it's possible your box is attacked, has been compromised.. of it's possible that it's also being slammed by some sort of potential attack/hack. regarding the apache app, what do the log files say... what apps do you have running on the apche server? are these apps home grown, or installed from some public source? do the research online to see what kind of attack you might have... it might be that your box is completely safe... you might also track/monitor any kind of attempt at the box communicating with other ip addresses that you aren't using.... doing a complete reinstall is a draconian measure and may not be called for... your mileage might vary... -----Original Message----- From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx]On Behalf Of Linux Advocate Sent: Tuesday, June 02, 2009 8:23 PM To: CentOS mailing list Subject: Centos 5.3 -> Apache - Under Attack ? Oh hell.... Guys, apache cpus usage is hitting 100% sometimes ( to such an extent that its very noticeable) on a box with just 8 users or so. i m getting this when i run 'top'. The worrying thing is seeing the work 'atack' under command PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 23119 apache 15 0 964 556 472 S 0.7 0.0 0:03.68 atack 23479 apache 15 0 964 556 472 S 0.7 0.0 0:01.94 atack 22170 apache 15 0 964 560 472 S 0.3 0.0 0:05.23 atack 22375 apache 15 0 964 560 472 S 0.3 0.0 0:04.21 atack 22858 apache 15 0 964 560 472 S 0.3 0.0 0:02.87 atack 22997 apache 15 0 964 560 472 S 0.3 0.0 0:04.11 atack 22999 apache 15 0 964 560 472 S 0.3 0.0 0:02.22 atack 23007 apache 15 0 964 560 472 S 0.3 0.0 0:03.79 atack 23099 apache 15 0 964 556 472 S 0.3 0.0 0:02.18 atack 23101 apache 15 0 964 556 472 S 0.3 0.0 0:02.48 atack 23108 apache 15 0 964 556 472 S 0.3 0.0 0:03.59 atack 23109 apache 15 0 964 556 472 S 0.3 0.0 0:02.75 atack 23112 apache 15 0 972 504 412 S 0.3 0.0 0:04.70 atack 23115 apache 15 0 964 556 472 S 0.3 0.0 0:03.75 atack 23116 apache 15 0 964 556 472 S 0.3 0.0 0:02.80 atack 23121 apache 15 0 972 504 412 S 0.3 0.0 0:03.79 atack 23384 apache 15 0 964 556 472 S 0.3 0.0 0:01.63 atack 23389 apache 15 0 964 556 472 S 0.3 0.0 0:03.52 atack 23392 apache 15 0 964 556 472 S 0.3 0.0 0:01.61 atack 23397 apache 15 0 964 556 472 S 0.3 0.0 0:01.62 atack 23405 apache 15 0 964 556 472 S 0.3 0.0 0:03.64 atack When i 'ps -ef' i can see many lines as below; apache 24253 23378 0 10:54 ? 00:00:00 ./atack 100 apache 24286 23378 0 10:59 ? 00:00:00 ./atack 100 apache 24292 23378 0 11:00 ? 00:00:01 ./atack 100 apache 24335 23378 0 11:01 ? 00:00:00 ./atack 100 apache 24344 23378 0 11:01 ? 00:00:00 ./atack 100 apache 24347 23378 0 11:02 ? 00:00:00 ./atack 100 apache 24358 23378 0 11:04 ? 00:00:00 ./atack 100 Hell, has my centos 5.3 box been hacked??? Help !!!!!!!!!! _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos