[CentOS] Process KOTFARE using 99% CPU

Wed Jan 18 13:37:54 UTC 2006
Jim Perrin <jperrin at gmail.com>

On 1/18/06, Adriano Frare <alfrare at e-alinux.com> wrote:
> Dear Friends,
>
> I have process run in CENTOS 4.2 call kotfare that is using 99% CPU, it
> run with owner apache.
>
> I kill process KOTFARE and restart apache, after some hours this process
> return.
>
> I did find file with name *kotfare* and I din't find.
>
> Please, help me.

Well this doesn't sound in any way healthy. You're going to want to
crawl through your apache logs and see if anything looks out of place.
Odd GET or POST requests, SQL statements that don't look right etc.
You might also want to look in /var/tmp and /tmp as well as in your
DOCUMENT_ROOT, and remember to do an ls -la to show hidden
directories. There are a couple of things out there that create a
directory called ... in /var/tmp etc. You'll also want to look at your
web software to make sure you're running secure versions etc. and make
sure you've got all things updated.


--
Jim Perrin
System Architect - UIT
Ft Gordon & US Army Signal Center