[BlueOnyx:06708] Re: [bluequartz] Re: cced gone wild
Abdul Rashid Abdullah
webmaster at muntada.com
Wed Mar 16 22:25:12 -05 2011
Thanks. I tried that already. With the dfix and denyhosts running, it
usually takes care of most of those automatically. In this case, I didn't
find anything too excessive. Just the normal amount of activity. I am
still stumped.
On 3/16/11 10:40 PM, "Eiji Hamano (bluequartz)" <bluequartz at hypersys.ne.jp>
wrote:
>>> Steady, linear rise in new processes created on the server, 2 every 5
>>> minutes
>
> I also have the same experience.
> Following steps were always escaped from my BO crisis.
>
> 1. Search for unusual extensive access.
> tail -200 /var/log/secure
>
> 2. If you find the IP address, DROP it on you server.
> /sbin/iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
>
> 3. Using a TOP command, Obtain the IDs of invalid new processes.
> Then, KILL new processes.
> kill -9 xxxx xxxx xxxx xxxx xxxx ..............
>
> Best Regards. Eiji Hmanao
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
>
More information about the Blueonyx
mailing list