I just added some mod_rewrite directives to prevent hotlinking of my vbulletin forum's avatar and attachment file/dynamic urls.
When i checked my /usr/local/apache/logs/error_log (whm/cpanel based server), i had 100s of entries for web sites trying to hot link my images :eek:
now i found these entries in my error_log as well occuring every dozen or so lines
[Mon Oct 15 12:37:59 2001] [notice] SIGUSR1 received. Doing graceful restart
[Mon Oct 15 12:37:59 2001] [error] Cannot remove module mod_log_bytes.c: not found in module list
[Mon Oct 15 12:38:00 2001] [notice] Apache/1.3.19 (Unix) mod_gzip/188.8.131.52a mod_bwlimited/0.8 PHP/4.0.5 mod_log_bytes/0.2 mod_frontpage/184.108.40.206 mod_ssl/2.8.1 OpenSSL/0.9.6 configured -- resuming normal operations
[Mon Oct 15 12:43:34 2001] [error] [client 220.127.116.11] script not found or unable to stat: /home/username/public_html/cgi-bin/clickresponder.pl
what's SIGUSR1 received? and why is apache restarting itself?
Oh and i don't have any such script at home/username/public_html/cgi-bin/clickresponder.pl never did ... ever! so why is someone calling it?
A couple of ideas come to mind...
- If you're seeing the restart designation frequently, how many apache processes do you have when apache restarts itself? Are you getting a ton of requests for your vB images (maybe it's outstripping the number of MaxSpares you have defined in httpd.conf)?
- If mod_log_bytes was compiled into apache, is the system trying to load it as a DSO? If so, check for a LoadModule line for that mod and comment it out then restart apache to see what you get.
- Is 18.104.22.168 an IP assigned to an account on your server? If so, I'd ask the account holder to check their forms/pages for references to that nonexistent script.
[Edit to that last, since I've taken a bit better look at it.]That IP is originating out of the Broadwing block - probably some joker trying to find a script to be used for some nefarious purpose (spammer? likely.) and just can't get a clue that it isn't there. I'd either do a redirect or just a LIMIT to deny that IP at a minimum.[/Edit]
Just a few things off the top of my head. It's late. Or early, depending on your point of view.
ah first relevant reply
i normally have 250 - 300 processes (running/sleeping total) before the restart and around 40 - 70 processes after the restart
mod_log_bytes was installed by cpanel/whm control panel my phpinfo lists these modules
mod_gzip, mod_bwlimited, mod_php4, mod_log_bytes, mod_frontpage, mod_ssl, mod_setenvif, mod_so, mod_auth, mod_access, mod_rewrite, mod_alias, mod_userdir, mod_actions, mod_imap, mod_asis, mod_cgi, mod_dir, mod_autoindex, mod_include, mod_status, mod_negotiation, mod_mime, mod_log_config, mod_env, http_core
and httpd.conf has
LoadModule rewrite_module libexec/mod_rewrite.so
LoadModule bytes_log_module libexec/mod_log_bytes.so
LoadModule php4_module libexec/libphp4.so
LoadModule bwlimited_module libexec/mod_bwlimited.so
LoadModule gzip_module libexec/mod_gzip.so
and further below
- i don't host any other people, the server is only is for me. Someone traced the ip for me back to broadwing.net isp
also i got this new error
Sat Oct 20 23:39:36 2001] [notice] SIGUSR1 received. Doing graceful restart
[Sat Oct 20 23:39:36 2001] [error] Cannot remove module mod_log_bytes.c: not found in module list
httpd: module "mod_gzip.c" could not be loaded, because the dynamic
module limit was reached. Please increase DYNAMIC_MODULE_LIMIT and recompile.
i was planning to upgrade my kernel from 2.2.19 to 2.4.12 with http://webhostingtalk.com/showthread.php?s=&threadid=23879 but not sure with this problem?