Unix help plz
Jul. 17th, 2010 10:29 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
progGoatfuckers have compromised jmac.org somehow, and I can't do much about it because houseguests. Am trying to hold server together until I can block out six contiguous hours to rebuild everything.
Tell me why this happens, o sages of the internet:
What's the correct way to find out what exactly is being
Tell me why this happens, o sages of the internet:
top tells me that I have a perl process that is taking up 98% of CPU. But when I ps that PID, I am told that it's httpd. Er.What's the correct way to find out what exactly is being
perl'd? (I kill -9'd all those processes for now, but trust they'll be running again presently, because they've been doing that.)![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2010-07-18 02:46 am (UTC)chkrootkit.org is your friend, but that is not fool proof.
You really outta run "denyhosts" as well. But likely, I bet they got on via exploting your webserver in some fashion, instead of ssh brute force.