Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, Jun 02, 2009 at 09:34:55PM -0700, bruce wrote:
> it's possible your box is attacked, has been compromised.. of it's possible
> that it's also being slammed by some sort of potential attack/hack.
> regarding the apache app, what do the log files say... what apps do you have
> running on the apche server? are these apps home grown, or installed from
> some public source?

	He has multiple occurances of a process named "atack", each
	running with an argument of 100.  Looks like a DoS to me.

> do the research online to see what kind of attack you might have...

	It's irrelevant except as a learning exercise in forensics.

> it might be that your box is completely safe...

	You're kidding, right?

> you might also track/monitor any kind of attempt at the box communicating
> with other ip addresses that you aren't using....

	The longer that box stays on the net the more potential damage
	it can (and most likely *will* do).

> doing a complete reinstall is a draconian measure and may not be called
> for...

	You're kidding, right?





							John

-- 
"I'm sorry but our engineers do not have phones."
As stated by a Network Solutions Customer Service representative when asked to
be put through to an engineer.

"My other computer is your windows box."
                                     Ralf Hildebrandt
<sxem> trying to play sturgeon while it's under attack is apparently not fun.

Attachment: pgpqsPVyWSLKU.pgp
Description: PGP signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux