Mike,
I assume this is a production server?
On 13/01/2011 12:00 PM, Mike Canty wrote:
Tony,
Thanks for the information. I have installed rkhunter and
discovered there may indeed be rootkits. 3 entries came back in the log. (cb
Rootkit, SHV4 Rootkit, SHV5 Rootkit)
I am now looking to see if these need to be removed or the machine rebuilt.
As for the " pstree -a | less" it is interesting information, but not sure
what to get out of it for now. The idea of moving ssh to another, is worth
a look, but has the horse bolted?
Cheers
-----Original Message-----
From: Tony White [mailto:t...@ycs.com.au]
Sent: Thursday, 13 January 2011 11:05 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Apache issues
Hi,
you might try "pstree -a | less" to show you the command line arguments
and paths
of all running processes. This might give you a clue at least to where the
source
file can be found!
On 13/01/2011 11:06 AM, Mike Canty wrote:
Eric,
Is it still a DoS attack, when I can get someone to run "top" find
the PID and kill that single process to restore connectivity?
Cheers
-----Original Message-----
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Thursday, 13 January 2011 9:55 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: Apache issues
On 01/12/2011 03:16 PM, Mike Canty wrote:
To all,
I have a server that is having some problems with some "apache"
services.The machine appears to have a runaway process that takes up
just over 20% of the CPU, but this is enough to stop all mail and to a
certain extent network as well.
The problem for me is this machine is at a remote site. When this
process runs away, I cannot connect to the network remotely, to resolve
the issue, I need to get someone internally to log on to the server
itself and kill the process.
When I say "Apache", that is the user listed against the process, so it
must be some form of web service.The command at fault is either "std" or
"s", although I have seen a "perl" command giving issues as well, but
not to the same effect.
Does anyone have any idea what may be causing this?Or what I can do to
rectify?
Cheers
Mike Canty
From what you've said, it sounds a little like a DoS attack. It sounds
as though the problem process is saturating the network.
What sort of firewall, internal to QMT as well as external, is involved?
--
best wishes
Tony White
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com