> usage. I ran "top" and there it was 4-5 httpd ps (/usr/sbin/httpd -f
> /etc/httpd/conf/httpd.confthat) where using all cpu, and some of them had
> been running for 3-4h.
Sounds like something went loopy - this could be a bad CGI script or a
database problem. If you are developing Tomcat/JSP, this can occur on a
regular basis.
> Looking around in files and folders i found in /var/log/httpd/ a
> LARGE error
> file:
>
> -rw-r--r-- 1 root root 2147 483 647 Sep 18 21:06 error (almost
> 2000 mb?)
Woah! Not even that new worm could create such a large file so quickly. Is
it being rotated? Do a "tail -n 500 error" to see the last 500 lines. Do a
"head error" to see when the file was created (RaQs don't have the handy
"stat" command). Is it being log-rotated properly? Is someone trying some
kind of denial of service attack? You are going to see a *lot* hit attempts
from the new worm in this file, but again... I don't think it's the primary
cause.
Pete.
__________________________________________________
Vito - Cobalt Server Appliance Monitor and Manager
http://vito.pointclark.net
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
