[BlueOnyx:06709] Re: [bluequartz] Re: cced gone wild
Gerald Waugh
gwaugh at frontstreetnetworks.com
Wed Mar 16 22:45:56 -05 2011
On Wed, 2011-03-16 at 23:25 -0400, Abdul Rashid Abdullah wrote:
> Thanks. I tried that already. With the dfix and denyhosts running, it
> usually takes care of most of those automatically. In this case, I didn't
> find anything too excessive. Just the normal amount of activity. I am
> still stumped.
Rashid,
Are you sure the server hasn't been compromised?
scrutinize the files/directories in 'ls -la /tmp'
Also maybe look at 'ps aux'
and see if there might be processes '/usr/local/httpd'
Gerald
More information about the Blueonyx
mailing list