Process KOTFARE using 99% CPU

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



centos-bounces@xxxxxxxxxx <> scribbled on Wednesday, January 18, 2006 11:03
AM:

> From: centos-bounces@xxxxxxxxxx
> [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Jim Perrin
> Sent: Wednesday, January 18, 2006 5:38 AM
> To: CentOS mailing list
> Subject: Re:  Process KOTFARE using 99% CPU
> 
> On 1/18/06, Adriano Frare <alfrare@xxxxxxxxxxxx> wrote:
>> Dear Friends,
>> 
>> I have process run in CENTOS 4.2 call kotfare that is using 99% CPU,
> it
>> run with owner apache.
>> 
>> I kill process KOTFARE and restart apache, after some hours this
> process
>> return.
>> 
>> I did find file with name *kotfare* and I din't find.
>> 
>> Please, help me.
> 
> Well this doesn't sound in any way healthy. You're going to
> want to crawl through your apache logs and see if anything
> looks out of place.
> Odd GET or POST requests, SQL statements that don't look right etc.
> You might also want to look in /var/tmp and /tmp as well as
> in your DOCUMENT_ROOT, and remember to do an ls -la to show
> hidden directories. There are a couple of things out there
> that create a directory called ... in /var/tmp etc. You'll
> also want to look at your web software to make sure you're
> running secure versions etc. and make sure you've got all
> things updated.
> 
> = = = = = =
> 
> Based on this discussion
> http://forums1.itrc.hp.com/service/forums/questionanswer.do?th
readId=991
> 357
> I think you have been hacked.
> 
> The discussion talks about the author's clean up after his
> being hacked.
> 
> Bruce

Google revealed this:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=991357

Mike


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux