Register or have you forgotten your password?
Get the most out of Surmunity, read our tips here! Need an interesting blog to read? You've got to read the Surpass Blog!
| Welcome! Please register to access all of our features.
| Private Hosting Questions about VPS, dedicated servers and colocation. |
 |
|
|
LinkBack | Thread Tools | Search this Thread |
May 8th, 2006, 4:37 PM
|
#20 (permalink) |
|
says GIMME SOME MORE!
Resident.
Joined in Mar 2004
Lives in fear of Obama.
Hosted on Pass 7
13,092 posts
Gave thanks: 8
Thanked 34 times
|
Yeah, I get the same list when I run that on mine, too. It even tells you that it's going to find stuff that isn't what it's looking for.
__________________
|
|
    
|
|
May 8th, 2006, 5:55 PM
|
#21 (permalink) | |
|
Surpass Fan
Comfy Contributor
Joined in May 2004
125 posts
Gave thanks: 0
Thanked 0 times
|
i find this after the server last down time, but it is not the repeated issue
Quote:
The reapeted issue is:- 3-i can diagnose the issue as the following A-the server load is under 1 or 2 all the time B-suddnly in a random unkown time the server load is jumbed to 10 and after 1 second to load 13 and afrer 1 second to load 16 and after 1 second to load 20 ..and so on up to server load 40 or 60!., then the server go down then cpanel and SSH are offline with me and i can not know what i shoud do after this point. C-during the server load jumbing over server load 5 or 10, which i do is ----> loginng via SSH and typing "mysqladmin proc stat" if i find this line unauthenticated user | localhost | then i type via SSH "tail -500 /usr/local/apache/logs/access_log" when i see the log i should find the IP that have many correntions lines, some time is see IP that repeated 2~7 times, then i type via SSH "apf -d 66.220.**.***" which block this IP, 60% of the times the server load go downgrading from server load 40 and after 1 sercond to 35 and after 1 sercond to 30 and so on untill the normal server load., the issue is 40% or %50% of the attacks times i find that after blocking the first 1~3 Ip(s) i find that after typing "tail -500 /usr/local/apache/logs/access_log" again i find another IP(s), so i need to be all the time neer the server checking and blocking IP(s), i'am really do not know if this steps is the right way or i'am not blocking the correct attacker IP(s), and is it easy to anyone to make the server load go from 1 to 90 while the server have a scripts that should protect this activity(the support telling me many times that thay have installed scripts that protect this but after 1 or 2 days the attack start again and the server load start jumping again).
__________________
Gool |
|
|
|
|
|
May 10th, 2006, 2:01 AM
|
#22 (permalink) |
|
minor deity
Super #1
Joined in Apr 2004
Lives in Georgia
Hosted on XEON
7,387 posts
Gave thanks: 28
Thanked 94 times
|
use an off-site system like housecall.trendmicro.com too. if you have trouble running that on an XP machine, it's because the XP machine is likely compromised.
John
__________________
Proud to be a Surmunity Mod! XEON Make a fundamental difference! My Sites: Curious about Brewing Beer? Join the community! >>>>> Some Change is GOOD! Keep your paycheck! Support the Fair Tax Get into an Art museum Victorian London It's your brain -ON WEB - mybrainhost.com (under development) What SHOULD Government do? Much Less than it Does! |
|
|
|
|
May 10th, 2006, 2:22 AM
|
#23 (permalink) | |
|
says GIMME SOME MORE!
Resident.
Joined in Mar 2004
Lives in fear of Obama.
Hosted on Pass 7
13,092 posts
Gave thanks: 8
Thanked 34 times
|
Quote:
__________________
|
|
|
|
|
