[CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
bruce
bedouglas at earthlink.net
Wed Jun 3 04:34:55 UTC 2009
it's possible your box is attacked, has been compromised.. of it's possible
that it's also being slammed by some sort of potential attack/hack.
regarding the apache app, what do the log files say... what apps do you have
running on the apche server? are these apps home grown, or installed from
some public source?
do the research online to see what kind of attack you might have...
it might be that your box is completely safe...
you might also track/monitor any kind of attempt at the box communicating
with other ip addresses that you aren't using....
doing a complete reinstall is a draconian measure and may not be called
for...
your mileage might vary...
-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org]On
Behalf Of Linux Advocate
Sent: Tuesday, June 02, 2009 8:23 PM
To: CentOS mailing list
Subject: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
Guys, apache cpus usage is hitting 100% sometimes ( to such an extent that
its very noticeable) on a box with just 8 users or so.
i m getting this when i run 'top'. The worrying thing is seeing the work
'atack' under command
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
23119 apache 15 0 964 556 472 S 0.7 0.0 0:03.68 atack
23479 apache 15 0 964 556 472 S 0.7 0.0 0:01.94 atack
22170 apache 15 0 964 560 472 S 0.3 0.0 0:05.23 atack
22375 apache 15 0 964 560 472 S 0.3 0.0 0:04.21 atack
22858 apache 15 0 964 560 472 S 0.3 0.0 0:02.87 atack
22997 apache 15 0 964 560 472 S 0.3 0.0 0:04.11 atack
22999 apache 15 0 964 560 472 S 0.3 0.0 0:02.22 atack
23007 apache 15 0 964 560 472 S 0.3 0.0 0:03.79 atack
23099 apache 15 0 964 556 472 S 0.3 0.0 0:02.18 atack
23101 apache 15 0 964 556 472 S 0.3 0.0 0:02.48 atack
23108 apache 15 0 964 556 472 S 0.3 0.0 0:03.59 atack
23109 apache 15 0 964 556 472 S 0.3 0.0 0:02.75 atack
23112 apache 15 0 972 504 412 S 0.3 0.0 0:04.70 atack
23115 apache 15 0 964 556 472 S 0.3 0.0 0:03.75 atack
23116 apache 15 0 964 556 472 S 0.3 0.0 0:02.80 atack
23121 apache 15 0 972 504 412 S 0.3 0.0 0:03.79 atack
23384 apache 15 0 964 556 472 S 0.3 0.0 0:01.63 atack
23389 apache 15 0 964 556 472 S 0.3 0.0 0:03.52 atack
23392 apache 15 0 964 556 472 S 0.3 0.0 0:01.61 atack
23397 apache 15 0 964 556 472 S 0.3 0.0 0:01.62 atack
23405 apache 15 0 964 556 472 S 0.3 0.0 0:03.64 atack
When i 'ps -ef' i can see many lines as below;
apache 24253 23378 0 10:54 ? 00:00:00 ./atack 100
apache 24286 23378 0 10:59 ? 00:00:00 ./atack 100
apache 24292 23378 0 11:00 ? 00:00:01 ./atack 100
apache 24335 23378 0 11:01 ? 00:00:00 ./atack 100
apache 24344 23378 0 11:01 ? 00:00:00 ./atack 100
apache 24347 23378 0 11:02 ? 00:00:00 ./atack 100
apache 24358 23378 0 11:04 ? 00:00:00 ./atack 100
Hell, has my centos 5.3 box been hacked??? Help !!!!!!!!!!
_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos
More information about the CentOS
mailing list