• 08-08-2009, 18:56:03
    #1
    Selamlar
    sunucumda ddos saldırısı felan yokken top da cpu yükseliyor %55 - 60 oluyor siteler açılmıyor spamdırdiye şüphelendim directadin panel var killall -9 exim dedim root'ta ve etc/exim.conf u tar.gz yapıp exim.conf u sildim ve /etc/init.d nin içindeki exim i de aynı şekilde sildim cpu biraz düştü 30-45 lere filan ama hala anormallik var sunucuda ps aux çıktısı:
    [root@shellciyiz etc]# ps aux
    USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
    root         1  0.0  0.0   2112   632 ?        Ss   00:25   0:01 init [3]
    root         2  0.0  0.0      0     0 ?        S<   00:25   0:00 [kthreadd]
    root         3  0.0  0.0      0     0 ?        S<   00:25   0:00 [migration/0]
    root         4  0.1  0.0      0     0 ?        S<   00:25   0:15 [ksoftirqd/0]
    root         5  0.0  0.0      0     0 ?        S<   00:25   0:00 [watchdog/0]
    root         6  0.0  0.0      0     0 ?        S<   00:25   0:00 [migration/1]
    root         7  0.2  0.0      0     0 ?        S<   00:25   0:17 [ksoftirqd/1]
    root         8  0.0  0.0      0     0 ?        S<   00:25   0:00 [watchdog/1]
    root         9  0.0  0.0      0     0 ?        S<   00:25   0:00 [events/0]
    root        10  0.0  0.0      0     0 ?        S<   00:25   0:00 [events/1]
    root        11  0.0  0.0      0     0 ?        S<   00:25   0:00 [khelper]
    root        63  0.0  0.0      0     0 ?        S<   00:25   0:00 [kblockd/0]
    root        64  0.0  0.0      0     0 ?        S<   00:25   0:00 [kblockd/1]
    root        66  0.0  0.0      0     0 ?        S<   00:25   0:00 [kacpid]
    root        67  0.0  0.0      0     0 ?        S<   00:25   0:00 [kacpi_notify]
    root       134  0.0  0.0      0     0 ?        S<   00:25   0:00 [cqueue]
    root       136  0.0  0.0      0     0 ?        S<   00:25   0:00 [ksuspend_usbd]
    root       141  0.0  0.0      0     0 ?        S<   00:25   0:00 [khubd]
    root       144  0.0  0.0      0     0 ?        S<   00:25   0:00 [kseriod]
    root       184  0.0  0.0      0     0 ?        S    00:25   0:00 [pdflush]
    root       185  0.0  0.0      0     0 ?        S    00:25   0:01 [pdflush]
    root       186  0.0  0.0      0     0 ?        S<   00:25   0:00 [kswapd0]
    root       227  0.0  0.0      0     0 ?        S<   00:25   0:00 [aio/0]
    root       228  0.0  0.0      0     0 ?        S<   00:25   0:00 [aio/1]
    root       378  0.0  0.0      0     0 ?        S<   00:25   0:00 [kpsmoused]
    root       417  0.0  0.0      0     0 ?        S<   00:25   0:00 [ata/0]
    root       418  0.0  0.0      0     0 ?        S<   00:25   0:00 [ata/1]
    root       419  0.0  0.0      0     0 ?        S<   00:25   0:00 [ata_aux]
    root       423  0.0  0.0      0     0 ?        S<   00:25   0:00 [scsi_eh_0]
    root       424  0.0  0.0      0     0 ?        S<   00:25   0:00 [scsi_eh_1]
    root       425  0.0  0.0      0     0 ?        S<   00:25   0:00 [scsi_eh_2]
    root       426  0.0  0.0      0     0 ?        S<   00:25   0:00 [scsi_eh_3]
    root       436  0.0  0.0      0     0 ?        S<   00:25   0:00 [kstriped]
    root       446  0.0  0.0      0     0 ?        S<   00:25   0:00 [ksnapd]
    root       457  0.0  0.0      0     0 ?        S<   00:25   0:00 [kdmflush]
    root       458  0.0  0.0      0     0 ?        S<   00:25   0:00 [kdmflush]
    root       459  0.2  0.0      0     0 ?        S<   00:25   0:20 [kjournald]
    root       485  0.0  0.0      0     0 ?        S<   00:25   0:00 [kauditd]
    root       515  0.0  0.0   2368   764 ?        S<s  00:25   0:00 /sbin/udevd -d
    root      1058  0.0  0.0      0     0 ?        S<   00:25   0:00 [kmpathd/0]
    root      1059  0.0  0.0      0     0 ?        S<   00:25   0:00 [kmpathd/1]
    root      1143  0.0  0.0      0     0 ?        S<   00:25   0:00 [kjournald]
    root      1318  0.0  0.0      0     0 ?        S<   00:25   0:03 [kondemand/0]
    root      1319  0.0  0.0      0     0 ?        S<   00:25   0:03 [kondemand/1]
    TOP dan P/S'ler



    sizce bunun sebebi nedir?
  • 08-08-2009, 19:20:35
    #2
    Kimlik doğrulama veya yönetimden onay bekliyor.
    Anormallik apachede gözüküyor.Kullandığın bir script kasıyor galiba.
  • 08-08-2009, 19:32:17
    #3
    top da garip garip şeyler çıkıyor bunun sebebi nedir peki?
  • 08-08-2009, 19:36:29
    #4
    Garip dediğiniz şey nedir onu anlamadım?
  • 08-08-2009, 19:42:33
    #5
    6 - 7 tane root olarak ssh gözüküyor ve;

    7 root 15 -5 0 0 0 S 2 0.0 0:23.99 ksoftirqd/1
    9327 apache 20 0 44812 26m 3424 S 2 1.3 0:00.70 httpd
    9339 mysql 20 0 163m 133m 3412 S 2 6.6 0:16.77 mysqld
    10115 apache 20 0 47004 26m 3436 S 2 1.3 0:00.44 httpd
    10317 islami 20 0 5880 1392 952 S 2 0.1 0:01.13 eggdrop
    10636 root 20 0 2400 960 696 R 2 0.0 0:00.01 top
    15730 oyunalem 20 0 39552 1864 584 S 2 0.1 1:04.77 sc_serv
    18318 okeykaza 20 0 38560 2960 740 S 2 0.1 1:02.99 sc_serv
    1 root 20 0 2112 632 544 S 0 0.0 0:01.80 init
    2 root 15 -5 0 0 0 S 0 0.0 0:00.00 kthreadd
    3 root RT -5 0 0 0 S 0 0.0 0:00.36 migration/0
    4 root 15 -5 0 0 0 S 0 0.0 0:22.04 ksoftirqd/0
    5 root RT -5 0 0 0 S 0 0.0 0:00.08 watchdog/0
    6 root RT -5 0 0 0 S 0 0.0 0:00.33 migration/1
    8 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/1
    9 root 15 -5 0 0 0 S 0 0.0 0:00.13 events/0
    10 root 15 -5 0 0 0 S 0 0.0 0:00.09 events/1
    11 root 15 -5 0 0 0 S 0 0.0 0:00.00 khelper
    63 root 15 -5 0 0 0 S 0 0.0 0:00.34 kblockd/0
    64 root 15 -5 0 0 0 S 0 0.0 0:00.04 kblockd/1
    66 root 15 -5 0 0 0 S 0 0.0 0:00.00 kacpid
    67 root 15 -5 0 0 0 S 0 0.0 0:00.00 kacpi_notify
    134 root 15 -5 0 0 0 S 0 0.0 0:00.00 cqueue
    136 root 15 -5 0 0 0 S 0 0.0 0:00.00 ksuspend_usbd
    141 root 15 -5 0 0 0 S 0 0.0 0:00.00 khubd
    144 root 15 -5 0 0 0 S 0 0.0 0:00.00 kseriod
    184 root 20 0 0 0 0 S 0 0.0 0:00.00 pdflush
    185 root 20 0 0 0 0 S 0 0.0 0:01.41 pdflush
    186 root 15 -5 0 0 0 S 0 0.0 0:00.04 kswapd0
    227 root 15 -5 0 0 0 S 0 0.0 0:00.00 aio/0
    228 root 15 -5 0 0 0 S 0 0.0 0:00.00 aio/1
    378 root 15 -5 0 0 0 S 0 0.0 0:00.00 kpsmoused
    417 root 15 -5 0 0 0 S 0 0.0 0:00.00 ata/0
    418 root 15 -5 0 0 0 S 0 0.0 0:00.00 ata/1
    419 root 15 -5 0 0 0 S 0 0.0 0:00.00 ata_aux
    423 root 15 -5 0 0 0 S 0 0.0 0:00.00 scsi_eh_0
    424 root 15 -5 0 0 0 S 0 0.0 0:00.00 scsi_eh_1
    425 root 15 -5 0 0 0 S 0 0.0 0:00.00 scsi_eh_2


    Bu kırmızı içine aldığım nedir?
  • 08-08-2009, 19:45:59
    #6
    Onlar bendede var anormal birşey değildir herhalde