On Tue, Jun 02, 2009 at 09:34:55PM -0700, bruce wrote:
it's possible your box is attacked, has been compromised.. of it's possible that it's also being slammed by some sort of potential attack/hack. regarding the apache app, what do the log files say... what apps do you have running on the apche server? are these apps home grown, or installed from some public source?
He has multiple occurances of a process named "atack", each running with an argument of 100. Looks like a DoS to me.
do the research online to see what kind of attack you might have...
It's irrelevant except as a learning exercise in forensics.
it might be that your box is completely safe...
You're kidding, right?
you might also track/monitor any kind of attempt at the box communicating with other ip addresses that you aren't using....
The longer that box stays on the net the more potential damage it can (and most likely *will* do).
doing a complete reinstall is a draconian measure and may not be called for...
You're kidding, right?
John