponsive when traffic volume
> is high. Our testing seems to show that all available page servers are
> being tied up waiting for responses, and because they are not 'busy',
> further instances are not being spawned.
>
>From the description of your problem I think it is quite possible that your 
site is being brought down by a variant of the Lupper worm - the xmlrpc 
exploit POST requests that it sends are hanging our site (and a few others).

If you are using mod_interchange, the best fix at the moment is to add 
/xmlrpc.php to your DropRequestList in httpd.conf e.g.

DropRequestList /default.ida /x.ida /cmd.exe /root.exe /xmlrpc.php

The problem is discussed at *length* in the thread "mod_interchange and 
Apache MaxClients".

The DropRequestList is just a temporary workaround - Kevin Walsh is looking 
into the cause and hence a proper fix as we speak.  I hope this is of help. 


		
___________________________________________________________ 
To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com