Apache Processes using 100% CPU Time

Post your questions about Web Server usage and Apache + PHP + MySQL/SQLite web applications.
Post Reply
gusa6666
Starting out
Posts: 31
Joined: Wed Apr 21, 2010 6:39 am

Apache Processes using 100% CPU Time

Post by gusa6666 »

Hi!
I have a strange problem with my web server.
After running without problems for some weeks - some apache tasks use 100% of cpu time.
After restarting apache everything works perfect for again - some weeks.
Please see the pictures attached.
Has anybody a idea?
Thank you
You do not have the required permissions to view the files attached to this post.
Top
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: Apache Processes using 100% CPU Time

Post by pwilson »

gusa6666 wrote:Hi!
I have a strange problem with my web server.
After running without problems for some weeks - some apache tasks use 100% of cpu time.
After restarting apache everything works perfect for again - some weeks.
Please see the pictures attached.
Has anybody a idea?
Thank you
I'm afraid that your screenshots won't help much. The "Dashboard" itself is probably the big CPU user here. Your NAS is "drive bound". Delete a significant amount of data on your NAS, or upgrade to larger drives and performance will probably return to normal.

Your NAS is "Full". You have less than 5% of your space left. :shock:

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
Top
User avatar
schumaku
Guru
Posts: 43578
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:
Contact schumaku

Re: Apache Processes using 100% CPU Time

Post by schumaku »

Troubleshoot the (unspecified) Web applications in place. Impossible to assist with some more insight.
Top
jan.lex
Starting out
Posts: 22
Joined: Fri Nov 22, 2013 3:52 pm

Re: Apache Processes using 100% CPU Time

Post by jan.lex »

It is problem my too.
Disc space 95% free.
QTS 4.0.7
Top
User avatar
doktornotor
Ask me anything
Posts: 7472
Joined: Tue Apr 24, 2012 5:44 am

Re: Apache Processes using 100% CPU Time

Post by doktornotor »

jan.lex wrote:It is problem my too.
Disc space 95% free.
QTS 4.0.7
With absolutely NO information provided, you won't get any further than the OP here... :idea:
I'm gone from this forum till QNAP stop wasting volunteers' time. Get help from QNAP helpdesk instead.
Warning: offensive signature and materials damaging QNAP reputation follow:
QNAP's FW security issues
QNAP's hardware compatibility list madness
QNAP's new logo competition
Dear QNAP, kindly fire your clueless incompetent forum "admin" And while at it, don't forget the webmaster!
Top
jan.lex
Starting out
Posts: 22
Joined: Fri Nov 22, 2013 3:52 pm

Re: Apache Processes using 100% CPU Time

Post by jan.lex »

doktornotor wrote:
jan.lex wrote:It is problem my too.
Disc space 95% free.
QTS 4.0.7
With absolutely NO information provided, you won't get any further than the OP here... :idea:
Ok. :)

My QNAP:
TS-670 Pro
16Gb RAM (KHX16S9P1K2/16)
2x 4Tb HDD - WD4000FYYZ (RAID1 - encrypted)
1x Intel SSD S3700 200Gb (SSD Cache, Cache algorithm: LRU)
QTS 4.0.7 20140410

9x Virtual Hosts (Wordpress 3.8.x, Prestashop 1.5.x).

Normal status:
CPU (all core thread): 1-16%
Process httpusr: 0-3x

My problem (circa 1-2x week):
CPU (all core thread): 100%
Process httpusr: http://forum.qnap.com/download/file.php ... &mode=view

My temporary solution: /etc/init.d/Qthttpd.sh restart

Any idea?
Top
jan.lex
Starting out
Posts: 22
Joined: Fri Nov 22, 2013 3:52 pm

Re: Apache Processes using 100% CPU Time

Post by jan.lex »

It is attack on webserver.

My webs are czech language.
99,5% guests are from Czech Republic.

To 30 min my server is down (website not available)!!!

How can I protect my webserver?

61.191.xxx.xxx - China
198.20.xxx.xxx - UNITED STATES
122.155.xxx.xxx - THAILAND
178.63.xxx.xxx - GERMANY
157.55.xxx.xxx - UNITED STATES
37.140.xxx.xxx - RUSSIAN FEDERATION
37.58.xxx.xxx - NETHERLANDS

Apache access log:

Code: Select all

61.191.xxx.xxx - - [17/May/2014:04:38:27 +0200] "GET /muieblackcat HTTP/1.1" 404 229 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:28 +0200] "GET //phpAdmin/scripts/setup.php HTTP/1.1" 404 237 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:28 +0200] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 238 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:29 +0200] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 238 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:29 +0200] "GET //myadmin/scripts/setup.php HTTP/1.1" 404 237 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:30 +0200] "GET //mysql/scripts/setup.php HTTP/1.1" 404 236 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:31 +0200] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 239 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:31 +0200] "GET //web/scripts/setup.php HTTP/1.1" 404 234 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:32 +0200] "GET //websql/scripts/setup.php HTTP/1.1" 404 236 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:32 +0200] "GET //pMA/scripts/setup.php HTTP/1.1" 404 234 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:33 +0200] "GET //MyAdmin/scripts/setup.php HTTP/1.1" 404 237 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:34 +0200] "GET //PHPMYADMIN/scripts/setup.php HTTP/1.1" 404 239 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:35 +0200] "GET //PMA/scripts/setup.php HTTP/1.1" 404 234 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:36 +0200] "GET //SQL/scripts/setup.php HTTP/1.1" 404 234 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:37 +0200] "GET //db/scripts/setup.php HTTP/1.1" 404 232 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:37 +0200] "GET //dbadmin/scripts/setup.php HTTP/1.1" 404 237 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:39 +0200] "GET //pHpMyAdMiN/scripts/setup.php HTTP/1.1" 404 239 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:41 +0200] "GET //pma/scripts/setup.php HTTP/1.1" 404 234 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:42 +0200] "GET //sql/scripts/setup.php HTTP/1.1" 404 234 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:42 +0200] "GET //MySQLAdmin/scripts/setup.php HTTP/1.1" 404 240 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:46 +0200] "GET / HTTP/1.1" 200 253 "-" "-"
198.20.xxx.xxx - - [17/May/2014:05:24:07 +0200] "GET / HTTP/1.1" 200 319 "-" "-"
198.20.xxx.xxx - - [17/May/2014:05:24:07 +0200] "GET /robots.txt HTTP/1.1" 404 271 "-" "-"
122.155.xxx.xxx - - [17/May/2014:05:42:36 +0200] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 250 "-" "ZmEu"
122.155.xxx.xxx - - [17/May/2014:05:42:37 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 238 "-" "ZmEu"
122.155.xxx.xxx - - [17/May/2014:05:42:38 +0200] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 238 "-" "ZmEu"
122.155.xxx.xxx - - [17/May/2014:05:42:39 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 234 "-" "ZmEu"
122.155.xxx.xxx - - [17/May/2014:05:42:40 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 237 "-" "ZmEu"
122.155.xxx.xxx - - [17/May/2014:05:42:40 +0200] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 237 "-" "ZmEu"
Apache error log:

Code: Select all

[Sat May 17 15:33:14 2014] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 4 idle, and 20 total children
[Sat May 17 15:53:06 2014] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 3 idle, and 25 total children
[Sat May 17 16:46:12 2014] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 4 idle, and 34 total children
[Sat May 17 17:09:19 2014] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 4 idle, and 26 total children
[Sat May 17 17:12:55 2014] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 3 idle, and 29 total children
[Sat May 17 17:14:30 2014] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 4 idle, and 28 total children
[Sat May 17 17:15:09 2014] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 0 idle, and 27 total children
[Sat May 17 17:21:44 2014] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 2 idle, and 34 total children
[Sat May 17 17:24:42 2014] [notice] Graceful restart requested, doing restart
[Sat May 17 17:24:42 2014] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
apache: Could not reliably determine the server's fully qualified domain name, using 192.168.77.2 for ServerName
[Sat May 17 17:24:42 2014] [info] Init: Seeding PRNG with 512 bytes of entropy
[Sat May 17 17:24:42 2014] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Sat May 17 17:24:42 2014] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Sat May 17 17:24:42 2014] [info] Shared memory session cache initialised
[Sat May 17 17:24:42 2014] [info] Init: Initializing (virtual) servers for SSL
[Sat May 17 17:24:42 2014] [info] mod_ssl/2.2.14 compiled against Server: Apache/2.2.14, Library: OpenSSL/1.0.1e
[Sat May 17 17:24:42 2014] [notice] Apache/2.2.14 (Unix) DAV/2 PHP/5.3.26 mod_ssl/2.2.14 OpenSSL/1.0.1e configured -- resuming normal operations
[Sat May 17 17:24:42 2014] [info] Server built: Apr 10 2014 01:32:01
Apache - Active Log on Virtual Host:

