[BlueOnyx:06707] Re: [bluequartz] Re: cced gone wild
Eiji Hamano (bluequartz)
bluequartz at hypersys.ne.jp
Wed Mar 16 21:40:15 -05 2011
>> Steady, linear rise in new processes created on the server, 2 every 5
>> minutes
I also have the same experience.
Following steps were always escaped from my BO crisis.
1. Search for unusual extensive access.
tail -200 /var/log/secure
2. If you find the IP address, DROP it on you server.
/sbin/iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
3. Using a TOP command, Obtain the IDs of invalid new processes.
Then, KILL new processes.
kill -9 xxxx xxxx xxxx xxxx xxxx ..............
Best Regards. Eiji Hmanao
More information about the Blueonyx
mailing list