Hi,
I really hope you guys can give me a hand in this issue.
I have had this box hacked 3 days ago, we installed a new OS and fresh CPanel/WHM installation.
I recompiled Apache as well with CURL.
The problem is that the server is going in enormous loads (never before went over 2, now it is reaching 40s
The server is 3.2GH HT with 1GB RAM, Fedora i686
Here is the output of top:
top - 06:18:47 up 16:25, 1 user, load average: 30.45, 26.19, 21.20
Tasks: 229 total, 31 running, 196 sleeping, 2 stopped, 0 zombie
Cpu(s): 20.8% us, 76.7% sy, 0.0% ni, 0.0% id, 2.5% wa, 0.0% hi, 0.0% si
Mem: 967480k total, 844780k used, 122700k free, 101580k buffers
Swap: 2096440k total, 219192k used, 1877248k free, 83440k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
6328 nobody 25 0 5744 1584 1372 R 7.0 0.2 35:17.34 curl
22173 nobody 25 0 5740 1652 1372 R 7.0 0.2 6:47.57 curl
22915 nobody 25 0 5736 1648 1372 R 7.0 0.2 5:51.47 curl
23987 nobody 25 0 5744 1656 1372 R 7.0 0.2 4:48.85 curl
29236 nobody 25 0 5744 1656 1372 R 7.0 0.2 0:54.90 curl
29796 nobody 25 0 5740 1652 1372 R 7.0 0.2 0:39.33 curl
31062 nobody 25 0 5740 1652 1372 R 7.0 0.2 0:03.93 curl
32398 nobody 25 0 5740 1556 1276 R 6.6 0.2 76:02.72 curl
11519 nobody 25 0 5744 1652 1372 R 6.6 0.2 26:19.65 curl
19538 nobody 25 0 5740 1652 1372 R 6.6 0.2 9:39.42 curl
20500 nobody 25 0 5740 1532 1372 R 6.6 0.2 8:10.44 curl
20591 nobody 25 0 5744 1656 1372 R 6.6 0.2 8:03.26 curl
20889 nobody 25 0 5740 1652 1372 R 6.6 0.2 7:42.45 curl
24390 nobody 25 0 5736 1648 1372 R 6.6 0.2 4:21.20 curl
29166 nobody 25 0 5744 1656 1372 R 6.6 0.2 0:59.12 curl
29347 nobody 25 0 5740 1652 1372 R 6.6 0.2 0:51.11 curl
29863 nobody 25 0 5740 1652 1372 R 6.6 0.2 0:39.38 curl
30044 nobody 25 0 5740 1652 1372 R 6.6 0.2 0:31.33 curl
30129 nobody 25 0 5744 1656 1372 R 6.6 0.2 0:27.50 curl
30212 nobody 25 0 5736 1648 1372 R 6.6 0.2 0:25.92 curl
30277 nobody 25 0 5736 1648 1372 R 6.6 0.2 0:24.82 curl
30422 nobody 25 0 5740 1652 1372 R 6.6 0.2 0:22.81 curl
30441 nobody 25 0 5740 1652 1372 R 6.6 0.2 0:21.61 curl
30790 nobody 25 0 5736 1648 1372 R 6.6 0.2 0:14.79 curl
30879 nobody 25 0 5740 1652 1372 R 6.6 0.2 0:12.91 curl
30965 nobody 25 0 5744 1656 1372 R 6.6 0.2 0:09.82 curl
21356 nobody 25 0 5744 1656 1372 R 6.3 0.2 7:18.64 curl
28412 nobody 25 0 5744 1652 1372 R 6.3 0.2 1:49.19 curl
29963 nobody 25 0 5740 1652 1372 R 6.3 0.2 0:35.60 curl
1458 nobody 15 0 28564 19m 5016 S 0.3 2.0 0:16.12 httpd
1461 nobody 15 0 31080 21m 5056 S 0.3 2.3 0:25.25 httpd
Look at the amount of CURL in there!
What can I do to fix it? if any information is required please ask and I will post it.
Regards and thanks to all who takes the time and effort to help.
I really hope you guys can give me a hand in this issue.
I have had this box hacked 3 days ago, we installed a new OS and fresh CPanel/WHM installation.
I recompiled Apache as well with CURL.
The problem is that the server is going in enormous loads (never before went over 2, now it is reaching 40s
The server is 3.2GH HT with 1GB RAM, Fedora i686
Here is the output of top:
top - 06:18:47 up 16:25, 1 user, load average: 30.45, 26.19, 21.20
Tasks: 229 total, 31 running, 196 sleeping, 2 stopped, 0 zombie
Cpu(s): 20.8% us, 76.7% sy, 0.0% ni, 0.0% id, 2.5% wa, 0.0% hi, 0.0% si
Mem: 967480k total, 844780k used, 122700k free, 101580k buffers
Swap: 2096440k total, 219192k used, 1877248k free, 83440k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
6328 nobody 25 0 5744 1584 1372 R 7.0 0.2 35:17.34 curl
22173 nobody 25 0 5740 1652 1372 R 7.0 0.2 6:47.57 curl
22915 nobody 25 0 5736 1648 1372 R 7.0 0.2 5:51.47 curl
23987 nobody 25 0 5744 1656 1372 R 7.0 0.2 4:48.85 curl
29236 nobody 25 0 5744 1656 1372 R 7.0 0.2 0:54.90 curl
29796 nobody 25 0 5740 1652 1372 R 7.0 0.2 0:39.33 curl
31062 nobody 25 0 5740 1652 1372 R 7.0 0.2 0:03.93 curl
32398 nobody 25 0 5740 1556 1276 R 6.6 0.2 76:02.72 curl
11519 nobody 25 0 5744 1652 1372 R 6.6 0.2 26:19.65 curl
19538 nobody 25 0 5740 1652 1372 R 6.6 0.2 9:39.42 curl
20500 nobody 25 0 5740 1532 1372 R 6.6 0.2 8:10.44 curl
20591 nobody 25 0 5744 1656 1372 R 6.6 0.2 8:03.26 curl
20889 nobody 25 0 5740 1652 1372 R 6.6 0.2 7:42.45 curl
24390 nobody 25 0 5736 1648 1372 R 6.6 0.2 4:21.20 curl
29166 nobody 25 0 5744 1656 1372 R 6.6 0.2 0:59.12 curl
29347 nobody 25 0 5740 1652 1372 R 6.6 0.2 0:51.11 curl
29863 nobody 25 0 5740 1652 1372 R 6.6 0.2 0:39.38 curl
30044 nobody 25 0 5740 1652 1372 R 6.6 0.2 0:31.33 curl
30129 nobody 25 0 5744 1656 1372 R 6.6 0.2 0:27.50 curl
30212 nobody 25 0 5736 1648 1372 R 6.6 0.2 0:25.92 curl
30277 nobody 25 0 5736 1648 1372 R 6.6 0.2 0:24.82 curl
30422 nobody 25 0 5740 1652 1372 R 6.6 0.2 0:22.81 curl
30441 nobody 25 0 5740 1652 1372 R 6.6 0.2 0:21.61 curl
30790 nobody 25 0 5736 1648 1372 R 6.6 0.2 0:14.79 curl
30879 nobody 25 0 5740 1652 1372 R 6.6 0.2 0:12.91 curl
30965 nobody 25 0 5744 1656 1372 R 6.6 0.2 0:09.82 curl
21356 nobody 25 0 5744 1656 1372 R 6.3 0.2 7:18.64 curl
28412 nobody 25 0 5744 1652 1372 R 6.3 0.2 1:49.19 curl
29963 nobody 25 0 5740 1652 1372 R 6.3 0.2 0:35.60 curl
1458 nobody 15 0 28564 19m 5016 S 0.3 2.0 0:16.12 httpd
1461 nobody 15 0 31080 21m 5056 S 0.3 2.3 0:25.25 httpd
Look at the amount of CURL in there!
What can I do to fix it? if any information is required please ask and I will post it.
Regards and thanks to all who takes the time and effort to help.