Re: apache / exe process taking 99 % cpu
On Mon, Aug 30, 2004 at 03:50:35PM +0200, Timo Veith wrote:
> My question is, have I been hacked?
Probably. Do you run PHP? Buggy PHP scripts are a common attack vector
these days.
> Could that be a CGI program gone wild?
Yes, if the "pid changes" you noted are just independent processes. Less
likely, if these are intentional fork()/exit() tricks done by one
process (of course unless you don't trust your users).
> Of course I could stop apache, but that's not what I want. I'd like to
> figure out where this comes from.
try "ls -l /proc/PID" and "ls -l /proc/PID/fd", these may reveal some
useful information. Also run chkrootkit.
Marcin
--
Marcin Owsiany <porridge@debian.org> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
Reply to: