Unclosed sessions and some recent downtime

Question

Been getting a lot of unclosed sessions in our jcr logs (using 5.4) and our publish servers have stopped responding a couple of times recently when hit with a burst of lame php hack attempts. The speed of them is what I think is doing us in, in combination with the session errors in particular, but also with some component errors we're getting as well. There was a heap error reported that took one of them down most recently. Am in the process of cleaning all that up (sessions, components) but was hoping for some insight on which is the more likely culprit in the downtime. Have blocked php requests at apache now, but was also wondering if there is any other mitigation in CQ that could/should be active. Will be reviewing the security docs again in the meantime as well.

smacdonald2008 · Accepted Answer

It looks like your AEM server is being flooded. The AEM documentation contains a section that talks about Denial of Service, see the sec checklist [0]

Hope that helps,

[0]

http://dev.day.com/docs/en/cq/current/deploying/security_checklist.html#Preventing%20Denial%20of%20Service%20%28DoS%29%20Attacks

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded