[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is this an attack?

On 12/07/2010 01:40 PM, Rodolfo Barbosa wrote:
> Every time that my internet access gets down, I see an weird
> process called 'std' or 'S' always running by www-data user
> that consumes all the machine process and network resources.
> Is this any know attack? I need to get good arguments to
> convince the users of this server to allow me to get it
> upgraded.

sounds like an exploited webapp (e.g. php) where a user managed to start
a process as the www-data user.

simply upgrading the server will not make exploits like this go away.
you should check your apache logfiles (do not forget about the error
logs) and look for any suspicious output (e.g. wget output).

DI (FH) Raoul Bhatia M.Sc.          email.          r.bhatia@ipax.at
Technischer Leiter

IPAX - Aloy Bhatia Hava OG          web.          http://www.ipax.at
Barawitzkagasse 10/2/2/11           email.            office@ipax.at
1190 Wien                           tel.               +43 1 3670030
FN 277995t HG Wien                  fax.            +43 1 3670030 15

Reply to: