I first noticed a problem when the browser started timing out with the message “Establishing Secure Connection”.
I checked Apache’s log at /var/log/apache2/error.log and found the following
[error] server reached MaxClients setting, consider raising the MaxClients setting
I knew at 12:30 am I wasn’t getting that many legitimate users. I noted my other_vhost_access.log were getting huge and showing the following spam.
www.clayweidinger.com:80 216.244.68.204 – – [29/Mar/2014:00:16:50 -0500] “GET http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D2443770%26cb%3D%5BCACHEBUSTER%5D%26referrer%3D%5BREFERRER_URL%5D%26pubclick%3D%5BINSERT_CLICK_TAG%5D HTTP/1.0” 200 0 “http://www.cashwargames.com/view/6407/barbie-pop-diva.html” “Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.9) Gecko/20100824 Firefox/3.6.9”
www.clayweidinger.com:80 216.244.93.140 – – [29/Mar/2014:00:16:50 -0500] “GET http://ib.adnxs.com/ttj?id=2382498&cb=[CACHEBUSTER]&pubclick=[INSERT_CLICK_TAG] HTTP/1.0” 302 0 “http://www.wealthsuperman.com/index.php/component/k2/itemlist/category/42-credit-cards” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00”
I disabled logging by commenting out the line in /etc/apache2/conf.d/other_vhost_access_log.