Help my server is doing a DoS on google

Robert F. Kennedy rfk-R6A+fiHC8nRWk0Htik3J/w at public.gmane.org
Fri Feb 10 23:52:56 UTC 2006 

Thanks for the help.

I couldn't find rpcxml.php but I did find xx.txt in /tmp. I deleted it and
killed the one perl process. So far it hasn't started again. Could this
problem be over or do I need to take further measures? (Besides upgrading
Mambo when mamboforge.net comes back online, of course).

Thanks,
Robert



-----Original Message-----
From: owner-tlug-lxSQFCZeNF4 at public.gmane.org [mailto:owner-tlug-lxSQFCZeNF4 at public.gmane.org] On Behalf Of
Eric.Malenfant-xNZwKgViW5gAvxtiuMwx3w at public.gmane.org
Sent: February 10, 2006 6:05 PM
To: tlug-lxSQFCZeNF4 at public.gmane.org
Subject: RE: [TLUG]: Help my server is doing a DoS on google

Robert, 

Check and disable rpcxml.php for Mambo - was a known issue (also with
postnuke)

You should look in /tmp for any executable files, then run 'lsof' and see
which port this binary opened.

Regards,
Eric Malenfant, NSA, CCSE+, RHCE + RH423, CCNA
 

-----Original Message-----
From: owner-tlug-lxSQFCZeNF4 at public.gmane.org [mailto:owner-tlug-lxSQFCZeNF4 at public.gmane.org] On Behalf Of ext Robert
F. Kennedy
Sent: Friday, February 10, 2006 5:59 PM
To: tlug-lxSQFCZeNF4 at public.gmane.org
Subject: [TLUG]: Help my server is doing a DoS on google

Hello,

My RH9 updated (now) server running Apache, Postfix, Mailman (older
version), Mambo(older version) (PHP & MySQL), and DNS is sending out hits to
www.google.com at a crazy rate. When I do a Top command there are many Perl
processes running under user Apache. I've been notified by a group that
reports abuse that it is an irc bot let in through a file called xx.txt.
I've been searching for solutions to this problem but so far all I've gotten
is that I must update Mambo. I'll do that but is there any other way in the
meantime to kill the source of these DOS attacks coming from my server?

Thanks for any assistance,
Robert
Toronto

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to
UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to
UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list