apache / exe process taking 99 % cpu
Hi list,
I have a apache process which takes 99 % cpu. Its not common that a apache
proc takes that much cpu on this system. I noticed it on my rrd load and
cpu usage graph. It's on since yesterday about 22:00.
top also lists the process with a name of "exe". Running under the user id
of www-data. I couldn't find it with ps auwwx until I tried some other
params of ps. It looks to me like if it the process is somehow
camouflaged. Could that be?
root@gandalf [~] ps -l -C exe
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
040 R 33 6358 1 89 77 0 - 370 - ? 00:00:04 exe
root@gandalf [~] ps -lf -C exe
F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY
TIME CMD
040 R www-data 6360 1 95 79 0 - 370 - 15:47 ?
00:00:04 /usr/sbin/apache
I tried to strace the process, but I have to be fast. The pid changes
every 15 seconds, according to top.
root@gandalf [~] ps -l -C exe
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
040 R 33 6398 1 99 77 0 - 370 - ? 00:00:03 exe
root@gandalf [~] strace -p 6398
--- SIGALRM (Alarm clock) ---
As you can see, the process seems do die with SIGALARM.
My question is, have I been hacked? Could that be a CGI program gone wild?
Of course I could stop apache, but that's not what I want. I'd like to
figure out where this comes from.
TIA
Timo
Reply to: