Expand my Community achievements bar.

SOLVED

Unclosed sessions and some recent downtime

Avatar

Level 2

Been getting a lot of unclosed sessions in our jcr logs (using 5.4) and our publish servers have stopped responding a couple of times recently when hit with a burst of lame php hack attempts. The speed of them is what I think is doing us in, in combination with the session errors in particular, but also with some component errors we're getting as well. There was a heap error reported that took one of them down most recently. Am in the process of cleaning all that up (sessions, components) but was hoping for some insight on which is the more likely culprit in the downtime. Have blocked php requests at apache now, but was also wondering if there is any other mitigation in CQ that could/should be active. Will be reviewing the security docs again in the meantime as well.

1 Accepted Solution

Avatar

Correct answer by
Level 10

It looks like your AEM server is being flooded. The AEM documentation contains a section that talks about Denial of Service, see the sec checklist [0]

Hope that helps,

[0]

http://dev.day.com/docs/en/cq/current/deploying/security_checklist.html#Preventing%20Denial%20of%20Service%20%28DoS%29%20Attacks

View solution in original post

1 Reply

Avatar

Correct answer by
Level 10

It looks like your AEM server is being flooded. The AEM documentation contains a section that talks about Denial of Service, see the sec checklist [0]

Hope that helps,

[0]

http://dev.day.com/docs/en/cq/current/deploying/security_checklist.html#Preventing%20Denial%20of%20Service%20%28DoS%29%20Attacks