> I was wrong, it just happened again. > > Suddenly there was no network response from the server. > I went straight to the server room, and typed in "root" at the login > prompt. This seemed to have normal response, the letters "root" appeared > immedeately. Then I hit enter.. > > Now, 10min later.. still waiting for a password prompt. > Both disks are working overtime. > I disconnected the network plug right after attempting to login. > > Going to wait a little while more for the OOM killer to do it's magic > and maybe give me a clue as to what went wrong this time. > Unfortunately the computer has 2.5gb swap =( As predicted, the OOM killer did it's job. The problem is actually that some cracker has managed to upload httpds.c into /tmp/.bd/ (via apache, still investigating how). He then managed to compile and run it. I took a look at the source code, and it seems to be a DDOS util. Why it killed our server instead of the target of the DDOS I do not know, but I guess it might be due to our firewall rejecting all the attempts to connect. I guess I'll fix this problem the same way I did at another server. I'll make a partition for /tmp and mount it with noexec, or are there better ways to do that? -HK