Code: Select all

.....................
178.63.xxx.xxx - - [17/May/2014:16:47:37 +0200] "GET /robots.txt HTTP/1.0" 200 98
178.63.xxx.xxx - - [17/May/2014:16:47:42 +0200] "GET /direct/1919-website-79155-22-12-gently-stropn%C3%AD-sv%C3%ADtet.html HTTP/1.0" 301 -
178.63.xxx.xxx - - [17/May/2014:16:47:45 +0200] "GET /direct/1919-website-31460-04-31-collom-z%C3%A1v%C4%9Bsn%C3%A9-sv%C3%ADtet.html HTTP/1.0" 200 37725
157.55.xxx.xxx - - [17/May/2014:16:47:47 +0200] "GET /direct/65-st%C3%ADnidla HTTP/1.1" 200 7713
157.55.xxx.xxx - - [17/May/2014:16:47:48 +0200] "GET /direct/9-koupelnov%C3%A1-sv%C3%ADtidla HTTP/1.1" 200 5001
178.63.xxx.xxx - - [17/May/2014:16:47:50 +0200] "GET /direct/1928-website-13408-12-12-atomita-z%C3%A1v%C4%9Bsn%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
157.55.xxx.xxx - - [17/May/2014:16:47:49 +0200] "GET /direct/?mobile_theme_ok HTTP/1.1" 200 2905
178.63.xxx.xxx - - [17/May/2014:16:47:53 +0200] "GET /direct/1928-website-31320-02-21-berkley-z%C3%A1v%C4%9Bsn%C3%A9-sv%C3%ADtet.html HTTP/1.0" 200 8918
37.140.xxx.xxx - - [17/May/2014:16:48:00 +0200] "GET /direct/kosik?add=1&id_product=2787&token=fbab0edb6306231c49405d773288c3a6 HTTP/1.1" 200 4725
178.63.xxx.xxx - - [17/May/2014:16:48:05 +0200] "GET /direct/195-website-12946-22-12-arduno-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:48:08 +0200] "GET /direct/195-website-17953-74-12-sv%C3%ADtet.html HTTP/1.0" 404 4745
178.63.xxx.xxx - - [17/May/2014:16:48:11 +0200] "GET /robots.txt HTTP/1.0" 200 98
178.63.xxx.xxx - - [17/May/2014:16:48:16 +0200] "GET /direct/1953-website-33708-25-12-atoma-stojac%C3%AD-sve.html HTTP/1.0" 301 -
178.63.xxx.xxx - - [17/May/2014:16:48:19 +0200] "GET /direct/1953-website-71399-05-97-dorint-z%C3%A1v%C4%9Bsn%C3%A9-sv%C3%ADtet.html HTTP/1.0" 200 37730
178.63.xxx.xxx - - [17/May/2014:16:48:23 +0200] "GET /direct/196-website-12946-21-12-arduno-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:48:25 +0200] "GET /direct/196-website-17953-73-12-sv%C3%ADtet.html HTTP/1.0" 404 4743
178.63.xxx.xxx - - [17/May/2014:16:48:29 +0200] "GET /direct/1974-website-31741-01-30-cri-stojac%C3%AD-sve.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:48:33 +0200] "GET /direct/1974-website-13000-16-36-sv%C3%ADtet.html HTTP/1.0" 404 4759
178.63.xxx.xxx - - [17/May/2014:16:48:36 +0200] "GET /direct/1982-website-14550-81-85-kaddy-stoln?-sve.html HTTP/1.0" 302 26
178.63.xxx.xxx - - [17/May/2014:16:48:40 +0200] "GET /direct/stranka-nenalezena HTTP/1.0" 404 4940
178.63.xxx.xxx - - [17/May/2014:16:48:43 +0200] "GET /direct/199-website-12122-06-03-birdies-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:48:46 +0200] "GET /direct/199-website-17904-74-12-sv%C3%ADtet.html HTTP/1.0" 404 4745
178.63.xxx.xxx - - [17/May/2014:16:48:49 +0200] "GET /direct/203-website-79160-29-12-harco-stropn%C3%AD-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:48:51 +0200] "GET /direct/203-website-27813-02-30-sv%C3%ADtet-venkovn%C3%AD.html HTTP/1.0" 200 8695
178.63.xxx.xxx - - [17/May/2014:16:48:55 +0200] "GET /direct/2031-website-12944-21-30-magnet-spot-led-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:48:58 +0200] "GET /direct/2031-website-22610-02-36-tuba-led-sv%C3%ADtet.html HTTP/1.0" 404 4764
178.63.xxx.xxx - - [17/May/2014:16:49:01 +0200] "GET /direct/2032-website-79157-32-60-kirsten-stropn%C3%AD-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:49:03 +0200] "GET /direct/2032-website-28907-22-31-brice-led-vestavn%C3%A9-sv%C3%ADtet.html HTTP/1.0" 200 8968
178.63.xxx.xxx - - [17/May/2014:16:49:09 +0200] "GET /direct/2036-website-79105-02-72-rasti-stropn%C3%AD-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:49:13 +0200] "GET /direct/2036-website-22906-23-31-led-set-vestavn%C3%A9-sv%C3%ADtet-set-3ks.html HTTP/1.0" 200 8982
178.63.xxx.xxx - - [17/May/2014:16:49:17 +0200] "GET /direct/2037-website-79105-03-72-rasti-stropn%C3%AD-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:49:22 +0200] "GET /direct/2037-website-22906-23-12-led-set-vestavn%C3%A9-sv%C3%ADtet-set-3ks.html HTTP/1.0" 404 4764
178.63.xxx.xxx - - [17/May/2014:16:49:25 +0200] "GET /direct/205-website-12917-25-12-torino-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:49:27 +0200] "GET /direct/205-website-27813-01-30-sv%C3%ADtet-venkovn%C3%AD.html HTTP/1.0" 404 4746
178.63.xxx.xxx - - [17/May/2014:16:49:31 +0200] "GET /direct/206-website-12917-25-13-torino-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:49:35 +0200] "GET /direct/206-website-27813-01-36-sv%C3%ADtet-venkovn%C3%AD.html HTTP/1.0" 200 8691
178.63.xxx.xxx - - [17/May/2014:16:49:39 +0200] "GET /direct/213-website-12917-22-13-torino-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:49:43 +0200] "GET /direct/213-website-12995-24-72-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 404 4745
178.63.xxx.xxx - - [17/May/2014:16:49:47 +0200] "GET /direct/2170-website-12944-14-30-magnet-spot-led-sv%C3%ADtet.html HTTP/1.0" 404 4760
178.63.xxx.xxx - - [17/May/2014:16:49:51 +0200] "GET /direct/2174-website-26901-71-30-viny-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:49:54 +0200] "GET /direct/2174-website-12944-24-30-magnet-spot-led-sv%C3%ADtet.html HTTP/1.0" 404 4760
178.63.xxx.xxx - - [17/May/2014:16:49:57 +0200] "GET /direct/2178-website-21400-33-67-leone-z%C3%A1v%C4%9Bsn%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:50:07 +0200] "GET /direct/2178-website-17943-21-12-cargo-led-sv%C3%ADtet.html HTTP/1.0" 200 8925
178.63.xxx.xxx - - [17/May/2014:16:50:12 +0200] "GET /direct/2181-website-18712-02-31-kizmo-stojac%C3%AD-sve.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:50:13 +0200] "GET /direct/2181-website-12916-22-12-noxx-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 200 8908
178.63.xxx.xxx - - [17/May/2014:16:50:21 +0200] "GET /direct/2182-website-18713-02-31-kizmo-stojac%C3%AD-sve.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:50:24 +0200] "GET /direct/2182-website-12916-21-12-noxx-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 200 8909
178.63.xxx.xxx - - [17/May/2014:16:50:30 +0200] "GET /direct/2183-website-12121-06-03-birdies-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:50:34 +0200] "GET /direct/2183-website-12916-13-12-noxx-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 200 8911
178.63.xxx.xxx - - [17/May/2014:16:50:40 +0200] "GET /direct/22-li??-syst??my HTTP/1.0" 301 26
37.140.xxx.xxx - - [17/May/2014:16:50:42 +0200] "GET /robots.txt HTTP/1.1" 200 98
178.63.xxx.xxx - - [17/May/2014:16:50:45 +0200] "GET /direct/22-li%C5%A1tov%C3%A9-syst%C3%A9my HTTP/1.0" 404 4824
37.140.xxx.xxx - - [17/May/2014:16:50:46 +0200] "GET /direct/kosik?add=1&id_product=3036&token=fbab0edb6306231c49405d773288c3a6 HTTP/1.1" 200 4727
178.63.xxx.xxx - - [17/May/2014:16:50:51 +0200] "GET /direct/22-li?-syst??my HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:50:53 +0200] "GET /direct/22-li%C5%A1tov%C3%A9-syst%C3%A9my HTTP/1.0" 404 4824
178.63.xxx.xxx - - [17/May/2014:16:50:58 +0200] "GET /direct/223-website-28852-23-31-kwinto-venkovn%C3%AD-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:51:01 +0200] "GET /direct/223-website-11953-13-31-sv%C3%ADtet.html HTTP/1.0" 404 4745
178.63.xxx.xxx - - [17/May/2014:16:51:04 +0200] "GET /direct/225-website-10873-50-12-dock-venkovn%C3%AD-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:51:07 +0200] "GET /direct/225-website-12993-23-11-sv%C3%ADtet.html HTTP/1.0" 404 4746
178.63.xxx.xxx - - [17/May/2014:16:51:12 +0200] "GET /direct/2285-website-78260-02-97-luberon-n%C3%A1st%C4%9Bnn%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:51:14 +0200] "GET /direct/2285-website-16953-03-36-birk-led-sv%C3%ADtet.html HTTP/1.0" 200 8941
178.63.xxx.xxx - - [17/May/2014:16:51:17 +0200] "GET /robots.txt HTTP/1.0" 200 98
178.63.xxx.xxx - - [17/May/2014:16:51:22 +0200] "GET /direct/229-website-12919-13-96-sv%C3%ADtet.html HTTP/1.0" 301 -
178.63.xxx.xxx - - [17/May/2014:16:51:25 +0200] "GET /direct/229-website-23724-01-31-sv%C3%ADtet.html HTTP/1.0" 200 36374
178.63.xxx.xxx - - [17/May/2014:16:51:30 +0200] "GET /direct/2291-website-31642-71-39-comet-stoln%C3%AD-sve.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:51:35 +0200] "GET /direct/2291-website-17949-21-11-lana-led-sv%C3%ADtet.html HTTP/1.0" 200 8887
178.63.xxx.xxx - - [17/May/2014:16:51:40 +0200] "GET /direct/2294-website-31734-02-31-chapeau-stojac%C3%AD-sve.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:51:42 +0200] "GET /direct/2294-website-26950-21-09-mini-comet-led-sv%C3%ADtet.html HTTP/1.0" 200 8953
178.63.xxx.xxx - - [17/May/2014:16:51:46 +0200] "GET /direct/2295-website-31734-02-30-chapeau-stojac%C3%AD-sve.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:51:50 +0200] "GET /direct/2295-website-26950-22-09-mini-comet-led-sv%C3%ADtet.html HTTP/1.0" 200 8960
178.63.xxx.xxx - - [17/May/2014:16:51:54 +0200] "GET /direct/2303-website-28856-21-30-jura-venkovn%C3%AD-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:52:00 +0200] "GET /direct/2303-website-70564-01-30-sv%C3%ADtet.html HTTP/1.0" 200 8912
178.63.xxx.xxx - - [17/May/2014:16:52:04 +0200] "GET /direct/2353-website-78502-01-01-arabba-stoln%C3%AD-sve.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:52:08 +0200] "GET /direct/2353-website-12685-21-12-geos-stoln%C3%AD-sve.html HTTP/1.0" 200 8898
178.63.xxx.xxx - - [17/May/2014:16:52:14 +0200] "GET /direct/2354-website-78502-01-09-arabba-stoln%C3%AD-sve.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:52:17 +0200] "GET /direct/2354-website-12685-21-03-geos-stoln%C3%AD-sve.html HTTP/1.0" 200 8897
178.63.xxx.xxx - - [17/May/2014:16:52:25 +0200] "GET /direct/2357-website-12619-22-12-bergamo-stoln%C3%AD-sve.html HTTP/1.0" 404 4756
178.63.xxx.xxx - - [17/May/2014:16:52:28 +0200] "GET /direct/2360-website-17947-71-12-ribo-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:52:30 +0200] "GET /direct/2360-website-16633-21-12-anga-stoln%C3%AD-sve.html HTTP/1.0" 200 8896
178.63.xxx.xxx - - [17/May/2014:16:52:38 +0200] "GET /direct/2361-website-17947-72-12-ribo-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
37.58.xxx.xxx - - [17/May/2014:16:52:41 +0200] "GET /direct/1908-website-61455-50-41-cliff-záv& HTTP/1.1" 404 4940
178.63.xxx.xxx - - [17/May/2014:16:52:41 +0200] "GET /direct/2361-website-16633-21-03-anga-stoln%C3%AD-sve.html HTTP/1.0" 200 8889
178.63.xxx.xxx - - [17/May/2014:16:52:47 +0200] "GET /direct/2362-website-17947-73-12-ribo-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:52:53 +0200] "GET /direct/2362-website-17558-81-31-swing-stoln%C3%AD-sve.html HTTP/1.0" 200 8900
178.63.xxx.xxx - - [17/May/2014:16:52:58 +0200] "GET /direct/2363-website-17947-74-12-ribo-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:53:01 +0200] "GET /direct/2363-website-31541-01-39-cri-stoln%C3%AD-sve.html HTTP/1.0" 200 8853
178.63.xxx.xxx - - [17/May/2014:16:53:06 +0200] "GET /direct/2388-website-61006-45-38-pince-st%C3%ADnidlo.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:53:07 +0200] "GET /direct/2388-website-17558-81-43-swing-stoln%C3%AD-sve.html HTTP/1.0" 200 8901
178.63.xxx.xxx - - [17/May/2014:16:53:14 +0200] "GET /direct/2390-website-61003-45-38-pince-st%C3%ADnidlo.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:53:16 +0200] "GET /direct/2390-website-12679-01-97-anfy-stoln%C3%AD-sve.html HTTP/1.0" 200 8883
178.63.xxx.xxx - - [17/May/2014:16:53:20 +0200] "GET...............
Top
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: Apache Processes using 100% CPU Time

Post by pwilson »

jan.lex wrote:It is attack on webserver.

My webs are czech language.
99,5% guests are from Czech Republic.

61.191.xxx.xxx - China
198.20.xxx.xxx - UNITED STATES
122.155.xxx.xxx - THAILAND
178.63.xxx.xxx - GERMANY
157.55.xxx.xxx - UNITED STATES
37.140.xxx.xxx - RUSSIAN FEDERATION
37.58.xxx.xxx - NETHERLANDS

Apache access log:

Code: Select all

61.191.xxx.xxx - - [17/May/2014:04:38:27 +0200] "GET /muieblackcat HTTP/1.1" 404 229 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:28 +0200] "GET //phpAdmin/scripts/setup.php HTTP/1.1" 404 237 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:28 +0200] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 238 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:29 +0200] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 238 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:29 +0200] "GET //myadmin/scripts/setup.php HTTP/1.1" 404 237 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:30 +0200] "GET //mysql/scripts/setup.php HTTP/1.1" 404 236 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:31 +0200] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 239 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:31 +0200] "GET //web/scripts/setup.php HTTP/1.1" 404 234 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:32 +0200] "GET //websql/scripts/setup.php HTTP/1.1" 404 236 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:32 +0200] "GET //pMA/scripts/setup.php HTTP/1.1" 404 234 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:33 +0200] "GET //MyAdmin/scripts/setup.php HTTP/1.1" 404 237 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:34 +0200] "GET //PHPMYADMIN/scripts/setup.php HTTP/1.1" 404 239 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:35 +0200] "GET //PMA/scripts/setup.php HTTP/1.1" 404 234 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:36 +0200] "GET //SQL/scripts/setup.php HTTP/1.1" 404 234 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:37 +0200] "GET //db/scripts/setup.php HTTP/1.1" 404 232 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:37 +0200] "GET //dbadmin/scripts/setup.php HTTP/1.1" 404 237 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:39 +0200] "GET //pHpMyAdMiN/scripts/setup.php HTTP/1.1" 404 239 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:41 +0200] "GET //pma/scripts/setup.php HTTP/1.1" 404 234 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:42 +0200] "GET //sql/scripts/setup.php HTTP/1.1" 404 234 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:42 +0200] "GET //MySQLAdmin/scripts/setup.php HTTP/1.1" 404 240 "-" "-"
61.191.xxx.xxx - - [17/May/2014:04:38:46 +0200] "GET / HTTP/1.1" 200 253 "-" "-"
198.20.xxx.xxx - - [17/May/2014:05:24:07 +0200] "GET / HTTP/1.1" 200 319 "-" "-"
198.20.xxx.xxx - - [17/May/2014:05:24:07 +0200] "GET /robots.txt HTTP/1.1" 404 271 "-" "-"
122.155.xxx.xxx - - [17/May/2014:05:42:36 +0200] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 250 "-" "ZmEu"
122.155.xxx.xxx - - [17/May/2014:05:42:37 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 238 "-" "ZmEu"
122.155.xxx.xxx - - [17/May/2014:05:42:38 +0200] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 238 "-" "ZmEu"
122.155.xxx.xxx - - [17/May/2014:05:42:39 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 234 "-" "ZmEu"
122.155.xxx.xxx - - [17/May/2014:05:42:40 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 237 "-" "ZmEu"
122.155.xxx.xxx - - [17/May/2014:05:42:40 +0200] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 237 "-" "ZmEu"
Apache error log:

Code: Select all

[Sat May 17 15:33:14 2014] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 4 idle, and 20 total children
[Sat May 17 15:53:06 2014] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 3 idle, and 25 total children
[Sat May 17 16:46:12 2014] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 4 idle, and 34 total children
[Sat May 17 17:09:19 2014] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 4 idle, and 26 total children
[Sat May 17 17:12:55 2014] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 3 idle, and 29 total children
[Sat May 17 17:14:30 2014] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 4 idle, and 28 total children
[Sat May 17 17:15:09 2014] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 0 idle, and 27 total children
[Sat May 17 17:21:44 2014] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 2 idle, and 34 total children
[Sat May 17 17:24:42 2014] [notice] Graceful restart requested, doing restart
[Sat May 17 17:24:42 2014] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
apache: Could not reliably determine the server's fully qualified domain name, using 192.168.77.2 for ServerName
[Sat May 17 17:24:42 2014] [info] Init: Seeding PRNG with 512 bytes of entropy
[Sat May 17 17:24:42 2014] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Sat May 17 17:24:42 2014] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Sat May 17 17:24:42 2014] [info] Shared memory session cache initialised
[Sat May 17 17:24:42 2014] [info] Init: Initializing (virtual) servers for SSL
[Sat May 17 17:24:42 2014] [info] mod_ssl/2.2.14 compiled against Server: Apache/2.2.14, Library: OpenSSL/1.0.1e
[Sat May 17 17:24:42 2014] [notice] Apache/2.2.14 (Unix) DAV/2 PHP/5.3.26 mod_ssl/2.2.14 OpenSSL/1.0.1e configured -- resuming normal operations
[Sat May 17 17:24:42 2014] [info] Server built: Apr 10 2014 01:32:01
Apache - Active Log on Virtual Host:

Code: Select all

.....................
178.63.xxx.xxx - - [17/May/2014:16:47:37 +0200] "GET /robots.txt HTTP/1.0" 200 98
178.63.xxx.xxx - - [17/May/2014:16:47:42 +0200] "GET /direct/1919-website-79155-22-12-gently-stropn%C3%AD-sv%C3%ADtet.html HTTP/1.0" 301 -
178.63.xxx.xxx - - [17/May/2014:16:47:45 +0200] "GET /direct/1919-website-31460-04-31-collom-z%C3%A1v%C4%9Bsn%C3%A9-sv%C3%ADtet.html HTTP/1.0" 200 37725
157.55.xxx.xxx - - [17/May/2014:16:47:47 +0200] "GET /direct/65-st%C3%ADnidla HTTP/1.1" 200 7713
157.55.xxx.xxx - - [17/May/2014:16:47:48 +0200] "GET /direct/9-koupelnov%C3%A1-sv%C3%ADtidla HTTP/1.1" 200 5001
178.63.xxx.xxx - - [17/May/2014:16:47:50 +0200] "GET /direct/1928-website-13408-12-12-atomita-z%C3%A1v%C4%9Bsn%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
157.55.xxx.xxx - - [17/May/2014:16:47:49 +0200] "GET /direct/?mobile_theme_ok HTTP/1.1" 200 2905
178.63.xxx.xxx - - [17/May/2014:16:47:53 +0200] "GET /direct/1928-website-31320-02-21-berkley-z%C3%A1v%C4%9Bsn%C3%A9-sv%C3%ADtet.html HTTP/1.0" 200 8918
37.140.xxx.xxx - - [17/May/2014:16:48:00 +0200] "GET /direct/kosik?add=1&id_product=2787&token=fbab0edb6306231c49405d773288c3a6 HTTP/1.1" 200 4725
178.63.xxx.xxx - - [17/May/2014:16:48:05 +0200] "GET /direct/195-website-12946-22-12-arduno-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:48:08 +0200] "GET /direct/195-website-17953-74-12-sv%C3%ADtet.html HTTP/1.0" 404 4745
178.63.xxx.xxx - - [17/May/2014:16:48:11 +0200] "GET /robots.txt HTTP/1.0" 200 98
178.63.xxx.xxx - - [17/May/2014:16:48:16 +0200] "GET /direct/1953-website-33708-25-12-atoma-stojac%C3%AD-sve.html HTTP/1.0" 301 -
178.63.xxx.xxx - - [17/May/2014:16:48:19 +0200] "GET /direct/1953-website-71399-05-97-dorint-z%C3%A1v%C4%9Bsn%C3%A9-sv%C3%ADtet.html HTTP/1.0" 200 37730
178.63.xxx.xxx - - [17/May/2014:16:48:23 +0200] "GET /direct/196-website-12946-21-12-arduno-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:48:25 +0200] "GET /direct/196-website-17953-73-12-sv%C3%ADtet.html HTTP/1.0" 404 4743
178.63.xxx.xxx - - [17/May/2014:16:48:29 +0200] "GET /direct/1974-website-31741-01-30-cri-stojac%C3%AD-sve.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:48:33 +0200] "GET /direct/1974-website-13000-16-36-sv%C3%ADtet.html HTTP/1.0" 404 4759
178.63.xxx.xxx - - [17/May/2014:16:48:36 +0200] "GET /direct/1982-website-14550-81-85-kaddy-stoln?-sve.html HTTP/1.0" 302 26
178.63.xxx.xxx - - [17/May/2014:16:48:40 +0200] "GET /direct/stranka-nenalezena HTTP/1.0" 404 4940
178.63.xxx.xxx - - [17/May/2014:16:48:43 +0200] "GET /direct/199-website-12122-06-03-birdies-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:48:46 +0200] "GET /direct/199-website-17904-74-12-sv%C3%ADtet.html HTTP/1.0" 404 4745
178.63.xxx.xxx - - [17/May/2014:16:48:49 +0200] "GET /direct/203-website-79160-29-12-harco-stropn%C3%AD-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:48:51 +0200] "GET /direct/203-website-27813-02-30-sv%C3%ADtet-venkovn%C3%AD.html HTTP/1.0" 200 8695
178.63.xxx.xxx - - [17/May/2014:16:48:55 +0200] "GET /direct/2031-website-12944-21-30-magnet-spot-led-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:48:58 +0200] "GET /direct/2031-website-22610-02-36-tuba-led-sv%C3%ADtet.html HTTP/1.0" 404 4764
178.63.xxx.xxx - - [17/May/2014:16:49:01 +0200] "GET /direct/2032-website-79157-32-60-kirsten-stropn%C3%AD-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:49:03 +0200] "GET /direct/2032-website-28907-22-31-brice-led-vestavn%C3%A9-sv%C3%ADtet.html HTTP/1.0" 200 8968
178.63.xxx.xxx - - [17/May/2014:16:49:09 +0200] "GET /direct/2036-website-79105-02-72-rasti-stropn%C3%AD-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:49:13 +0200] "GET /direct/2036-website-22906-23-31-led-set-vestavn%C3%A9-sv%C3%ADtet-set-3ks.html HTTP/1.0" 200 8982
178.63.xxx.xxx - - [17/May/2014:16:49:17 +0200] "GET /direct/2037-website-79105-03-72-rasti-stropn%C3%AD-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:49:22 +0200] "GET /direct/2037-website-22906-23-12-led-set-vestavn%C3%A9-sv%C3%ADtet-set-3ks.html HTTP/1.0" 404 4764
178.63.xxx.xxx - - [17/May/2014:16:49:25 +0200] "GET /direct/205-website-12917-25-12-torino-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:49:27 +0200] "GET /direct/205-website-27813-01-30-sv%C3%ADtet-venkovn%C3%AD.html HTTP/1.0" 404 4746
178.63.xxx.xxx - - [17/May/2014:16:49:31 +0200] "GET /direct/206-website-12917-25-13-torino-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:49:35 +0200] "GET /direct/206-website-27813-01-36-sv%C3%ADtet-venkovn%C3%AD.html HTTP/1.0" 200 8691
178.63.xxx.xxx - - [17/May/2014:16:49:39 +0200] "GET /direct/213-website-12917-22-13-torino-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:49:43 +0200] "GET /direct/213-website-12995-24-72-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 404 4745
178.63.xxx.xxx - - [17/May/2014:16:49:47 +0200] "GET /direct/2170-website-12944-14-30-magnet-spot-led-sv%C3%ADtet.html HTTP/1.0" 404 4760
178.63.xxx.xxx - - [17/May/2014:16:49:51 +0200] "GET /direct/2174-website-26901-71-30-viny-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:49:54 +0200] "GET /direct/2174-website-12944-24-30-magnet-spot-led-sv%C3%ADtet.html HTTP/1.0" 404 4760
178.63.xxx.xxx - - [17/May/2014:16:49:57 +0200] "GET /direct/2178-website-21400-33-67-leone-z%C3%A1v%C4%9Bsn%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:50:07 +0200] "GET /direct/2178-website-17943-21-12-cargo-led-sv%C3%ADtet.html HTTP/1.0" 200 8925
178.63.xxx.xxx - - [17/May/2014:16:50:12 +0200] "GET /direct/2181-website-18712-02-31-kizmo-stojac%C3%AD-sve.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:50:13 +0200] "GET /direct/2181-website-12916-22-12-noxx-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 200 8908
