Apache dDoS “killapache” Sends Malformed GET Requests

There is a bug in certain versions of Apache that is susceptible to a dDoS using malformed GET requests. You can find more information about “killapache” at the following site.

http://www.pentestit.com/2011/08/25/killapache-ddos-tool-freezes-apache-web-server/

 

There is no patch, however their is a work around for this bug which is provided below. In Ubuntu or Debian create a new file “/etc/apache2/conf.d/killapache-fix” and place the following code

 


# Drop the Range header when more than 5 ranges.
# CVE-2011-3192
SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range env=bad-range

# optional logging.
CustomLog logs/range-CVE-2011-3192.log common env=bad-range

You may need to install the “headers” module, which can be done by typing “a2enmod headers” and then you should be able to reload apache without errors.

 


Did you like this article?


0 Shares:
You May Also Like

Boeing’s unmanned A160T Hummingbird helicopter takes flight

Not the first Unmanned aerial vehicle (UAV) made. But the Boeing A160HT Humming Bird should be one of the best once further tests and simulation in combat missions is completed.
Boeing's unmanned A160T Hummingbird helicopter takes flight -

Filed under:


It's been a few ticks since we've seen Boeing send an atypical aircraft into the friendly skies, but the firm's latest helicopter has successfully completed a 12-minute test flight without so much as a pilot on board. The A160T Hummingbird unmanned rotorcraft is a turbine-powered "warfighter" that aims to provide "intelligence, surveillance, and reconnaissance coverage" in locales that could make even the most calloused veteran queasy. During its time in the air, it reportedly met every objective set for it, and while we've no idea how soon this thing will be lifting itself up, it'll eventually reach speeds of up to 140 knots and stay airborne for up to 20 hours before returning to base for a pat on the wing.

[Via The Raw Feed, image courtesy of SkyControl]

 

Read | Permalink | Email this | Comments


Office Depot Featured Gadget: Xbox 360 Platinum System Packs the power to bring games to life!

[EnGadget]
Read More

New Pwnage Tool 2.0.3 and QuickPwn 1.50

I haven't been keeping up with my submissions as of late so this one squeaked through. But the http://iphone-dev.org team has updated both their PwnageTool and QuickPwn Tool. There is still however no baseband unlock, just support for new jailbreaking of the new firmware.
Read More

Thunderbird still has potential to fly despite developers leaving the nest

Thunderbird is a pretty great open sourced mail client that is available on multiple platforms and for free. From the beginning its development has been mostly be shadowed by FireFox. The two core developers of Thunderbird have left Mozilla, which is a big blow to the ongoing development of Thunderbird. Will Thunderbird not longer get as many updates or new features? Will development complete stop? Only time will tell.
Read More