Unfortunately sometimes happens when hackers can break a website on our hosting service and manage to run some scripts which usually written in Perl. This scripts eats the server’s memory and cpu resources while try to crack passwords and accounts. What can we do when it happends?
If you ara lucky you can reach the server and kill all malicious scripts. Because we run all of our services in virtualized environment it’s easy to reach it in every condition. When I loged in I looked for user who started the perl script with
ps x commands. Relatively easy to spot him because he runs many scripts which use the most of cpu in top.
First try should be
killall -u username
This isn’t work in all cases because clever scripts immediately restarted by another one which wasn’t found by
killall. (I’m investigating this.) solution is
lsof which can list all opened files with process id and owner.
lsof | grep username | grep perl | cut -b 11-20 | uniq | xargs kill -9
I filtered output of
grep for username and perl. After I cut process id and pass process id list to
All perl process killed now you should say the owner of the page to correct this problem and close the backdoor.
Hello there, I think your website may be having browser compatibility issues.
Whenever I look at your web site in Safari, it looks fine
however, when opening in IE, it’s got some overlapping issues. I simply wanted to give you a quick heads up!
Attractive component of content. I just stumbled
upon your website and in accession capital to say that I acquire actually loved account your blog posts.
Anyway I will be subscribing to your feeds or even I success you
get entry to constantly quickly.
Ehhez nem lehet hozzászólni.