Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

[HELP]Am I being attacked??

Discussion in 'General Discussion' started by ProLamer, Nov 29, 2005.

  1. ProLamer

    ProLamer Active Member

    Joined:
    May 17, 2005
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    156
    Recently, my server was down for quite a few times.. Every time the server load will increse like crazy to 50+

    I noticed that there is always be one httpd command running before the server went down. that particular process showing that it has 500MB in size..

    When i pico the process detail, i saw the following things:

    total 0
    dr-xr-xr-x 3 nobody nobody 0 Nov 29 17:02 ./
    dr-xr-xr-x 242 root root 0 Nov 29 03:19 ../
    -r--r--r-- 1 root root 0 Nov 29 17:02 cmdline
    -r--r--r-- 1 root root 0 Nov 29 17:02 cpu
    lrwxrwxrwx 1 root root 0 Nov 29 17:02 cwd -> //
    -r-------- 1 root root 0 Nov 29 17:02 environ
    lrwxrwxrwx 1 root root 0 Nov 29 17:02 exe -> /usr/local/apache/bin/httpd*
    dr-x------ 2 root root 0 Nov 29 17:02 fd/
    -r-------- 1 root root 0 Nov 29 17:02 maps
    -rw------- 1 root root 0 Nov 29 17:02 mem
    -r--r--r-- 1 root root 0 Nov 29 17:02 mounts
    lrwxrwxrwx 1 root root 0 Nov 29 17:02 root -> //
    -r--r--r-- 1 root root 0 Nov 29 17:02 stat
    -r--r--r-- 1 root root 0 Nov 29 17:02 statm
    -r--r--r-- 1 root root 0 Nov 29 17:02 status

    Could anyone tell me is my server being attacked??!!

    thank you.
     
  2. ProLamer

    ProLamer Active Member

    Joined:
    May 17, 2005
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    156
    PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
    26325 nobody 20 0 1046M 823M 3512 R 17.5 82.2 0:21 0 httpd
     
  3. ProLamer

    ProLamer Active Member

    Joined:
    May 17, 2005
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    156
    Then when i went to Cpanel to watch the apache status, i got this error:

    Unable to retrieve apache status [a fatal error or timeout occurred while processing this directive
     
  4. david510

    david510 Well-Known Member

    Joined:
    Aug 22, 2004
    Messages:
    473
    Likes Received:
    0
    Trophy Points:
    166
    Hello,

    This means that the apache is down in the server.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    4
    Trophy Points:
    193
    Location:
    Minneapolis, MN
    It is very likely that a hacker or a spammer managed to download and install their tools on your server through an insecure Php and/or cgi script(s). Remove all these file/programs and secure your server by installing a number of different application including mod_security, mod_dosevasive, APF, and BFD.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice