Help my server is doing a DoS on google
Peter
plp-ysDPMY98cNQDDBjDh4tngg at public.gmane.org
Fri Feb 10 23:38:37 UTC 2006
On Fri, 10 Feb 2006, Neil Watson wrote:
> On Fri, Feb 10, 2006 at 05:59:11PM -0500, Robert F. Kennedy wrote:
>> My RH9 updated (now) server running Apache, Postfix, Mailman (older
>> version), Mambo(older version) (PHP & MySQL), and DNS is sending out hits
>> to
>> www.google.com at a crazy rate. When I do a Top command there are many Perl
>> processes running under user Apache. I've been notified by a group that
>> reports abuse that it is an irc bot let in through a file called xx.txt.
>> I've been searching for solutions to this problem but so far all I've
>> gotten
>> is that I must update Mambo. I'll do that but is there any other way in the
>> meantime to kill the source of these DOS attacks coming from my server?
>
> First, unplug it from the network. If your server has been compromised
> the only safe procedure is to the format the drive and reinstall the OS.
Actually he could block outgoing packets to google in the firewall as a
stopgap measure for now imho. There is no valid reason for a normal
server to access google at all, barring fancy aggregated search scripts.
Peter
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list