Help my server is doing a DoS on google

Eric.Malenfant-xNZwKgViW5gAvxtiuMwx3w at public.gmane.org Eric.Malenfant-xNZwKgViW5gAvxtiuMwx3w at public.gmane.org
Fri Feb 10 23:05:06 UTC 2006


Robert, 

Check and disable rpcxml.php for Mambo - was a known issue (also with
postnuke)

You should look in /tmp for any executable files, then run 'lsof' and
see which port this 
binary opened.

Regards,
Eric Malenfant, NSA, CCSE+, RHCE + RH423, CCNA
 

-----Original Message-----
From: owner-tlug-lxSQFCZeNF4 at public.gmane.org [mailto:owner-tlug-lxSQFCZeNF4 at public.gmane.org] On Behalf Of ext
Robert F. Kennedy
Sent: Friday, February 10, 2006 5:59 PM
To: tlug-lxSQFCZeNF4 at public.gmane.org
Subject: [TLUG]: Help my server is doing a DoS on google

Hello,

My RH9 updated (now) server running Apache, Postfix, Mailman (older
version), Mambo(older version) (PHP & MySQL), and DNS is sending out
hits to www.google.com at a crazy rate. When I do a Top command there
are many Perl processes running under user Apache. I've been notified by
a group that reports abuse that it is an irc bot let in through a file
called xx.txt.
I've been searching for solutions to this problem but so far all I've
gotten is that I must update Mambo. I'll do that but is there any other
way in the meantime to kill the source of these DOS attacks coming from
my server?

Thanks for any assistance,
Robert
Toronto

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to
UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list