Several Different kernel related (?) problems
Hans Kristian Rosbach
hk at isphuset.no
Tue Aug 17 08:43:38 UTC 2004
> I was wrong, it just happened again.
>
> Suddenly there was no network response from the server.
> I went straight to the server room, and typed in "root" at the login
> prompt. This seemed to have normal response, the letters "root" appeared
> immedeately. Then I hit enter..
>
> Now, 10min later.. still waiting for a password prompt.
> Both disks are working overtime.
> I disconnected the network plug right after attempting to login.
>
> Going to wait a little while more for the OOM killer to do it's magic
> and maybe give me a clue as to what went wrong this time.
> Unfortunately the computer has 2.5gb swap =(
As predicted, the OOM killer did it's job.
The problem is actually that some cracker has managed to upload
httpds.c into /tmp/.bd/ (via apache, still investigating how).
He then managed to compile and run it.
I took a look at the source code, and it seems to be a DDOS util.
Why it killed our server instead of the target of the DDOS I do
not know, but I guess it might be due to our firewall rejecting
all the attempts to connect.
I guess I'll fix this problem the same way I did at another server.
I'll make a partition for /tmp and mount it with noexec, or are
there better ways to do that?
-HK
More information about the fedora-devel-list
mailing list