[CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
Linux Advocate
linuxhousedn at yahoo.com
Wed Jun 3 03:39:20 UTC 2009
sorry typos amended....
Guys, apache's cpu usage is hitting
100% sometimes ( to such an extent that its
very noticeable)
on a box ( 2gb ram) with just 8 users or so. This newver happended before.
i m getting this when i
run 'top'. The worrying thing is seeing the word 'atack'
under
command
PID USER PR NI
VIRT RES SHR S %CPU %MEM TIME+
COMMAND
23119 apache 15 0 964 556
472 S 0.7 0.0 0:03.68 atack
23479 apache
15 0 964 556 472 S 0.7
0.0 0:01.94 atack
22170 apache 15 0
964 560 472 S 0.3 0.0 0:05.23 atack
22375 apache 15 0 964 560 472 S
0.3 0.0 0:04.21 atack
22858 apache 15
0 964 560 472 S 0.3 0.0 0:02.87
atack
22997 apache 15 0 964 560
472 S 0.3 0.0 0:04.11 atack
22999 apache
15 0 964 560 472 S 0.3
0.0 0:02.22 atack
23007 apache 15 0
964 560 472 S 0.3 0.0 0:03.79 atack
23099 apache 15 0 964 556 472 S
0.3 0.0 0:02.18 atack
23101 apache 15
0 964 556 472 S 0.3 0.0 0:02.48
atack
23108 apache 15 0 964 556
472 S 0.3 0.0 0:03.59 atack
23109 apache
15 0 964 556 472 S 0.3
0.0 0:02.75 atack
23112 apache 15 0
972 504 412 S 0.3 0.0 0:04.70 atack
23115 apache 15 0 964 556 472 S
0.3 0.0 0:03.75 atack
23116 apache 15
0 964 556 472 S 0.3 0.0 0:02.80
atack
23121 apache 15 0 972 504
412 S 0.3 0.0 0:03.79 atack
23384 apache
15 0 964 556 472 S 0.3
0.0 0:01.63 atack
23389 apache 15 0
964 556 472 S 0.3 0.0 0:03.52 atack
23392 apache 15 0 964 556 472 S
0.3 0.0 0:01.61 atack
23397 apache 15
0 964 556 472 S 0.3 0.0 0:01.62
atack
23405 apache 15 0 964 556
472 S 0.3 0.0 0:03.64 atack
When i 'ps
-ef' i can see many lines as below;
apache 24253
23378 0 10:54 ? 00:00:00 ./atack
100
apache 24286 23378 0 10:59 ?
00:00:00 ./atack 100
apache 24292 23378 0
11:00 ? 00:00:01 ./atack 100
apache
24335 23378 0 11:01 ? 00:00:00
./atack 100
apache 24344 23378 0 11:01 ?
00:00:00 ./atack 100
apache 24347 23378
0 11:02 ? 00:00:00 ./atack 100
apache
24358 23378 0 11:04 ? 00:00:00
./atack 100
Hell, has my centos 5.3 box been
hacked??? Help !!!!!!!!!!
More information about the CentOS
mailing list