Help my server is doing a DoS on google

Neil Watson tlug-neil-8agRmHhQ+n2CxnSzwYWP7Q at public.gmane.org
Fri Feb 10 23:04:21 UTC 2006


On Fri, Feb 10, 2006 at 05:59:11PM -0500, Robert F. Kennedy wrote:
>My RH9 updated (now) server running Apache, Postfix, Mailman (older
>version), Mambo(older version) (PHP & MySQL), and DNS is sending out hits to
>www.google.com at a crazy rate. When I do a Top command there are many Perl
>processes running under user Apache. I've been notified by a group that
>reports abuse that it is an irc bot let in through a file called xx.txt.
>I've been searching for solutions to this problem but so far all I've gotten
>is that I must update Mambo. I'll do that but is there any other way in the
>meantime to kill the source of these DOS attacks coming from my server?

First, unplug it from the network.  If your server has been compromised
the only safe procedure is to the format the drive and reinstall the OS.

-- 
Neil Watson               | Gentoo Linux
Network Administrator     | Uptime 20 days
http://watson-wilson.ca   | 2.6.11.4 AMD Athlon(tm) MP 2000+ x 2
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list