Tony,
Unfortunately yes. But there is light at the end of the tunnel.
This server is a virtual server sitting on a VMware server. Remotely I am
able to copy all of the configurations files I need, all of the mail, MySQL
files, etc. to a location nearby (another CentOS machine) and rebuild.
I did document heavily when I installed this server and I think I can
rebuild in a couple of hours, with virtually no loss of mail and the users
should not be affected. The Qmail package presented by Jake and supported
by Eric, you and others makes this virtually painless, but it is still not
what I wanted to be doing.
Looks like my weekend is now booked.
Thanks for your support.
Cheers
-----Original Message-----
From: Tony White [mailto:t...@ycs.com.au]
Sent: Thursday, 13 January 2011 11:43 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Apache issues
Mike,
I assume this is a production server?
On 13/01/2011 12:00 PM, Mike Canty wrote:
> Tony,
> Thanks for the information. I have installed rkhunter and
> discovered there may indeed be rootkits. 3 entries came back in the log.
(cb
> Rootkit, SHV4 Rootkit, SHV5 Rootkit)
>
> I am now looking to see if these need to be removed or the machine
rebuilt.
>
> As for the " pstree -a | less" it is interesting information, but not sure
> what to get out of it for now. The idea of moving ssh to another, is
worth
> a look, but has the horse bolted?
>
> Cheers
>
> -----Original Message-----
> From: Tony White [mailto:t...@ycs.com.au]
> Sent: Thursday, 13 January 2011 11:05 AM
> To: qmailtoaster-list@qmailtoaster.com
> Subject: Re: [qmailtoaster] Re: Apache issues
>
> Hi,
> you might try "pstree -a | less" to show you the command line
arguments
> and paths
> of all running processes. This might give you a clue at least to where the
> source
> file can be found!
>
>
> On 13/01/2011 11:06 AM, Mike Canty wrote:
>> Eric,
>> Is it still a DoS attack, when I can get someone to run "top" find
>> the PID and kill that single process to restore connectivity?
>>
>> Cheers
>>
>> -----Original Message-----
>> From: Eric Shubert [mailto:e...@shubes.net]
>> Sent: Thursday, 13 January 2011 9:55 AM
>> To: qmailtoaster-list@qmailtoaster.com
>> Subject: [qmailtoaster] Re: Apache issues
>>
>> On 01/12/2011 03:16 PM, Mike Canty wrote:
>>> To all,
>>>
>>> I have a server that is having some problems with some "apache"
>>> services.The machine appears to have a runaway process that takes up
>>> just over 20% of the CPU, but this is enough to stop all mail and to a
>>> certain extent network as well.
>>>
>>> The problem for me is this machine is at a remote site. When this
>>> process runs away, I cannot connect to the network remotely, to resolve
>>> the issue, I need to get someone internally to log on to the server
>>> itself and kill the process.
>>>
>>> When I say "Apache", that is the user listed against the process, so it
>>> must be some form of web service.The command at fault is either "std" or
>>> "s", although I have seen a "perl" command giving issues as well, but
>>> not to the same effect.
>>>
>>> Does anyone have any idea what may be causing this?Or what I can do to
>>> rectify?
>>>
>>> Cheers
>>>
>>> Mike Canty
>>>
>> From what you've said, it sounds a little like a DoS attack. It
sounds
>> as though the problem process is saturating the network.
>>
>> What sort of firewall, internal to QMT as well as external, is involved?
>>
--
best wishes
Tony White
----------------------------------------------------------------------------
-----
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
----------------------------------------------------------------------------
-----
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
