Is this an attack?
Hi,
One of my servers, that's still running the old Debian Etch, is been the responsible for de crash of my entire internet access. Every time that my internet access gets down, I see an weird process called 'std' or 'S' always running by www-data user that consumes all the machine process and network resources. Is this any know attack? I need to get good arguments to convince the users of this server to allow me to get it upgraded. Thank's -- Rodolfo Barbosa Lunar Consultoria barbosa.rodolfo@lunarconsultoria.com.br CEL: +55 (35) 9132-0764 -- To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/000f01cb960c$00206c90$006145b0$@rodolfo@lunarconsu ltoria.com.br |
Is this an attack?
On 07.12.10 10:40, Rodolfo Barbosa wrote:
> One of my servers, that's still running the old Debian Etch, > is been the responsible for de crash of my entire internet > access. > > Every time that my internet access gets down, I see an weird > process called 'std' or 'S' always running by www-data user > that consumes all the machine process and network resources. > > Is this any know attack? I need to get good arguments to > convince the users of this server to allow me to get it > upgraded. it's very hard to tell what is that. May be an attack, may be a bug in old version of system. Just Do An Upgrade. -- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Christian Science Programming: "Let God Debug It!". -- To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 20101207125941.GB21858@fantomas.sk">http://lists.debian.org/20101207125941.GB21858@fantomas.sk |
Is this an attack?
On 12/07/2010 01:40 PM, Rodolfo Barbosa wrote:
> Every time that my internet access gets down, I see an weird > process called 'std' or 'S' always running by www-data user > that consumes all the machine process and network resources. > > Is this any know attack? I need to get good arguments to > convince the users of this server to allow me to get it > upgraded. sounds like an exploited webapp (e.g. php) where a user managed to start a process as the www-data user. simply upgrading the server will not make exploits like this go away. you should check your apache logfiles (do not forget about the error logs) and look for any suspicious output (e.g. wget output). cheers, raoul -- __________________________________________________ __________________ DI (FH) Raoul Bhatia M.Sc. email. r.bhatia@ipax.at Technischer Leiter IPAX - Aloy Bhatia Hava OG web. http://www.ipax.at Barawitzkagasse 10/2/2/11 email. office@ipax.at 1190 Wien tel. +43 1 3670030 FN 277995t HG Wien fax. +43 1 3670030 15 __________________________________________________ __________________ -- To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 4CFE30F4.7070103@ipax.at">http://lists.debian.org/4CFE30F4.7070103@ipax.at |
| All times are GMT. The time now is 04:17 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.