300+ laufende Prozesse! Hackangriff?

Rund um die Sicherheit des Systems und die Applikationen
stamos
Posts: 66
Joined: 2003-05-17 18:21
Location: Berlin

300+ laufende Prozesse! Hackangriff?

Post by stamos » 2006-10-02 16:15

Da bin ich mal wieder :D Nun gehts wohl meinem zweiten Server an den Kragen, und der Server wird geflooded, das sieht dann so aus:

Code: Select all

top - 16:13:26 up 38 min,  1 user,  load average: 174.84, 106.70, 82.05
Tasks: 602 total, 370 running, 232 sleeping,   0 stopped,   0 zombie
Cpu(s): 73.8% us, 16.5% sy,  0.0% ni,  3.9% id,  3.6% wa,  1.1% hi,  1.2% si
Mem:   2043052k total,  1990916k used,    52136k free,     7136k buffers
Swap:  1052248k total,     1400k used,  1050848k free,   947224k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                      
17996 wwwrun    15   0 32768 8836 4704 S 10.2  0.4   0:00.32 httpd2-prefork                               
13426 wwwrun    15   0 32864 9004 4784 S  6.8  0.4   0:00.44 httpd2-prefork                               
  887 wwwrun    15   0 33520 9944 5036 S  5.1  0.5   0:01.75 httpd2-prefork                               
14773 wwwrun    15   0 32820 8988 4816 S  5.1  0.4   0:00.59 httpd2-prefork                               
15242 wwwrun    15   0 32820 8876 4720 S  5.1  0.4   0:00.47 httpd2-prefork                               
19008 wwwrun    15   0 32620 7932 3952 S  5.1  0.4   0:00.16 httpd2-prefork                               
19112 root      16   0  2324 1212  672 R  5.1  0.1   0:00.05 top                                          
18971 wwwrun    16   0 32824 9168 4968 R  3.4  0.4   0:02.45 httpd2-prefork                               
29037 wwwrun    15   0 32964 9392 5076 S  3.4  0.5   0:01.70 httpd2-prefork                               
12929 wwwrun    16   0 32824 8920 4760 R  3.4  0.4   0:00.77 httpd2-prefork                               
14764 wwwrun    16   0 32892 8988 4784 S  3.4  0.4   0:00.59 httpd2-prefork                               
18952 wwwrun    16   0 32604 7912 3952 S  3.4  0.4   0:00.20 httpd2-prefork                               
19010 wwwrun    15   0 32604 7952 3984 S  3.4  0.4   0:00.73 httpd2-prefork                               
 1870 mysql     19   0  251m  75m 4336 R  1.7  3.8   9:46.12 mysqld-max                                   
24148 wwwrun    16   0 32988 9320 4964 R  1.7  0.5   0:02.08 httpd2-prefork                               
13083 wwwrun    16   0 32828 9048 4872 S  1.7  0.4   0:00.69 httpd2-prefork                               
13087 wwwrun    15   0 32936 9180 4876 S  1.7  0.4   0:00.68 httpd2-prefork                               
13155 wwwrun    15   0 32820 9084 4892 S  1.7  0.4   0:01.06 httpd2-prefork                               
13454 wwwrun    16   0 32872 9084 4892 S  1.7  0.4   0:01.01 httpd2-prefork                               
13705 wwwrun    16   0 32972 9148 4812 R  1.7  0.4   0:01.06 httpd2-prefork                               
13713 wwwrun    15   0 32820 8932 4796 S  1.7  0.4   0:00.73 httpd2-prefork                               
14856 wwwrun    15   0 32844 8980 4796 S  1.7  0.4   0:00.58 httpd2-prefork                               
15622 wwwrun    15   0 32820 8940 4748 S  1.7  0.4   0:00.90 httpd2-prefork                               
15631 wwwrun    15   0 32880 8976 4728 S  1.7  0.4   0:00.67 httpd2-prefork                               
15655 wwwrun    16   0 32820 8944 4760 R  1.7  0.4   0:00.40 httpd2-prefork                               
18013 wwwrun    15   0 32812 8784 4656 S  1.7  0.4   0:00.22 httpd2-prefork                               
18949 wwwrun    15   0 32724 8144 4060 S  1.7  0.4   0:00.26 httpd2-prefork                               
18960 wwwrun    15   0 32692 7984 3956 S  1.7  0.4   0:00.29 httpd2-prefork                               
18961 wwwrun    16   0 32620 7932 3952 R  1.7  0.4   0:00.11 httpd2-prefork                               
18986 wwwrun    16   0 32584 7904 3960 R  1.7  0.4   0:00.23 httpd2-prefork                               
18999 wwwrun    16   0 32620 7936 3956 R  1.7  0.4   0:00.50 httpd2-prefork                               
    1 root      15   0   684  252  216 S  0.0  0.0   0:00.48 init                                         
    2 root      RT   0     0    0    0 S  0.0  0.0   0:00.00 migration/0                                  
    3 root      34  19     0    0    0 R  0.0  0.0   0:00.00 ksoftirqd/0                                  
    4 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 events/0                                     
    5 root      15  -5     0    0    0 S  0.0  0.0   0:00.00 khelper                                      
    6 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 kthread                                      
    8 root      10  -5     0    0    0 S  0.0  0.0   0:00.09 kblockd/0                                    
    9 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 kseriod                                      
   65 root      20   0     0    0    0 S  0.0  0.0   0:00.00 pdflush                                      
   66 root      15   0     0    0    0 S  0.0  0.0   0:00.10 pdflush                                      
   67 root      15   0     0    0    0 S  0.0  0.0   0:00.22 kswapd0                                      
   68 root      20  -5     0    0    0 S  0.0  0.0   0:00.00 aio/0 
370 laufende Prozesse??? wo bitte laufen die alle?

das eigenartige ist, das per netstat -n -t alle IP-Adressen absolut verschieden sind, es kann doch nicht sein, daß so viele user plötzlich auf meinem server zu greifen?

Dieser Server ist bei Server4you, SuSe 9.3 mit Confixx, 2 GB Ram, Opteron

ich hab den apachen erstmal gestoppt. Irgendwelche Ideen?

mattiass
Userprojekt
Userprojekt
Posts: 608
Joined: 2005-12-16 17:57

Re: 300+ laufende Prozesse! Hackangriff?

Post by mattiass » 2006-10-02 16:59

stamos wrote:
370 laufende Prozesse??? wo bitte laufen die alle?

Code: Select all

ps waux | less
PS: Admin: könnten wir eine Rubrik "Hilfe, ich wurde gehackt?" einrichten. Scheint grad wieder arg zu sein mit unsicheren CMSen und Boards...

stamos
Posts: 66
Joined: 2003-05-17 18:21
Location: Berlin

Re: 300+ laufende Prozesse! Hackangriff?

Post by stamos » 2006-10-02 17:26

alles Apachen fast, das kann doch nicht sein?!

Code: Select all

wwwrun   28233  0.1  0.4  32756  8604 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28234  0.8  0.4  33148  9068 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28235  0.5  0.4  33148  9072 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28241  0.5  0.4  33180  9152 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28246  0.6  0.4  33164  9096 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28247  0.8  0.4  33168  9120 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28251  0.5  0.4  33112  9060 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28252  0.2  0.4  33100  9004 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28253  0.5  0.4  33168  9060 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28254  0.6  0.4  33112  9016 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28264  0.7  0.4  33164  9028 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28266  0.4  0.4  33140  9012 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28267  0.3  0.4  32776  8576 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28268  0.4  0.4  33148  9068 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28269  0.8  0.4  33148  9040 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28270  0.4  0.4  33148  9044 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28271  0.4  0.4  33220  9108 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28272  0.0  0.2  31956  4096 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28288  0.5  0.4  33120  8916 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28289  0.6  0.4  33112  8964 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28290  0.4  0.4  32884  8728 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28291  0.3  0.4  33148  9048 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28292  0.3  0.4  33144  9024 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28293  0.5  0.4  33156  9004 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28294  0.1  0.4  33112  8748 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28295  0.8  0.4  33088  8924 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28296  0.5  0.4  33088  8876 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28297  0.3  0.4  33140  9020 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28299  0.4  0.4  33112  9068 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28301  0.5  0.4  33164  9036 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28302  0.5  0.4  33160  9036 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28303  1.0  0.4  33900  9792 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28304  0.3  0.4  32796  8640 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28306  1.0  0.4  33108  8800 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28325  0.4  0.4  33044  8864 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28326  0.4  0.4  33132  8968 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28327  0.3  0.4  33152  9024 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28328  0.4  0.4  33088  8872 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28330  0.5  0.4  33144  9008 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28331  0.6  0.4  33148  9048 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28333  0.3  0.4  33112  8800 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28334  0.4  0.4  33140  9064 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28335  0.6  0.4  32804  8732 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28339  0.3  0.4  32768  8544 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28340  0.5  0.4  33160  9044 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28341  0.3  0.4  33132  8968 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28342  0.3  0.4  33112  8808 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28343  0.6  0.4  33176  8976 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28346  0.7  0.4  33148  9044 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28347  0.4  0.4  32804  8648 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28348  0.2  0.4  33112  8808 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28350  0.6  0.4  33164  8996 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28351  0.4  0.4  33044  8928 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28355  0.5  0.4  33160  9008 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28356  0.9  0.4  33152  9032 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28358  0.6  0.4  33140  9012 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28359  0.4  0.4  33140  9012 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28361  0.4  0.4  33112  9024 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28375  0.7  0.4  33124  8952 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28378  0.8  0.4  33116  8940 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28380  0.5  0.4  33088  8896 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28381  0.7  0.4  33112  8948 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28382  0.6  0.4  33228  9056 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28383  0.4  0.4  33100  8980 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28385  0.8  0.4  33148  9040 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28387  0.7  0.4  33100  8960 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28406  0.0  0.2  31956  4096 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28407  0.2  0.4  32776  8572 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28408  0.5  0.4  32804  8660 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28409  0.8  0.4  32700  8620 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28410  0.3  0.4  33132  8968 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28411  0.4  0.4  33120  8908 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28412  0.3  0.4  33112  8764 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28415  1.0  0.4  33168  9036 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28417  0.4  0.4  33160  9000 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28418  0.6  0.4  33156  9012 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28419  0.2  0.4  33112  8808 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28420  0.4  0.4  33160  9000 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28422  0.3  0.4  33132  8896 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28423  0.3  0.4  33112  8808 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28424  0.5  0.4  33112  8936 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28425  0.4  0.4  33088  8896 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28426  0.5  0.4  33112  8940 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28429  0.7  0.4  33140  8992 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28430  0.6  0.4  33132  8916 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28431  0.8  0.4  33220  9056 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28432  0.2  0.4  33112  8796 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28433  0.2  0.4  33016  8852 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28436  0.6  0.4  33084  8876 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28437  0.5  0.4  33112  8936 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28438  1.3  0.4  33112  8956 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28439  0.3  0.4  33112  8796 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28440  0.3  0.4  33112  8784 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28441  0.7  0.4  33088  8864 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28442  0.7  0.4  33120  8920 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28443  0.2  0.4  33100  8708 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28444  0.3  0.4  33112  8784 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28445  0.6  0.4  33132  8944 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28485  0.4  0.4  33112  8668 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28486  0.5  0.4  33140  9028 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28488  0.2  0.4  33112  8788 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28489  0.2  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28490  0.8  0.4  33088  8944 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28492  0.4  0.4  33112  8748 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28493  0.8  0.4  33044  8940 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28494  0.2  0.4  32608  8368 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28495  0.2  0.4  33112  8804 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28496  0.7  0.4  33088  8924 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28499  0.2  0.4  33112  8808 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28500  0.2  0.4  33112  8812 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28501  0.4  0.4  32608  8368 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28502  0.8  0.4  33220  9116 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28503  0.5  0.4  33108  8976 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28505  0.4  0.4  33140  9040 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28506  0.2  0.4  33100  8676 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28507  0.5  0.4  33016  8860 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28508  0.2  0.4  33112  8800 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28509  0.4  0.4  33016  8856 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28511  0.7  0.4  33112  8928 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28512  0.7  0.4  32768  8548 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28513  0.5  0.4  33112  8924 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28514  0.4  0.4  33100  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28515  0.4  0.4  33112  8772 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28518  0.4  0.4  33140  9012 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28519  0.8  0.4  33228  9080 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28520  0.2  0.4  33112  8684 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28521  0.5  0.4  33120  8948 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28522  0.8  0.4  33120  8944 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28523  0.2  0.4  32608  8368 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28524  0.2  0.4  32608  8368 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28575  0.3  0.4  33112  8676 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28576  0.3  0.4  33112  8800 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28577  0.5  0.4  33112  8740 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28578  0.6  0.4  33088  8864 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28579  0.6  0.4  33248  9012 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28580  0.6  0.4  33016  8848 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28581  0.6  0.4  33112  8784 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28582  0.3  0.4  33100  8676 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28584  0.6  0.4  33108  8968 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28585  0.5  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28586  0.3  0.4  33100  8668 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28587  0.5  0.4  32608  8372 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28588  0.6  0.4  33016  8856 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28591  0.8  0.4  33088  8880 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28592  0.5  0.4  33112  8940 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28594  0.3  0.4  32796  8624 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28597  0.5  0.4  33112  8772 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28598  0.5  0.4  33112  8740 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28599  0.3  0.4  33112  8768 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28600  0.5  0.4  33112  8568 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28601  0.3  0.4  33112  8684 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28602  0.3  0.4  33100  8664 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28603  0.5  0.4  33112  8772 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28605  0.6  0.4  33044  8856 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28607  0.6  0.4  32744  8480 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28608  0.6  0.4  33016  8852 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28609  0.5  0.4  33112  8676 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28610  0.3  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28613  0.6  0.4  33016  8852 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28614  0.6  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28615  0.8  0.4  32744  8480 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28616  0.4  0.4  32864  8260 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28653  0.7  0.4  33112  8668 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28654  0.5  0.4  33112  8668 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28655  0.7  0.4  33016  8856 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28656  0.5  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28657  0.5  0.4  33112  8676 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28658  0.2  0.4  33112  8668 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28662  1.0  0.4  33112  8680 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28663  0.7  0.4  