+ Post New Thread
Results 1 to 2 of 2
*nix Thread, Poss DOS problem in Technical; Ok think I may have had a DOS attack on my remote Linux Server I can telnet as a normal ...
  1. #1

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,673
    Thank Post
    861
    Thanked 650 Times in 431 Posts
    Rep Power
    499

    Poss DOS problem

    Ok think I may have had a DOS attack on my remote Linux Server
    I can telnet as a normal user, but cannot su to root .. it just hangs after I enter the password (Control+C restores the prompt - but not as root)

    I can access Webmin as root

    I have checked running processes in telnet and found sh*t loads of Cron processes - like this:
    Code:
    root      6655  0.0  0.0  1392    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON
    root      6656  0.0  0.0  1388    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON
    root      6657  0.0  0.0  1392    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON
    root      6874  0.0  0.0  1388    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON
    root      6875  0.0  0.0  1388    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON
    root      6876  0.0  0.0  1392    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON
    root      6877  0.0  0.0  1392    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON
    root      6881  0.0  0.0  1388    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON
    root      6882  0.0  0.0  1392    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON
    root      6883  0.0  0.0  1388    0 ?        SW   Oct23   0:00 /USR/SBIN/CRON
    there are at least 2 dozen of these - all with cuncurrent PID's (well close enough!)

    Cannot kill the processes in Telnet as i cannot logon as root..
    Cannot kill the processes in Webmin, nor stop the Cron job - it times out

    Due to the server's location - some 330 Miles away.. I cannot get to the console to login locally as root
    I could get a member of my family to reboot the server, but then the Cron job will just start again

    Anyone know how i can get round this?

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Poss DOS problem

    Look at the cron log, see what it's running. Remove the execute permissions for whatever script/command it is. Wait patiently for sanity to be restored.

    In future you might want set some sensible ulimits to stop this reoccuring.

SHARE:
+ Post New Thread

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •