Re: we were attacked
> On Sat, Apr 08, 2006 at 02:03:49AM +0300, Juha-Matti Tapio wrote:
>> Problems like this aren't simple to diagnose on webhosting
>> environments.
>
> actually, they're not that hard - you can find most of them by grepping
> for half a dozen or so likely strings in the apache access log - "wget",
> "curl", "snarf", "/bin/sh", "/bin/perl", ";", and as a last resort,
> "%20" (for encoded space characters which nearly all shell exploits will
> have in them)
Actually - it IS that hard!
If you have 1000 requests per second on a box - and these are dynamic
requests, NOT just for index.html.....
Although I too am not a friend of this type of diagnosis, it is often the
fastest and easiest way to work out what is happening...
Especially when management is standing behind you - there are many
'BETTER' ways, but try and do them all correctly with the shadow of your
boss over your table...
Oh well - I hope our ramblings have help our initial poster a little...
Andrew
Reply to: