Guys, apache cpus usage is hitting 100% sometimes ( to such an extent that its
very noticeable) on a box with just 8 users or so.
i m getting this when i run 'top'. The worrying thing is seeing the work
'atack' under command
PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND
sorry typos amended
Guys, apache's cpu usage is hitting
100% sometimes ( to such an extent that its
very noticeable)
on a box ( 2gb ram) with just 8 users or so. This newver happended before.
i m getting this when i
run 'top'. The worrying thing is seeing the word 'atack'
under
c
> >
> some google foo shows this is a WINDOWS exploit not a linux one.
>
> http://www.linuxquestions.org/questions/slackware-14/analyzing-apache-logs-174552/
> ___
yes, william, i saw those links when i googledi too did no think it related
to
reply below
- Original Message
> From: John R. Dennison
> To: CentOS mailing list
> Sent: Wednesday, June 3, 2009 11:43:46 AM
> Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell
>
> On Tue, Jun 02, 2009 at 08:23:16PM -0700, Linux Advocate
My replies below i m just so down in the dumps nowaaah
- Original Message
> From: Neil Aggarwal
> To: CentOS mailing list
> Sent: Wednesday, June 3, 2009 1:38:05 PM
> Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell
>
> The original poster stated
- Original Message
> From: Anne Wilson
> On Wednesday 03 June 2009 06:09:37 John R. Dennison wrote:
> > He's running an apache instance on cent5. He has processes he
> > can not readily identify running under apache named "atack";
> > where does "windows" co
>
> as an aside? did he say if he even looked on the net for anything related to
> this??
i tried googling for 'centos apache atack" but did not get anything
substantial.
i tried locating a binary file called ' atack' but got nothing.
___
- Original Message
> From: John R. Dennison
>
> I stand by my previous advice - the box is compromised, can not
> be trusted, and as a responsible admin he should be working on
> re-installing it, evaluating what web-apps he had running that
> led to this in the firs
BRUCE U ARE A F*** GENIUS MAN !
u were right brothanx for spending the time on this man
more info below !
- Original Message
> From: bruce
> To: linuxhous...@yahoo.com
> Sent: Wednesday, June 3, 2009 9:53:24 PM
> Subject: RE: [CentOS] Centos 5.3 -> Apache
> On Wed, Jun 3, 2009 at 6:32 PM, Frank M. Ramaekers
> wrote:
> > Anyone have any idea as to why setroubleshootd would be dominating the
> > system:
> >
> > PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND
> > 2371 root 25 0 1884m 1.8g 4100 R 100.2 44.7 680:06.40
> > se
Matt, great idea I FOUND SOMETHING... pls see below...
>From: Matt
>To: CentOS mailing list
>Sent: Thursday, June 4, 2009 4:40:57 AM
>Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell
>PID USER PR NI VIRT RES SHR S %CPU %MEM
replies below...
- Original Message
> From: Ralph Angenendt
> To: centos@centos.org
> Sent: Saturday, June 13, 2009 2:46:40 PM
> Subject: Re: [CentOS] setrubleshootd dominating
>
> Linux Advocate wrote:
> >
> > > strace -p And see what it is doing?
- Original Message
> From: bruce
> To: CentOS mailing list
> Sent: Thursday, June 4, 2009 3:20:24 AM
> Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell
>
> and if you don't figure out what caused the issue...
working on it bro
:)
one of the pointers here w
- Original Message
> From: William L. Maltby
> To: CentOS mailing list
> Sent: Thursday, June 4, 2009 12:56:22 AM
> Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell
>
>
> On Wed, 2009-06-03 at 09:33 -0700, Linux Advocate wrote:
>
replies below...
- Original Message
> From: Filipe Brandenburger
> To: CentOS mailing list
> Sent: Saturday, June 13, 2009 9:58:51 PM
> Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell
>
> I suggest you start by looking at Apache's logs,
Filipe, good idea.
john, replies below...
> Linux Advocate wrote:
> > DID THIS GUY ACTUALLY SAVE A FILE ON MY HARD DISK???
> > AA???
> >
> > Was this why rkhunter popped out with this warning?
> >
> > * Filesystem checks
&g
> cmdshell.php)
> > ? The horde framework was installed from the centos repo.!!!
> >
> I don't think the horde set on CentOS is very current. I just used the tarball
> from the horde website, and I keep it current.
ok. its just that with centos being a redhat clone and so on. all the rpm
thanx guys. Lets close this thread. bye.
- Original Message
> From: Scott Silva
> To: centos@centos.org
> Sent: Thursday, June 18, 2009 2:36:27 AM
> Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell
>
> on 6-16-2009 10:26 PM Linux Advocat
> > [Normal log stuff from dictionary attack deleted...]
>
> This is common, and, presuming you have good passwords or only
> accept authorized_keys, not a real problem other than large log
> files.
>
> Look at fail2ban for a method that will automatically add
> iptables blocks when this occurs
>
> That program would then, upon receiving a 'sniff' or 'user' would then add
> that ip to the deny hosts lists..for either a long or short time.
>
> Using this would seem like a win as you can easily grab someone before they
> can get somewhere one hopes.
> Also, by opening up a few other
get ;
1. fail2ban - it blocks failed login ips etc
2. get shorewall or any iptables front end and restrict ips to the ranges u
need ( or even specific ips)
3. run ssh on a nonstandard port
4. good, long password
these steps will go a long way and will get u started.
- Original Message -
taling abt piranha... i understand that its LVS + webfrontend and is suitable
fro webpages and so on. What do we need to make it as a LAMP cluster, i.e with
a mysql HA backend as well.
So-> HA of [ LoadBalancer + Apache + MySQL}
Any ideas guys?
From: fmb fmb
: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf
Of Linux Advocate
Sent: Sunday, June 28, 2009 11:18 PM
To: CentOS mailing list
Subject: Re: [CentOS] 2 servers cluster
taling abt piranha... i understand that its LVS + webfrontend and is suitable
fro webpages and so on
ww.JAMMConsulting.com
>100% uptime for your e-commerce site! Stay fully
>operational
>even with a db server failure. Ask me about the GRed
>database.
>
>
>
____
From: centos-boun...@centos.org
>> [mailto:centos-boun...@centos.org] On B
same here. i really must thank dag wiers and gang for all the good work. But If
epel and rpmforge can work together , that's great.
- Original Message
> From: Ron Loftin
> To: CentOS mailing list
> Sent: Tuesday, June 30, 2009 3:13:33 AM
> Subject: Re: [CentOS] Dag's comment at linu
beranger...@yahoo.com... , u have a problem with dag...and now it looks like u
have a problem with linus torvalds himself u talk abt the need for
cooperation,etc but you apparently dont get that 'you have to give respect
to get respect' & 'give cooperation to get cooperation'
relax br
Niki, could u tell me howto build frm SRPM? i am not good at this area and
would like to learn this.
- Original Message
> From: Niki Kovacs
> To: CentOS mailing list
> Sent: Tuesday, June 30, 2009 5:11:54 PM
> Subject: Re: [CentOS] Dag's comment at linuxtag
>
> David Hrbác a écrit
david, could u tell me how to build frm SRPMS. i m not good in this area and
would like to improve.
- Original Message
> From: David Hrbác(
> To: CentOS mailing list
> Sent: Tuesday, June 30, 2009 5:52:37 PM
> Subject: Re: [CentOS] Dag's comment at linuxtag
>
> Niki Kovacs napsal(a
>
> Rather than dumping *even more work* on the core CentOS project (who are
> already clearly struggling to provide even the core distro at present),
> why doesn't everyone do as Dag suggested, and adopt a handful of
> packages and help maintain them at rpmforge for the benefit of everyone.
great. thanx.
- Original Message
> From: Robert Heller
>could u tell me howto build frm SRPM? i am not good at this area and
> would like to learn this.
>
> Simple form (should work with most packages):
>
> # rpmbuild --rebuild package-version-release.srpm
>
> 'man rpmbuild' for m
>
> On Tue, Jun 30, 2009 at 14:18, Linux Advocatewrote:
> > could u tell me howto build frm SRPM? i am not good at this area and would
> like to learn this.
>
> This article in the Wiki should get you going...
> http://wiki.centos.org/HowTos/RebuildSRPM
>
> HTH,
> Filipe
thanx.
_
can dag & karanbir sort of sum up this thread as to how list members can work
together on improving all the additional non-redhat-originated packages from
rpmforge,etc.
As for radu-cristian, relax bro. As for others (myself included), lets all
chill out. this thread should not
evolve into p
>
> enough is enough already.
>
> can some centos admin please discipline, ban and/or get rid of Radu-Cristian
> FOTESCU aka beranger...@yahoo.ca
>
> please?
>
> not only has he physically threatened a contributor, his language & behavior
> are more than inappropriate for such a profess
guys,
i have installed mailscanner, spamassassin, etc on my machine. This was done
sometime ago. Some of these rpms i got not frm centos repos.
What command ( or yum command ) can i use to find out which repo did this
installled package come from.
yum info packagename just says;
repo : ins
Frank,
> On Mon, 03 Aug 2009 23:33:52 -0700 (PDT)
> Linux Advocate wrote:
>
> > What command ( or yum command ) can i use to find out which repo did this
> installled package come from.
>
> rpm -qi packagename
>
>
# rpm -qi spamassass
>
> > What command ( or yum command ) can i use to find out which repo did this
> installled package come from.
>
> rpm -qi packagename
# rpm -qi mailscanner
Name: mailscanner Relocations: (not relocatable)
Version : 4.74.13 Vendor:
Guys,
i have heard of vispan, phplistadmin, spamstat from the mailscanner manual and
would like to experiment with them.
1. Any thoughts on them? ( i am trying to avoid mailwatch bcos i think vispan
is better fit for reporting)
2. I have googled for their centos rpms but no luck? Any ideas whe
>
> Yes, I have found this is a limitation of yum. It would be nice if the
> information about the source repository could be stored somewhere.
>
> If these were installed after the initial OS installation, and you haven't
> done a yum clean, you might be able to glean some info from the cache
- Original Message
> From: William L. Maltby
> To: CentOS mailing list
> Sent: Tuesday, August 4, 2009 4:15:40 PM
> Subject: Re: [CentOS] firewall question
>
> On Mon, 2009-08-03 at 17:39 -0500, Lanny Marcus wrote:
> >
>
> > Or IPcop?
> >
> >
> > BTW, Scott and other IPCop users
> Guys,
>
> i have heard of vispan, phplistadmin, spamstat from the mailscanner manual
> and
> would like to experiment with them.
>
> 1. Any thoughts on them? ( i am trying to avoid mailwatch bcos i think vispan
> is
> better fit for reporting)
> 2. I have googled for their centos rpms b
guys, i have the yum plugin -> fastest mirror . But not even once i have seen
it selecting repos which are near my region such as japan or australia ( where
i get the best speeds). Something is wrong.
It seems stuck with these 3 sites ;
Determining fastest mirrors
* ftp-stud.fht-esslingen.de :
i have tried yum clean all , yum clean metadata
- Original Message
> From: Linux Advocate
> To: CentOS mailing list
> Sent: Saturday, August 22, 2009 8:56:37 PM
> Subject: [CentOS] fasttest mirror -doesnt seem to pick sites near my region
>
> guys, i h
> Hi Linux Advocate,
>
> I have found this a problem for the Australian servers I manage as
> well. I suggest you manually test the speed of some local mirrors then
> manually specify a mirror rather than relying on the fastest mirror
> plugin.
>
> If your ISP mirr
>
> inetnum: 60.48.0.0 - 60.54.255.255
> netname: XDSLSTREAMYX
> descr:Telekom Malaysia Berhad
> descr:Network Strategy
> descr:Wisma Telekom
> descr:Jalan Pantai Baru
> descr:50672 Kuala Lumpur
> country: MY
>
> .
>
> A couple differe
> John R Pierce wrote:
> > fwiw, it appears "linux advocate" is sending his email from a Malaysia
> > IP per the email headres...
> >
> > $ whois 60.50.xxx.yyy
> > [Querying whois.apnic.net]
> > [whois.apnic.net]
> > % [whois.apn
> >
> #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
> > baseurl=ftp://mirror.internode.on.net/pub/centos/$releasever/os/$basearch/
> > gpgcheck=1
> > gpgkey=ftp://mirror.internode.on.net/pub/centos/RPM-GPG-KEY-CentOS-5
> >
> > Regards,
> > Oliver
>
> I h
>
> If you take a look in /etc/yum.repos.d/ you will see a number of
> files. There should be example baseurl lines in the repo files which
> will be commented out by default. Here's an example of how I use this
> to manually use my local ISPs mirror for the base repo:
>
> [base]
> name=Ce
> >
> >
> > my repos are configured to use mirrorlist. how do i add mirrors
> > manually?
> >
>
> If you take a look in /etc/yum.repos.d/ you will see a number of
> files. There should be example baseurl lines in the repo files which
> will be commented out by default. Here's an example of
> #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
> >> baseurl=ftp://mirror.internode.on.net/pub/centos/$releasever/os/$basearch/
> >> gpgcheck=1
> >> gpgkey=ftp://mirror.internode.on.net/pub/centos/RPM-GPG-KEY-CentOS-5
> >>
> >> Regards,
> >> Oliver
> >
> >
>
> I maintain the RPM that is used as part of CentOS Extras and that we use
> on the CentOS servers in question.
>
> I did some major work on the app that CentOS uses for mirrorlists and
> isolists over the weekend. Especially in the AP region, as we have
> picked up some mirrors there recentl
my region
>
> Linux Advocate wrote:
> > johny, thanx for the link.
> >
> > i think 'my' should point to jp, cn, tw, au,sg. the setup u have there is
> >
> ;)
> >
>
> do all ISP's in .MY use the same peering/trunking or do
> > Vendor: Fedora Project
>
> If (Vendor == Fedora Project) then repo is epel
> if (Vendor == Centos) then repo is Centos
> if (Vendor == Dag Apt Repository) repo is rpmforge
>
>
useful info. thanx.
___
CentOS mailing list
CentOS@centos.or
- Original Message
> From: John Doe
> To: CentOS mailing list
> Sent: Wednesday, February 18, 2009 5:40:48 PM
> Subject: Re: [CentOS] realtime backup
>
>
> From: CentOS List
> > I had a cfml application running on mysql database. Can some suggest a
> > realtime backup solution via
in /etc/postfix/main.cf , set myorigin=$mydomain and not as $myhostname.
From: Xia Guowen
To: centos@centos.org
Sent: Tuesday, February 24, 2009 2:07:38 PM
Subject: [CentOS] Mail from domain problem
Hi,
I installed a CentOS 4.7 server,
the system
Guys,
What repo has rpms for mailscanner, clamav and spamassasin?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Guys, what is the best way of arranging the repos with regards to their
priority? Any ideas, especially for all non base ones?
/etc/yum.repos.d/CentOS-Base.repo - priority = 1, 2
/etc/yum.repos.d/atrpms.repo
/etc/yum.repos.d/epel.repo
/etc/yum.repos.d/kbs-extras.repo
/etc/yum.repos.d/kbs-misc
from the rpmforge
repo?
- Original Message
> From: Ned Slider
>
> Linux Advocate wrote:
> > Guys,
> >
> > What repo has rpms for mailscanner, clamav and spamassasin?
> >
>
> RPMforge has clamav and spamassassin, but not mailscanner.
>
>
replies below...
> On 2/27/09, Linux Advocate wrote:
> > Guys, what is the best way of arranging the repos with regards to their
> > priority? Any ideas, especially for all non base ones?
> >
> > /etc/yum.repos.d/CentOS-Base.repo - priority = 1, 2
> >
>
> On Fri, Feb 27, 2009 at 9:09 AM, Lanny Marcus wrote:
> > On 2/27/09, Linux Advocate wrote:
> >> Guys, what is the best way of arranging the repos with regards to their
> >> priority? Any ideas, especially for all non base ones?
> >>
> >> /et
>
> On Thu, Feb 26, 2009, Joseph L. Casale wrote:
> > I need to setup HylaFax which leads to my first question, anyone
> > got an opinion on whether or not to use HylaFax or HylaFax+?
>
> We use Hylafax together with Avantfax and are very pleased with the
> results. I cannot speak to HylaFax+
Thanx kal, and to all who replied. i have understood the issue better.
>
> > /etc/yum.repos.d/atrpms.repo
> >
> > /etc/yum.repos.d/epel.repo
> >
> > /etc/yum.repos.d/kbs-extras.repo
> > /etc/yum.repos.d/kbs-misc.repo
> >
> > /etc/yum.repos.d/rpmforge.repo
>
> you can put rpmforge at 10 and
> Craig White wrote on Fri, 27 Feb 2009 07:46:47 -0700:
>
> > you can get clam* and newer spamassassin rpms from rpmforge
>
> I suggest rolling your own SA. It's as simple as downloading the tarball
> and rebuilding it with the included spec file. It's a simple one-line
> command and docume
Guys, i have just installed ( after reading
the docs on the mailscanner site and centos lists ) Mailscanner, and was
wondering
a.) How do i test my installation? is there some sample spam/ virus messages
that can be used to test.
b.) MailScanner -V shows;
b.1)
LibClamAV Warning: **
- Original Message
> From: Michael Klinosky
>
> The X wiki suggested that I try adding this to /etc/X11/xorg.conf:
> Section "ServerFlags"
> Option "AllowMouseOpenFail" "1"
> EndSection
>
> Using "cat xorg.conf", I seeSection "InputDevice" , which refers
> to the S
thanx.
- Original Message
> From: "tdu...@sc.rr.com"
> To: CentOS mailing list
> Cc: Linux Advocate
> Sent: Saturday, February 28, 2009 11:38:35 PM
> Subject: Re: [CentOS] mailscanner installation - centos 5.2 - rpmforge +
> vanderkooij rpms
>
>
> >
> Actually, it is a rather OS dependent package and the rules for CentOS
> are difficult to write. That really doesn't belong on the fail2ban list
> either.
i have a basic fail2ban with tcp-wrappers & /etc/hosts.deny combo working. i
couldnt get the iptables thing working properly.
thanx john
- Original Message
> From: John Lundin
> > john, could u share your rules for the dovecot attempts?t
>
>
> Since no one else has stepped up... here's dovecot and vsftpd.
>
> These worked for me, ymmv. Centos 5 with rpmforge. Folded, failregex
> should be a single line w
>
> The hardware is P4 2.8 CPU, 512 MB RAM, 120GB 3ware IDE/PATA RAID HD,
> ATI Video, CDRW CD, Dual Nic, Floppy and IDE/PATA Tape drive.
>
if you could install centos 3 on this hardware, then centos 5.x should
work...any error messages from the console?
___
> >
> > Is there some standard way of adding AV to Postfix?
>
> clearly the best way is to add a wrapper program like amavisd-new or
> MailScanner which handles spamassassin and which ever combination of
> anti-virus programs you use.
>
> The postfix list and primary author, Wietse will te
but what I worry about is members of the core
> CentOS team burning out and quitting... that would be much worse for
> CentOS than a few weeks delay here and there. For me it is important for
> the core team to know that they can take the time off they need for real
> life events without feeli
>
> For a GUI, ktorrent scratches my itch. Persists indefinitely -- across
> power failures, reboots, etc.; provides many stats.
> From rpmforge: ktorrent-2.2.1-1.el5.rf
> For a curses solution, I like bittorrent-curses from the
> bittorrent-4.4.0-1.el5.rf package -- also from rpmforge.
> Linux Advocate wrote:
> > is there a cli option?
> >
> Yes, there is. /usr/bin/bittorrent-console is provided as part of the
> bittorrent package, available from http://bittorrent.com/
thanx, i will get it
72 matches
Mail list logo
