Poss DOS problem

[Gatt]

Ok think I may have had a DOS attack on my remote Linux Server
I can telnet as a normal user, but cannot su to root .. it just hangs after I enter the password (Control+C restores the prompt - but not as root)

I can access Webmin as root

I have checked running processes in telnet and found sh*t loads of Cron processes - like this:

Code:

root      6655  0.0  0.0  1392    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON
root      6656  0.0  0.0  1388    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON
root      6657  0.0  0.0  1392    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON
root      6874  0.0  0.0  1388    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON
root      6875  0.0  0.0  1388    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON
root      6876  0.0  0.0  1392    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON
root      6877  0.0  0.0  1392    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON
root      6881  0.0  0.0  1388    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON
root      6882  0.0  0.0  1392    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON
root      6883  0.0  0.0  1388    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON

there are at least 2 dozen of these - all with cuncurrent PID's (well close enough!)

Cannot kill the processes in Telnet as i cannot logon as root..
Cannot kill the processes in Webmin, nor stop the Cron job - it times out

Due to the server's location - some 330 Miles away.. I cannot get to the console to login locally as root
I could get a member of my family to reboot the server, but then the Cron job will just start again

Anyone know how i can get round this?

[Geoff]

Look at the cron log, see what it's running. Remove the execute permissions for whatever script/command it is. Wait patiently for sanity to be restored.

In future you might want set some sensible ulimits to stop this reoccuring.