On Tue, Jun 02, 2009 at 09:34:55PM -0700, bruce wrote:
> it's possible your box is attacked, has been compromised.. of it's possible
> that it's also being slammed by some sort of potential attack/hack.
> regarding the apache app, what do the log files say... what apps do you have
> running on the apche server? are these apps home grown, or installed from
> some public source?
He has multiple occurances of a process named "atack", each
running with an argument of 100. Looks like a DoS to me.
> do the research online to see what kind of attack you might have...
It's irrelevant except as a learning exercise in forensics.
> it might be that your box is completely safe...
You're kidding, right?
> you might also track/monitor any kind of attempt at the box communicating
> with other ip addresses that you aren't using....
The longer that box stays on the net the more potential damage
it can (and most likely *will* do).
> doing a complete reinstall is a draconian measure and may not be called
> for...
You're kidding, right?
John
--
"I'm sorry but our engineers do not have phones."
As stated by a Network Solutions Customer Service representative when asked to
be put through to an engineer.
"My other computer is your windows box."
Ralf Hildebrandt
<sxem> trying to play sturgeon while it's under attack is apparently not fun.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20090602/984b608d/attachment-0005.sig>