Attack HELP!

Community support for Plesk, CPanel, WebMin and others with insight from two of the founders of Plesk. Ask for help here! No question is too simple or complicated. :-)
Forum User
Forum User
Posts: 85
Joined: Sat Jan 20, 2007 6:57 pm

Attack HELP!

Unread post by jpkelly »

I am getting (attacked or so it seems) and I am not quite sure what to do about it. Apache seems to become overwhelmed and unresponsive. Then apachectl commands give output such as the following:
/usr/sbin/apachectl: line 102: 8550 Segmentation fault $HTTPD $OPTIONS -k $ARGV
I have to manually kill httpd to get it working again.
When this "attack" happens I see a spike in root activity. I also see a lot of root sshd processes in top using ~100m of memory. and a lot of rsync processes as well.
Not sure how to approach this. Any ideas?
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: Attack HELP!

Unread post by faris »

What you describe may be terrible or may be benign. I'm not sure what to suggest really, but you have some experts on hand in the forum who will no doubt offer sensible advice.

You can often prevent apache overload by reducing max_clients in httpd.conf - you may need far fewer than you might imagine.

Other than that, maybe try some of the following in case it helps you to get a handle on things:

Use netstat (e.g. netstat -apvnl) to see what IPs might be connecting to port 22 (ssh) and make a note of them (this is assuming there are connections, which from your post might be the case).

Close sshd port 22 to all but your own IPs to start with, just in case (note that depending on a few things, existing connections will not be stopped because they are not "state = new")

Check your ASL logs for the IP(s) in question to see if it helps you figure out where/how they got in.

Use clamdscan to scan first /var/www/vhosts then the whole system.
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
Post Reply