178.63.xxx.xxx - - [17/May/2014:16:50:21 +0200] "GET /direct/2182-website-18713-02-31-kizmo-stojac%C3%AD-sve.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:50:24 +0200] "GET /direct/2182-website-12916-21-12-noxx-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 200 8909
178.63.xxx.xxx - - [17/May/2014:16:50:30 +0200] "GET /direct/2183-website-12121-06-03-birdies-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:50:34 +0200] "GET /direct/2183-website-12916-13-12-noxx-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 200 8911
178.63.xxx.xxx - - [17/May/2014:16:50:40 +0200] "GET /direct/22-li??-syst??my HTTP/1.0" 301 26
37.140.xxx.xxx - - [17/May/2014:16:50:42 +0200] "GET /robots.txt HTTP/1.1" 200 98
178.63.xxx.xxx - - [17/May/2014:16:50:45 +0200] "GET /direct/22-li%C5%A1tov%C3%A9-syst%C3%A9my HTTP/1.0" 404 4824
37.140.xxx.xxx - - [17/May/2014:16:50:46 +0200] "GET /direct/kosik?add=1&id_product=3036&token=fbab0edb6306231c49405d773288c3a6 HTTP/1.1" 200 4727
178.63.xxx.xxx - - [17/May/2014:16:50:51 +0200] "GET /direct/22-li?-syst??my HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:50:53 +0200] "GET /direct/22-li%C5%A1tov%C3%A9-syst%C3%A9my HTTP/1.0" 404 4824
178.63.xxx.xxx - - [17/May/2014:16:50:58 +0200] "GET /direct/223-website-28852-23-31-kwinto-venkovn%C3%AD-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:51:01 +0200] "GET /direct/223-website-11953-13-31-sv%C3%ADtet.html HTTP/1.0" 404 4745
178.63.xxx.xxx - - [17/May/2014:16:51:04 +0200] "GET /direct/225-website-10873-50-12-dock-venkovn%C3%AD-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:51:07 +0200] "GET /direct/225-website-12993-23-11-sv%C3%ADtet.html HTTP/1.0" 404 4746
178.63.xxx.xxx - - [17/May/2014:16:51:12 +0200] "GET /direct/2285-website-78260-02-97-luberon-n%C3%A1st%C4%9Bnn%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:51:14 +0200] "GET /direct/2285-website-16953-03-36-birk-led-sv%C3%ADtet.html HTTP/1.0" 200 8941
178.63.xxx.xxx - - [17/May/2014:16:51:17 +0200] "GET /robots.txt HTTP/1.0" 200 98
178.63.xxx.xxx - - [17/May/2014:16:51:22 +0200] "GET /direct/229-website-12919-13-96-sv%C3%ADtet.html HTTP/1.0" 301 -
178.63.xxx.xxx - - [17/May/2014:16:51:25 +0200] "GET /direct/229-website-23724-01-31-sv%C3%ADtet.html HTTP/1.0" 200 36374
178.63.xxx.xxx - - [17/May/2014:16:51:30 +0200] "GET /direct/2291-website-31642-71-39-comet-stoln%C3%AD-sve.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:51:35 +0200] "GET /direct/2291-website-17949-21-11-lana-led-sv%C3%ADtet.html HTTP/1.0" 200 8887
178.63.xxx.xxx - - [17/May/2014:16:51:40 +0200] "GET /direct/2294-website-31734-02-31-chapeau-stojac%C3%AD-sve.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:51:42 +0200] "GET /direct/2294-website-26950-21-09-mini-comet-led-sv%C3%ADtet.html HTTP/1.0" 200 8953
178.63.xxx.xxx - - [17/May/2014:16:51:46 +0200] "GET /direct/2295-website-31734-02-30-chapeau-stojac%C3%AD-sve.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:51:50 +0200] "GET /direct/2295-website-26950-22-09-mini-comet-led-sv%C3%ADtet.html HTTP/1.0" 200 8960
178.63.xxx.xxx - - [17/May/2014:16:51:54 +0200] "GET /direct/2303-website-28856-21-30-jura-venkovn%C3%AD-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:52:00 +0200] "GET /direct/2303-website-70564-01-30-sv%C3%ADtet.html HTTP/1.0" 200 8912
178.63.xxx.xxx - - [17/May/2014:16:52:04 +0200] "GET /direct/2353-website-78502-01-01-arabba-stoln%C3%AD-sve.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:52:08 +0200] "GET /direct/2353-website-12685-21-12-geos-stoln%C3%AD-sve.html HTTP/1.0" 200 8898
178.63.xxx.xxx - - [17/May/2014:16:52:14 +0200] "GET /direct/2354-website-78502-01-09-arabba-stoln%C3%AD-sve.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:52:17 +0200] "GET /direct/2354-website-12685-21-03-geos-stoln%C3%AD-sve.html HTTP/1.0" 200 8897
178.63.xxx.xxx - - [17/May/2014:16:52:25 +0200] "GET /direct/2357-website-12619-22-12-bergamo-stoln%C3%AD-sve.html HTTP/1.0" 404 4756
178.63.xxx.xxx - - [17/May/2014:16:52:28 +0200] "GET /direct/2360-website-17947-71-12-ribo-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:52:30 +0200] "GET /direct/2360-website-16633-21-12-anga-stoln%C3%AD-sve.html HTTP/1.0" 200 8896
178.63.xxx.xxx - - [17/May/2014:16:52:38 +0200] "GET /direct/2361-website-17947-72-12-ribo-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
37.58.xxx.xxx - - [17/May/2014:16:52:41 +0200] "GET /direct/1908-website-61455-50-41-cliff-záv& HTTP/1.1" 404 4940
178.63.xxx.xxx - - [17/May/2014:16:52:41 +0200] "GET /direct/2361-website-16633-21-03-anga-stoln%C3%AD-sve.html HTTP/1.0" 200 8889
178.63.xxx.xxx - - [17/May/2014:16:52:47 +0200] "GET /direct/2362-website-17947-73-12-ribo-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:52:53 +0200] "GET /direct/2362-website-17558-81-31-swing-stoln%C3%AD-sve.html HTTP/1.0" 200 8900
178.63.xxx.xxx - - [17/May/2014:16:52:58 +0200] "GET /direct/2363-website-17947-74-12-ribo-bodov%C3%A9-sv%C3%ADtet.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:53:01 +0200] "GET /direct/2363-website-31541-01-39-cri-stoln%C3%AD-sve.html HTTP/1.0" 200 8853
178.63.xxx.xxx - - [17/May/2014:16:53:06 +0200] "GET /direct/2388-website-61006-45-38-pince-st%C3%ADnidlo.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:53:07 +0200] "GET /direct/2388-website-17558-81-43-swing-stoln%C3%AD-sve.html HTTP/1.0" 200 8901
178.63.xxx.xxx - - [17/May/2014:16:53:14 +0200] "GET /direct/2390-website-61003-45-38-pince-st%C3%ADnidlo.html HTTP/1.0" 301 26
178.63.xxx.xxx - - [17/May/2014:16:53:16 +0200] "GET /direct/2390-website-12679-01-97-anfy-stoln%C3%AD-sve.html HTTP/1.0" 200 8883
178.63.xxx.xxx - - [17/May/2014:16:53:20 +0200] "GET...............
So "whitelist" all the Czech IP ranges that are likely to access your NAS. This will prevent all non-Czech IP addresses from connecting to your WebServer. Obviously it is best to do this in your Router, but if your Router doesn't have a decent Firewall on it, simply use the Network Access Protection feature of the NAS.

