[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [CF-Dev] OT: IIS4 crashing

Did you apply this...

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

It seems that others had similar problems due to an exploit...

-----Original Message-----
From: dev-bounces@list.cfdeveloper.co.uk
[mailto:dev-bounces@list.cfdeveloper.co.uk] On Behalf Of Taz
Sent: 14 October 2004 09:08
To: dev@list.cfdeveloper.co.uk
Subject: [CF-Dev] OT: IIS4 crashing

>- see footer for list info -<
I have a serious problem on one of my live servers. It's an NT4 machine
running IIS 4 and CF4.5.2, and has been doing so perfectly for the last 4
years.

But in the last week, IIS started shutting down every 4 minutes. The monitor
gets it back up and running in no time, but it still results in a few
timeouts for unlucky people who are trying to access the sites. 

Here's what happens:
- Web server starts
- FTP server starts
No obvious increases on CPU or memory usage
- 4 minutes later (give or take a couple of seconds) the CPU will go 100%
and the memory will blip a little (I'm assuming that the memory blip is as
it writes dumps, event logs and DrWatson log).
DrWatson shuts them both down, then BrightTiger will start them up again.

Great fun! So I've searched the interweb, I've searched Microsoft.com, I've
searched IISFAQ.com and various other IIS specific sites, and so far I've
got nothing. Nada. Zip.


Event viewer shows me this for each crash:

The application, exe\inetinfo.dbg, generated an application error The error
occurred on 10/14/2004 @  8:54: 0.558 The exception generated was c00000fd
at address 100baeb2 (TerminateFilter) 


DrWatson log looks like this:
Application exception occurred:
        App: exe\inetinfo.dbg (pid=343)
        When: 10/14/2004 @ 8:33:21.726
        Exception number: c00000fd (stack overflow)
....
....
Instert unidentifiable Hexadecimal garbage here.


I've picked up some IIS tools to run traces and grab a copy of the stack
dump, but I can't find any information about what the hell the 19Mb stack
dump file (made up of more hex garbage) is supposed to tell me.



Now the good news: I'm currently in the middle of moving everything off the
server because I've upgraded to a shiny new 2003 box, running MX and all
manner of wonders. So by rights this shouldn't be too much of a worry, but
there's issues with getting the domain names transferred to another ISP,
plus general fannying about from various parties involved, so consequently
it's taking a while. Two shops are running on the box, so they're losing
money and probably customers (due to the fact that they keep hitting timeout
errors). Add to that the fact that not only am I a person with a conscience,
but I also have a large curiosity chip whirring away in the back of my
brain. I'm a "Can fix it, will fix it" type of person, and I damn well want
to sort this out, even if it is only for 3 days.


Anyone got any ideas?
Taz
_______________________________________________

For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo

--
CFDeveloper Sponsors:-
>- Hosting provided by www.cfmxhosting.co.uk -<
>- Forum provided by www.fusetalk.com -<
>- DHTML Menus provided by www.APYCOM.com -<
>- Lists hosted by www.Gradwell.com -<
>- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<