Hello, 



I am very new to Apache administration, and am looking for some feedback 

on what I think is a security issue. I have been frequently dealing with 

httpd maxing out at well over 100 threads, bringing my system to a near 

standstill. My error log confirms that apache is being maxed out, but also 

turns up some wierd stuff. Actually, when httpd does max out, the error 

log pumps out pages of this: 



httpd in free(): warning: recursive call.

httpd in malloc(): warning: recursive call. 

 



I have looked around to find an explination for this warning, and have 

come up empty handed. Any ideas? 



Further, the server has been attacked in the past with someone running 

some sort of "hammer" script on selected pages. Is there away of 

protecting apache from such types of attacks? 



Any thoughts is greatly appreciated. 



Regards, 



Michael 





FYI: I am running 



FreeBSD 4.1.1-STABLE 

Apache Version Apache/1.3.17 

Apache Release 10317100 

Apache API Version 19990320 

User/Group nobody(65534)/65534 

Max Requests Per Child: 30 

Keep Alive: on 

Max Per Connection: 100 

Timeouts Connection: 300 

Keep-Alive: 15 

Server Root /usr/local/apache 

Loaded Modules mod_perl, mod_php4, mod_setenvif, mod_auth, mod_access, 

mod_alias, mod_userdir, mod_actions, mod_imap, mod_asis, mod_cgi, mod_dir, 

mod_autoindex, mod_include, mod_status, mod_negotiation, mod_mime, 

mod_log_config, mod_env, http_core