Any help that can be offered is greatly appreciated. I have went back and forth a few times on a support ticket and have had no satisfaction.

From my ~/logs/[websitename].lighttpd-error.log:

error-log wrote:

2006-11-28 12:34:05: (request.c.1063) POST-request, but content-length missing -> 411
2006-11-30 01:24:07: (connections.c.1238) accept failed: Software caused connection abort 53
2006-11-30 02:51:38: (request.c.1063) POST-request, but content-length missing -> 411
2006-11-30 02:52:42: (response.c.506) file not found ... or so: File name too long /webadmin.ntf+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.nsf ->
2006-12-01 05:24:23: (connections.c.1238) accept failed: Software caused connection abort 53
2006-12-01 07:39:02: (request.c.1063) POST-request, but content-length missing -> 411
2006-12-01 07:41:59: (response.c.506) file not found ... or so: File name too long /webadmin.ntf+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.nsf ->
2006-12-01 23:22:04: (connections.c.1238) accept failed: Software caused connection abort 53
2006-12-02 01:21:18: (request.c.1063) POST-request, but content-length missing -> 411
2006-12-02 01:23:14: (response.c.506) file not found ... or so: File name too long /webadmin.ntf+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.nsf ->

The attacks are regular and frequent. This appears to be related to a Lotus Domino exploit of webadmin.ntf

Lightty hasn't actually crashed. The proccess is still running. Any attempts to connect to either website result in a 404. Restarting the fast-cgis has no effect, only a restart of lightty (which also restarts the fcgis) will get lightty back in the game.

After the malformed URL is sent after a fresh restart, the fast cgis produce no more log entries, despite lightty accepting connections.

Does anyone have any ideas? I have an average uptime of about 15 hours depending on when I restart lightty... obviously this is unacceptable.

Thanks for any help or perspective you can offer!

PS