Image

For example if you whitelist 195.113.80.0/25 (aka 195.113.80.0 - 195.113.80.127) it would allow anyone at Akademie výtvarných umění v Praze to connect to your Web Server from their PC's. Check out Image Major IP Address Blocks For Czech Republic for a listing of CZ IP ranges you might want to "whitelist".

(It is far easier, and far more effective security wise to whitelist "permitted" sites, than it is to blacklist "banned" ones).

:idea: Note: Don't forget to "whitelist" your own local network (192.168.x.1 - 192.168.x.254) in this listing, or you will lock yourself out of your own NAS. :shock:

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
Top
User avatar
schumaku
Guru
Posts: 43578
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:
Contact schumaku

Re: Apache Processes using 100% CPU Time

Post by schumaku »

Complete illusion to whitelist a Web server...
Top
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: Apache Processes using 100% CPU Time

Post by pwilson »

schumaku wrote:Complete illusion to whitelist a Web server...
How so? (Not arguing, just trying to understand your assertion :DD)

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
Top
User avatar
schumaku
Guru
Posts: 43578
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:
Contact schumaku

Re: Apache Processes using 100% CPU Time

Post by schumaku »

Simply because of there is no unified numbering or whatever. There are many ISP, all use different networks, things can change almost daily, ... if you try to build a list of "national" IPv4 networks and think you have finished, you will find more. Not manageable.
Top
User avatar
doktornotor
Ask me anything
Posts: 7472
Joined: Tue Apr 24, 2012 5:44 am

Re: Apache Processes using 100% CPU Time

Post by doktornotor »

jan.lex wrote: How can I protect my webserver?
Certainly not by configuring things on QNAP. Unless you have a pretty decent firewall (no, $50 blackbox "router" from ISP does not count), pretty much lost cause, ask ISP for help. I also find it sheer madness to expose this QNAP thing directly on internet. At minimum, you should have the webserver behind a reverse proxy (nginx or whatever) running on something else than QNAP.
I'm gone from this forum till QNAP stop wasting volunteers' time. Get help from QNAP helpdesk instead.
Warning: offensive signature and materials damaging QNAP reputation follow:
QNAP's FW security issues
QNAP's hardware compatibility list madness
QNAP's new logo competition
Dear QNAP, kindly fire your clueless incompetent forum "admin" And while at it, don't forget the webmaster!
Top
Post Reply

Return to “Web Server & Applications (Apache + PHP + MySQL / SQLite)”