On Tue, Jun 02, 2009 at 09:34:55PM -0700, bruce wrote: > it's possible your box is attacked, has been compromised.. of it's possible > that it's also being slammed by some sort of potential attack/hack. > regarding the apache app, what do the log files say... what apps do you have > running on the apche server? are these apps home grown, or installed from > some public source? He has multiple occurances of a process named "atack", each running with an argument of 100. Looks like a DoS to me. > do the research online to see what kind of attack you might have... It's irrelevant except as a learning exercise in forensics. > it might be that your box is completely safe... You're kidding, right? > you might also track/monitor any kind of attempt at the box communicating > with other ip addresses that you aren't using.... The longer that box stays on the net the more potential damage it can (and most likely *will* do). > doing a complete reinstall is a draconian measure and may not be called > for... You're kidding, right? John -- "I'm sorry but our engineers do not have phones." As stated by a Network Solutions Customer Service representative when asked to be put through to an engineer. "My other computer is your windows box." Ralf Hildebrandt <sxem> trying to play sturgeon while it's under attack is apparently not fun.
Attachment:
pgpqsPVyWSLKU.pgp
Description: PGP signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos