Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian ISP (http://www.linux-archive.org/debian-isp/)
-   -   Is this an attack? (http://www.linux-archive.org/debian-isp/462454-attack.html)

"Rodolfo Barbosa" 12-07-2010 11:40 AM

Is this an attack?
 
Hi,

One of my servers, that's still running the old Debian Etch,
is been the responsible for de crash of my entire internet
access.

Every time that my internet access gets down, I see an weird
process called 'std' or 'S' always running by www-data user
that consumes all the machine process and network resources.

Is this any know attack? I need to get good arguments to
convince the users of this server to allow me to get it
upgraded.

Thank's
--
Rodolfo Barbosa
Lunar Consultoria
barbosa.rodolfo@lunarconsultoria.com.br
CEL: +55 (35) 9132-0764




--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/000f01cb960c$00206c90$006145b0$@rodolfo@lunarconsu ltoria.com.br

Matus UHLAR - fantomas 12-07-2010 11:59 AM

Is this an attack?
 
On 07.12.10 10:40, Rodolfo Barbosa wrote:
> One of my servers, that's still running the old Debian Etch,
> is been the responsible for de crash of my entire internet
> access.
>
> Every time that my internet access gets down, I see an weird
> process called 'std' or 'S' always running by www-data user
> that consumes all the machine process and network resources.
>
> Is this any know attack? I need to get good arguments to
> convince the users of this server to allow me to get it
> upgraded.

it's very hard to tell what is that. May be an attack, may be a bug in old
version of system. Just Do An Upgrade.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christian Science Programming: "Let God Debug It!".


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20101207125941.GB21858@fantomas.sk">http://lists.debian.org/20101207125941.GB21858@fantomas.sk

"Raoul Bhatia [IPAX]" 12-07-2010 12:04 PM

Is this an attack?
 
On 12/07/2010 01:40 PM, Rodolfo Barbosa wrote:
> Every time that my internet access gets down, I see an weird
> process called 'std' or 'S' always running by www-data user
> that consumes all the machine process and network resources.
>
> Is this any know attack? I need to get good arguments to
> convince the users of this server to allow me to get it
> upgraded.

sounds like an exploited webapp (e.g. php) where a user managed to start
a process as the www-data user.

simply upgrading the server will not make exploits like this go away.
you should check your apache logfiles (do not forget about the error
logs) and look for any suspicious output (e.g. wget output).

cheers,
raoul
--
__________________________________________________ __________________
DI (FH) Raoul Bhatia M.Sc. email. r.bhatia@ipax.at
Technischer Leiter

IPAX - Aloy Bhatia Hava OG web. http://www.ipax.at
Barawitzkagasse 10/2/2/11 email. office@ipax.at
1190 Wien tel. +43 1 3670030
FN 277995t HG Wien fax. +43 1 3670030 15
__________________________________________________ __________________


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4CFE30F4.7070103@ipax.at">http://lists.debian.org/4CFE30F4.7070103@ipax.at


All times are GMT. The time now is 03:36 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.