Unfortunately sometimes happens when hackers can break a website on our hosting service and manage to run some scripts which usually written in Perl. This scripts eats the server’s memory and cpu resources while try to crack passwords and accounts. What can we do when it happends?
If you ara lucky you can reach the server and kill all malicious scripts. Because we run all of our services in virtualized environment it’s easy to reach it in every condition. When I loged in I looked for user who started the perl script with top
or ps x
commands. Relatively easy to spot him because he runs many scripts which use the most of cpu in top.
First try should be
killall -u username
This isn’t work in all cases because clever scripts immediately restarted by another one which wasn’t found by killall
. (I’m investigating this.) solution is lsof
which can list all opened files with process id and owner.
lsof | grep username | grep perl | cut -b 11-20 | uniq | xargs kill -9
I filtered output of lsof
with grep
for username and perl. After I cut process id and pass process id list to kill
with uniq
command.
All perl process killed now you should say the owner of the page to correct this problem and close the backdoor.
2 Hozzászólás
Sammy
Hello there, I think your website may be having browser compatibility issues.
Whenever I look at your web site in Safari, it looks fine
however, when opening in IE, it’s got some overlapping issues. I simply wanted to give you a quick heads up!
Marina
Attractive component of content. I just stumbled
upon your website and in accession capital to say that I acquire actually loved account your blog posts.
Anyway I will be subscribing to your feeds or even I success you
get entry to constantly quickly.
Ehhez nem lehet hozzászólni.