Re: Am I compromised
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
R. W. Rodolico on Friday 25 Nov 2005 22:13 wrote:
> I'm sure others will have much better suggestions (I'm not very good
> at this) but until they write in:
>
> A: Why not just killall httpd and see what happens
> B: Have you shut down the box and restarted it? Looks like quite a
> few defunct things going. I have had times when zombies beat the
> fire out of me and a reboot was all I could think of.
>
> If either of these work, watch the box closely.
>
This is what I had done:
1) Stopped the apache2 service.
2) Still found a non-existent /usr/sbin/httpd process running. Killed it. It
got killed.
3) Re-started the apache2 service. It worked fine.
4) But after some minutes, the problem was restarted.
The root-cause was vulnerable copies of awstats installed improperly on my
server by the other admin (for details read my other posts)
Thanks for replying.
Regards,
rrs
- --
Ritesh Raj Sarraf
RESEARCHUT -- http://www.researchut.com
Gnupg Key ID: 04F130BC
"Stealing logic from one person is plagiarism, stealing from many is
research."
"Necessity is the mother of invention."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDh0xE4Rhi6gTxMLwRArD0AKCXe3xAwgBJ0vA+EuHFtjsqiJuZEACfT2ne
ZoW/NR+l6OA5/KjpCXL4rvc=
=653m
-----END PGP SIGNATURE-----
Reply to: