Re: Is this an attack?
On 12/07/2010 01:40 PM, Rodolfo Barbosa wrote:
> Every time that my internet access gets down, I see an weird
> process called 'std' or 'S' always running by www-data user
> that consumes all the machine process and network resources.
> Is this any know attack? I need to get good arguments to
> convince the users of this server to allow me to get it
sounds like an exploited webapp (e.g. php) where a user managed to start
a process as the www-data user.
simply upgrading the server will not make exploits like this go away.
you should check your apache logfiles (do not forget about the error
logs) and look for any suspicious output (e.g. wget output).
DI (FH) Raoul Bhatia M.Sc. email. email@example.com
IPAX - Aloy Bhatia Hava OG web. http://www.ipax.at
Barawitzkagasse 10/2/2/11 email. firstname.lastname@example.org
1190 Wien tel. +43 1 3670030
FN 277995t HG Wien fax. +43 1 3670030 15