[CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

Wed Jun 3 04:41:05 UTC 2009
John R. Dennison <jrd at gerdesas.com>

On Tue, Jun 02, 2009 at 09:34:55PM -0700, bruce wrote:
> it's possible your box is attacked, has been compromised.. of it's possible
> that it's also being slammed by some sort of potential attack/hack.
> regarding the apache app, what do the log files say... what apps do you have
> running on the apche server? are these apps home grown, or installed from
> some public source?

	He has multiple occurances of a process named "atack", each
	running with an argument of 100.  Looks like a DoS to me.

> do the research online to see what kind of attack you might have...

	It's irrelevant except as a learning exercise in forensics.

> it might be that your box is completely safe...

	You're kidding, right?

> you might also track/monitor any kind of attempt at the box communicating
> with other ip addresses that you aren't using....

	The longer that box stays on the net the more potential damage
	it can (and most likely *will* do).

> doing a complete reinstall is a draconian measure and may not be called
> for...

	You're kidding, right?





							John

-- 
"I'm sorry but our engineers do not have phones."
As stated by a Network Solutions Customer Service representative when asked to
be put through to an engineer.

"My other computer is your windows box."
                                     Ralf Hildebrandt
<sxem> trying to play sturgeon while it's under attack is apparently not fun.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20090602/984b608d/attachment-0005.sig>