PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 23119 apache 15 0 964 556 472 S 0.7 0.0 0:03.68 atack 23479 apache 15 0 964 556 472 S 0.7 0.0 0:01.94 atack 22170 apache 15 0 964 560 472 S 0.3 0.0 0:05.23 atack 22375 apache 15 0 964 560 472 S 0.3 0.0 0:04.21 atack 22858 apache 15 0 964 560 472 S 0.3 0.0 0:02.87 atack 22997 apache 15 0 964 560 472 S 0.3 0.0 0:04.11 atack 22999 apache 15 0 964 560 472 S 0.3 0.0 0:02.22 atack 23007 apache 15 0 964 560 472 S 0.3 0.0 0:03.79 atack 23099 apache 15 0 964 556 472 S 0.3 0.0 0:02.18 atack 23101 apache 15 0 964 556 472 S 0.3 0.0 0:02.48 atack 23108 apache 15 0 964 556 472 S 0.3 0.0 0:03.59 atack 23109 apache 15 0 964 556 472 S 0.3 0.0 0:02.75 atack 23112 apache 15 0 972 504 412 S 0.3 0.0 0:04.70 atack 23115 apache 15 0 964 556 472 S 0.3 0.0 0:03.75 atack 23116 apache 15 0 964 556 472 S 0.3 0.0 0:02.80 atack 23121 apache 15 0 972 504 412 S 0.3 0.0 0:03.79 atack 23384 apache 15 0 964 556 472 S 0.3 0.0 0:01.63 atack 23389 apache 15 0 964 556 472 S 0.3 0.0 0:03.52 atack 23392 apache 15 0 964 556 472 S 0.3 0.0 0:01.61 atack 23397 apache 15 0 964 556 472 S 0.3 0.0 0:01.62 atack 23405 apache 15 0 964 556 472 S 0.3 0.0 0:03.64 atack
When i 'ps -ef' i can see many lines as below;
apache 24253 23378 0 10:54 ? 00:00:00 ./atack 100 apache 24286 23378 0 10:59 ? 00:00:00 ./atack 100 apache 24292 23378 0 11:00 ? 00:00:01 ./atack 100 apache 24335 23378 0 11:01 ? 00:00:00 ./atack 100 apache 24344 23378 0 11:01 ? 00:00:00 ./atack 100 apache 24347 23378 0 11:02 ? 00:00:00 ./atack 100 apache 24358 23378 0 11:04 ? 00:00:00 ./atack 100
Hell, has my centos 5.3 box been hacked??? Help !!!!!!!!!!
I good tool to have on your linux box that may help, some.
http://rkhunter.sourceforge.net/
http://rpmfind.net/linux/rpm2html/search.php?query=rkhunter
After installing do.
rkhunter --update
rkhunter -c
And see if it finds anything.