Bruce: I think you are misunderstanding something. He showed a process listing of processes running on his server. Those were not apache processes being attacked from the outside. They were rogue processes running on his machine. Neil -- Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com Eliminate junk email and reclaim your inbox. Visit http://www.spammilter.com for details. > -----Original Message----- > From: centos-bounces@xxxxxxxxxx > [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of bruce > Sent: Tuesday, June 02, 2009 11:49 PM > Cc: 'CentOS mailing list' > Subject: Re: Centos 5.3 -> Apache - Under Attack ? > Oh hell.... > > nope... > > not kidding... the majority of windows based attacks on an > apache system > running on linux systems are obnoxiousm but not harmful... > the kinds of > attacks that are looking to exploit windows buffer overflows > are harmless to > linux systems.. > > this isn't to say that all windows attacks are harmless, but > this has been > my experience, as well as what i've seen in the lit. > > if you have other information regarding windows attaks on > webservers, that > also impact linux boxes, please share the relevant websites, > describing the > attack vectors.. i'd be interested in checking out the > articles as would > others... > > but go ahead and reply to me online, as others might be > interested in this > thread as well... > > > -----Original Message----- > From: John R. Dennison [mailto:jrd@xxxxxxxxxxxx] > Sent: Tuesday, June 02, 2009 9:41 PM > To: bruce > Cc: 'CentOS mailing list' > Subject: Re: Centos 5.3 -> Apache - Under Attack ? > Oh hell.... > > > On Tue, Jun 02, 2009 at 09:34:55PM -0700, bruce wrote: > > it's possible your box is attacked, has been compromised.. of it's > possible > > that it's also being slammed by some sort of potential attack/hack. > > regarding the apache app, what do the log files say... what > apps do you > have > > running on the apche server? are these apps home grown, or > installed from > > some public source? > > He has multiple occurances of a process named "atack", each > running with an argument of 100. Looks like a DoS to me. > > > do the research online to see what kind of attack you might have... > > It's irrelevant except as a learning exercise in forensics. > > > it might be that your box is completely safe... > > You're kidding, right? > > > you might also track/monitor any kind of attempt at the box > communicating > > with other ip addresses that you aren't using.... > > The longer that box stays on the net the more potential damage > it can (and most likely *will* do). > > > doing a complete reinstall is a draconian measure and may > not be called > > for... > > You're kidding, right? > > > > > > John > > -- > "I'm sorry but our engineers do not have phones." > As stated by a Network Solutions Customer Service > representative when asked > to > be put through to an engineer. > > "My other computer is your windows box." > Ralf Hildebrandt > <sxem> trying to play sturgeon while it's under attack is > apparently not > fun. > > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos