[CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

Linux Advocate

linuxhousedn at yahoo.com
Wed Jun 3 03:23:16 UTC 2009


Guys, apache cpus usage is hitting 100% sometimes ( to such an extent that its very noticeable)  on a box with just 8 users or so.

i m getting this when i run 'top'. The worrying thing is seeing the work 'atack' under command


PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
23119 apache    15   0   964  556  472 S  0.7  0.0   0:03.68 atack
23479 apache    15   0   964  556  472 S  0.7  0.0   0:01.94 atack
22170 apache    15   0   964  560  472 S  0.3  0.0   0:05.23 atack
22375 apache    15   0   964  560  472 S  0.3  0.0   0:04.21 atack
22858 apache    15   0   964  560  472 S  0.3  0.0   0:02.87 atack
22997 apache    15   0   964  560  472 S  0.3  0.0   0:04.11 atack
22999 apache    15   0   964  560  472 S  0.3  0.0   0:02.22 atack
23007 apache    15   0   964  560  472 S  0.3  0.0   0:03.79 atack
23099 apache    15   0   964  556  472 S  0.3  0.0   0:02.18 atack
23101 apache    15   0   964  556  472 S  0.3  0.0   0:02.48 atack
23108 apache    15   0   964  556  472 S  0.3  0.0   0:03.59 atack
23109 apache    15   0   964  556  472 S  0.3  0.0   0:02.75 atack
23112 apache    15   0   972  504  412 S  0.3  0.0   0:04.70 atack
23115 apache    15   0   964  556  472 S  0.3  0.0   0:03.75 atack
23116 apache    15   0   964  556  472 S  0.3  0.0   0:02.80 atack
23121 apache    15   0   972  504  412 S  0.3  0.0   0:03.79 atack
23384 apache    15   0   964  556  472 S  0.3  0.0   0:01.63 atack
23389 apache    15   0   964  556  472 S  0.3  0.0   0:03.52 atack
23392 apache    15   0   964  556  472 S  0.3  0.0   0:01.61 atack
23397 apache    15   0   964  556  472 S  0.3  0.0   0:01.62 atack
23405 apache    15   0   964  556  472 S  0.3  0.0   0:03.64 atack

When i 'ps -ef' i can see many lines as below;

apache   24253 23378  0 10:54 ?        00:00:00 ./atack 100
apache   24286 23378  0 10:59 ?        00:00:00 ./atack 100
apache   24292 23378  0 11:00 ?        00:00:01 ./atack 100
apache   24335 23378  0 11:01 ?        00:00:00 ./atack 100
apache   24344 23378  0 11:01 ?        00:00:00 ./atack 100
apache   24347 23378  0 11:02 ?        00:00:00 ./atack 100
apache   24358 23378  0 11:04 ?        00:00:00 ./atack 100


Hell, has my centos 5.3 box  been hacked??? Help  !!!!!!!!!!


      



More information about the CentOS mailing list