FWIW I moved my ssh to a non standard port and virtually eliminated all attacks on my server via ssh. You can also use OSSEC which locks out IP addresses after a certain number of failed attempts at either login, forbidden or non existent pages.
On 01/12/2011 04:35 PM, Tony White wrote: > Hi, > you might try "pstree -a | less" to show you the command line > arguments and paths > of all running processes. This might give you a clue at least to where > the source > file can be found! > > > On 13/01/2011 11:06 AM, Mike Canty wrote: >> Eric, >> Is it still a DoS attack, when I can get someone to run "top" find >> the PID and kill that single process to restore connectivity? >> >> Cheers >> >> -----Original Message----- >> From: Eric Shubert [mailto:e...@shubes.net] >> Sent: Thursday, 13 January 2011 9:55 AM >> To: qmailtoaster-list@qmailtoaster.com >> Subject: [qmailtoaster] Re: Apache issues >> >> On 01/12/2011 03:16 PM, Mike Canty wrote: >>> To all, >>> >>> I have a server that is having some problems with some "apache" >>> services.The machine appears to have a runaway process that takes up >>> just over 20% of the CPU, but this is enough to stop all mail and to a >>> certain extent network as well. >>> >>> The problem for me is this machine is at a remote site. When this >>> process runs away, I cannot connect to the network remotely, to resolve >>> the issue, I need to get someone internally to log on to the server >>> itself and kill the process. >>> >>> When I say "Apache", that is the user listed against the process, so it >>> must be some form of web service.The command at fault is either >>> "std" or >>> "s", although I have seen a "perl" command giving issues as well, but >>> not to the same effect. >>> >>> Does anyone have any idea what may be causing this?Or what I can do to >>> rectify? >>> >>> Cheers >>> >>> Mike Canty >>> >> From what you've said, it sounds a little like a DoS attack. It >> sounds >> as though the problem process is saturating the network. >> >> What sort of firewall, internal to QMT as well as external, is involved? >> > -- Cecil Yother, Jr. "cj" cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 | http://yother.com Check out the new Volvo classified resource http://www.volvoclassified.com --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com