[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Several Different kernel related (?) problems



> I was wrong, it just happened again.
> 
> Suddenly there was no network response from the server.
> I went straight to the server room, and typed in "root" at the login
> prompt. This seemed to have normal response, the letters "root" appeared
> immedeately. Then I hit enter..
> 
> Now, 10min later..  still waiting for a password prompt.
> Both disks are working overtime.
> I disconnected the network plug right after attempting to login.
> 
> Going to wait a little while more for the OOM killer to do it's magic
> and maybe give me a clue as to what went wrong this time.
> Unfortunately the computer has 2.5gb swap =(

As predicted, the OOM killer did it's job.

The problem is actually that some cracker has managed to upload 
httpds.c into /tmp/.bd/ (via apache, still investigating how).
He then managed to compile and run it.

I took a look at the source code, and it seems to be a DDOS util.
Why it killed our server instead of the target of the DDOS I do
not know, but I guess it might be due to our firewall rejecting
all the attempts to connect.

I guess I'll fix this problem the same way I did at another server.
I'll make a partition for /tmp and mount it with noexec, or are
there better ways to do that?

-HK



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]