The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[HELP]Am I being attacked??

Discussion in 'General Discussion' started by ProLamer, Nov 29, 2005.

  1. ProLamer

    ProLamer Active Member

    Joined:
    May 17, 2005
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Recently, my server was down for quite a few times.. Every time the server load will increse like crazy to 50+

    I noticed that there is always be one httpd command running before the server went down. that particular process showing that it has 500MB in size..

    When i pico the process detail, i saw the following things:

    total 0
    dr-xr-xr-x 3 nobody nobody 0 Nov 29 17:02 ./
    dr-xr-xr-x 242 root root 0 Nov 29 03:19 ../
    -r--r--r-- 1 root root 0 Nov 29 17:02 cmdline
    -r--r--r-- 1 root root 0 Nov 29 17:02 cpu
    lrwxrwxrwx 1 root root 0 Nov 29 17:02 cwd -> //
    -r-------- 1 root root 0 Nov 29 17:02 environ
    lrwxrwxrwx 1 root root 0 Nov 29 17:02 exe -> /usr/local/apache/bin/httpd*
    dr-x------ 2 root root 0 Nov 29 17:02 fd/
    -r-------- 1 root root 0 Nov 29 17:02 maps
    -rw------- 1 root root 0 Nov 29 17:02 mem
    -r--r--r-- 1 root root 0 Nov 29 17:02 mounts
    lrwxrwxrwx 1 root root 0 Nov 29 17:02 root -> //
    -r--r--r-- 1 root root 0 Nov 29 17:02 stat
    -r--r--r-- 1 root root 0 Nov 29 17:02 statm
    -r--r--r-- 1 root root 0 Nov 29 17:02 status

    Could anyone tell me is my server being attacked??!!

    thank you.
     
  2. ProLamer

    ProLamer Active Member

    Joined:
    May 17, 2005
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
    26325 nobody 20 0 1046M 823M 3512 R 17.5 82.2 0:21 0 httpd
     
  3. ProLamer

    ProLamer Active Member

    Joined:
    May 17, 2005
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Then when i went to Cpanel to watch the apache status, i got this error:

    Unable to retrieve apache status [a fatal error or timeout occurred while processing this directive
     
  4. david510

    david510 Well-Known Member

    Joined:
    Aug 22, 2004
    Messages:
    473
    Likes Received:
    0
    Trophy Points:
    16
    Hello,

    This means that the apache is down in the server.
     
  5. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    It is very likely that a hacker or a spammer managed to download and install their tools on your server through an insecure Php and/or cgi script(s). Remove all these file/programs and secure your server by installing a number of different application including mod_security, mod_dosevasive, APF, and BFD.
     
Loading...

Share This Page