If you are being bruted you may see the following syslog messages (mine were walled to the console)... so at least there is some indication of being (brute) attacked... the logs are plum empty though as far as where it comes from and it is only here and there that you get a syslog message. Tested on Server: Apache/1.3.12 (Unix) on 4.3-STABLE FreeBSD Message from syslogd@test at Sat Jun 22 04:13:47 2002 ... test /kernel: kernel: pid 15277 (httpd), uid 65534: exited on signal 11 and ... Message from syslogd@test at Sat Jun 22 04:16:04 2002 ... test /kernel: on signal 11 of course pages and pages of this are also accompanied in your error log... [Sat Jun 22 04:20:51 2002] [notice] child pid 26907 exit signal Segmentation fault (11) [Sat Jun 22 04:20:51 2002] [notice] child pid 26906 exit signal Segmentation fault (11) [Sat Jun 22 04:20:51 2002] [notice] child pid 26905 exit signal Segmentation fault (11) [Sat Jun 22 04:20:51 2002] [notice] child pid 26904 exit signal Segmentation fault (11) [Sat Jun 22 04:20:51 2002] [notice] child pid 26903 exit signal Segmentation fault (11) [Sat Jun 22 04:20:51 2002] [notice] child pid 26902 exit signal Segmentation fault (11) Hrmm .... Happy Turkey Day or something. =] -KF ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Jun 22 2002 - 11:00:30 PDT