http://www.backhand.org/mod_backhand/
Looks like you have a load balancing module running for apache. Searching the
web brought up a number of other hits that contained logs that show that
mod_backhand does call suEXEC for some reason. If you only have the one
instance of apache, as opposed to a web farm, you could probably safely turn off
this module in httpd.conf.
"John (EBo) David" wrote:
>
> I was compiling some code and searching the web (using google via.
> Netscape) when my cpu usage shot up over 4.5, and the NIC card was doing
> a hat dance. I tried to being the machine down gentle and the shutdown
> hung on shutting down httpd.
>
> I looked at the error log and found the following:
>
> [Fri Dec 7 01:11:01 2001] [error] [client 193.75.33.35] Client sent
> malformed Host header
> [Fri Dec 7 09:46:13 2001] [error] [client 61.163.155.5] Client sent
> malformed Host header
> [Fri Dec 7 21:41:11 2001] [notice] mod_backhand -- UnixSocketDir set to
> /var/state/backhand
> [Fri Dec 7 21:41:13 2001] [notice] mod_backhand -- UnixSocketDir set to
> /var/state/backhand
> [Fri Dec 7 21:41:14 2001] [notice] backhand_init(616) spawning stats
> things (PID 674)
> [Fri Dec 7 21:41:14 2001] [notice] Apache/1.3.14 (Unix) (SuSE/Linux)
> mod_throttle/3.0 mod_layout/1.0 mod_fastcgi/2.2.2
> balanced_by_mod_backhand/1.1.0 mod_perl/1.24 PHP/3.0.17-dev configured
> -- resuming normal operations
> [Fri Dec 7 21:41:14 2001] [notice] suEXEC mechanism enabled (wrapper:
> /usr/sbin/suexec)
> [Fri Dec 7 21:41:14 2001] [notice] child pid 674 exit signal
> Segmentation fault (11)
>
> and the access log contains:
>
> 193.75.33.35 - - [07/Dec/2001:01:11:01 -0700] "GET
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> HTTP/1.0" 400 309
> 193.252.207.75 - - [07/Dec/2001:09:29:03 -0700] "-" 408 -
> 61.163.155.5 - - [07/Dec/2001:09:46:13 -0700] "GET
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> HTTP/1.0" 400 309
> 151.202.81.182 - - [07/Dec/2001:10:54:10 -0700] "-" 408 -
>
> So somone was hitting me with a code red (IIRC), but does enyone have a
> clue as to what the '"-" 408 -' means and why suEXEC or mod_backhand
> would need to be executed later in the day?
>
> The only thing that I have that is out of the ordinary in cron on my
> system is I was playing with mailman, but it's cron job does not appear
> to be anything odd...
>
> Thanks,
>
> EBo --
>
> Any idea what would cause the
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)