[BlueOnyx:06710] Re: [bluequartz] Re: cced gone wild
Abdul Rashid Abdullah
webmaster at muntada.com
Wed Mar 16 23:21:27 -05 2011
Did the /tmp check already earlier as well. Ps aux doesn't turn up anything
unusual nor any /usr/local/httpd processes
The biggest thing I see is that if I let the /etc/cron.d/dfix.cron run, then
it quickly contributes to several cced processes spawning in a short period.
Whereas, if I prevent the cron job from running, kill the secondary cced
processes, it appears to run without any spawning of these processes keeping
the cpu down.
On 3/16/11 11:45 PM, "Gerald Waugh" <gwaugh at frontstreetnetworks.com> wrote:
>
> On Wed, 2011-03-16 at 23:25 -0400, Abdul Rashid Abdullah wrote:
>> Thanks. I tried that already. With the dfix and denyhosts running, it
>> usually takes care of most of those automatically. In this case, I didn't
>> find anything too excessive. Just the normal amount of activity. I am
>> still stumped.
>
> Rashid,
>
> Are you sure the server hasn't been compromised?
> scrutinize the files/directories in 'ls -la /tmp'
>
>
> Also maybe look at 'ps aux'
> and see if there might be processes '/usr/local/httpd'
>
> Gerald
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
>
More information about the Blueonyx
mailing list