[CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

Wed Jun 3 03:39:20 UTC 2009
Linux Advocate <linuxhousedn at yahoo.com>

sorry typos amended....




    
Guys, apache's cpu usage is hitting
100% sometimes ( to such an extent that its 
very noticeable) 
on a box ( 2gb ram)  with just 8 users or so. This newver happended before.

i m getting this when i
run 'top'. The worrying thing is seeing the word 'atack' 
under
command


PID USER      PR  NI 
VIRT  RES  SHR S %CPU %MEM    TIME+ 
COMMAND
23119 apache    15  0  964  556 
472 S  0.7  0.0  0:03.68 atack
23479 apache 
  15  0  964  556  472 S  0.7 
0.0  0:01.94 atack
22170 apache    15  0 
964  560  472 S  0.3  0.0  0:05.23 atack
22375 apache    15  0  964  560  472 S 
0.3  0.0  0:04.21 atack
22858 apache    15 
0  964  560  472 S  0.3  0.0  0:02.87
atack
22997 apache    15  0  964  560 
472 S  0.3  0.0  0:04.11 atack
22999 apache 
  15  0  964  560  472 S  0.3 
0.0  0:02.22 atack
23007 apache    15  0 
964  560  472 S  0.3  0.0  0:03.79 atack
23099 apache    15  0  964  556  472 S 
0.3  0.0  0:02.18 atack
23101 apache    15 
0  964  556  472 S  0.3  0.0  0:02.48
atack
23108 apache    15  0  964  556 
472 S  0.3  0.0  0:03.59 atack
23109 apache 
  15  0  964  556  472 S  0.3 
0.0  0:02.75 atack
23112 apache    15  0 
972  504  412 S  0.3  0.0  0:04.70 atack
23115 apache    15  0  964  556  472 S 
0.3  0.0  0:03.75 atack
23116 apache    15 
0  964  556  472 S  0.3  0.0  0:02.80
atack
23121 apache    15  0  972  504 
412 S  0.3  0.0  0:03.79 atack
23384 apache 
  15  0  964  556  472 S  0.3 
0.0  0:01.63 atack
23389 apache    15  0 
964  556  472 S  0.3  0.0  0:03.52 atack
23392 apache    15  0  964  556  472 S 
0.3  0.0  0:01.61 atack
23397 apache    15 
0  964  556  472 S  0.3  0.0  0:01.62
atack
23405 apache    15  0  964  556 
472 S  0.3  0.0  0:03.64 atack

When i 'ps
-ef' i can see many lines as below;

apache  24253
23378  0 10:54 ?        00:00:00 ./atack
100
apache  24286 23378  0 10:59 ?     
  00:00:00 ./atack 100
apache  24292 23378  0
11:00 ?        00:00:01 ./atack 100
apache 
24335 23378  0 11:01 ?        00:00:00
./atack 100
apache  24344 23378  0 11:01 ?   
    00:00:00 ./atack 100
apache  24347 23378 
0 11:02 ?        00:00:00 ./atack 100
apache 
24358 23378  0 11:04 ?        00:00:00
./atack 100


Hell, has my centos 5.3 box  been
hacked??? Help  !!!!!!!!!!