Apache dDoS “killapache” Sends Malformed GET Requests

There is a bug in certain versions of Apache that is susceptible to a dDoS using malformed GET requests. You can find more information about “killapache” at the following site.

http://www.pentestit.com/2011/08/25/killapache-ddos-tool-freezes-apache-web-server/

 

There is no patch, however their is a work around for this bug which is provided below. In Ubuntu or Debian create a new file “/etc/apache2/conf.d/killapache-fix” and place the following code

 

# Drop the Range header when more than 5 ranges.
# CVE-2011-3192
SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range env=bad-range

# optional logging.
CustomLog logs/range-CVE-2011-3192.log common env=bad-range

You may need to install the “headers” module, which can be done by typing “a2enmod headers” and then you should be able to reload apache without errors.

 


Did you like this article?


0 Shares:
You May Also Like

QuickPwn Release Allows Fast Jailbreak Of iPhone Firmware Update 2.0.2

That's right, hot off the blog presses QuickPwn has been updated by the iphone-dev.org team and now allows you to Jailbreak your iPhones 2.0.2 firmware. The new 2.0.2 firmware that was released on Monday supposedly fixes some "bugs", however the bugs aren't mentioned anywhere.
Here is the updated QuickPwn for Windows, wrapped by Poorlad’s GUI. It contains our new bundles for 2.0.2 and we’ve added support for version 2.0 devices which means you can QuickPwn and jailbreak the device if it is running 2.0, 2.0.1 or 2.0.2. Remember this is still beta software, so usual rules apply, no complaints ifanything goes wrong and use the tool at at your own risk! Download here! SHA1 = 8e1ed2ce9e7e473d38a9dc7824a384a9ac34d7d0

Read the full article at blog.iphone-dev.org
Download the new QuickPwn 1.2.0 with the new 2.0.2 bundle.

Thanks for another successful Jailbreak!

Mobile Chat When Will it Work?

If you've had an iPhone since the launch of Apples Application Store, then you most likely have bought the app Mobile Chat. I mean who wouldn't, just looking at their features http://mobilech.at/features you'd be silly not to pick the only instant messenger on the iPhone. Granted there are Web App versions, but nothing application wise. Here are some of the features.
MobileChat supports the following protocols: * AIM/ICQ/.Mac/MobileME * Windows Live/MSN * Yahoo Messenger * GTalk * Jabber/XMPP Multiple Accounts