33112  8684 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28664  0.7  0.4  33112  8676 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28665  0.5  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28668  1.0  0.4  33016  8852 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28670  0.5  0.4  32796  8652 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28671  0.7  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28672  0.7  0.4  33104  8664 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28673  1.2  0.4  32744  8488 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28676  0.7  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28685  1.0  0.4  32692  8408 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28686  0.7  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28687  1.0  0.4  33016  8860 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28688  1.2  0.4  33088  8872 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28689  0.7  0.4  33112  8668 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28691  0.5  0.4  33112  8668 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28692  0.7  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28693  0.5  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28694  0.7  0.4  33112  8572 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28695  1.0  0.4  33016  8868 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28698  0.7  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28699  0.5  0.4  33108  8680 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28700  0.5  0.4  33112  8576 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28701  0.5  0.4  33112  8480 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28705  1.0  0.4  33016  8856 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28707  0.7  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28758  0.0  0.2  31956  4096 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28759  0.6  0.4  33112  8480 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28762  2.5  0.4  33016  8860 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28763  1.0  0.4  33112  8684 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28765  1.5  0.4  33112  8676 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28766  1.5  0.4  33112  8572 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28767  1.5  0.4  33112  8584 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28768  1.5  0.4  33112  8572 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28769  1.5  0.4  33112  8676 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28771  1.0  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28772  1.5  0.4  33112  8576 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28773  1.0  0.4  33112  8572 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28774  1.0  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28774  1.0  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28773  1.0  0.4  33112  8572 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28774  1.0  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28776  1.5  0.4  33112  8676 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28784  1.0  0.4  33112  8676 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28785  1.0  0.4  33112  8668 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28787  1.0  0.4  32864  8264 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28791  0.0  0.2  31956  4096 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28792  1.5  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28796  1.0  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28798  0.0  0.2  31956  4096 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28802  1.5  0.4  33112  8584 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28804  0.0  0.3  32444  6552 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28805  0.0  0.3  32332  6348 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28829  4.0  0.4  33072  8876 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28831  1.0  0.3  32864  8120 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28834  1.0  0.3  32660  6812 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28835  0.0  0.3  32308  6540 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28836  1.0  0.3  32984  7736 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28838  3.0  0.4  33112  8576 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28845  2.0  0.3  32864  8124 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28847  0.0  0.3  32656  6804 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
root     28884  0.0  0.0   2728   828 pts/1    R+   17:23   0:00 ps waux
root     28885  0.0  0.0   2128   852 pts/1    S+   17:23   0:00 less
wwwrun   28902  0.0  0.4  33112  8672 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28903  0.0  0.4  33080  8856 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28904  0.0  0.4  33100  8564 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28905  0.0  0.3  32980  7084 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28906  0.0  0.3  32904  6928 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28907  0.0  0.2  31956  4096 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28908  0.0  0.4  33112  8576 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28912  0.0  0.4  33112  8484 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28914  0.0  0.3  32972  7724 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28915  0.0  0.2  31956  4096 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28916  0.0  0.3  32828  6776 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28917  0.0  0.4  33112  8568 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
root     28921  0.0  0.0   2512   948 ?        S    17:23   0:00 proftpd: (accepting connections)
wwwrun   28924  0.0  0.4  33112  8572 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28926  0.0  0.4  33112  8576 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28928  0.0  0.3  32584  6672 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28931  0.0  0.3  32088  6256 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28932  0.0  0.3  32332  6344 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28939  0.0  0.4  33112  8484 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28941  0.0  0.4  32972  8324 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28943  0.0  0.3  32436  6688 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28944  0.0  0.2  31956  4096 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
root     28945  0.0  0.1  31956  3700 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28947  0.0  0.4  33112  8676 ?        S    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28949  0.0  0.3  32984  7736 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28952  0.0  0.3  32680  6816 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   28953  0.0  0.3  32432  6652 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
root     28954  0.0  0.1  31956  3404 ?        R    17:23   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf

mattiass
Userprojekt
Userprojekt
Posts: 608
Joined: 2005-12-16 17:57

Re: 300+ laufende Prozesse! Hackangriff?

Post by mattiass » 2006-10-02 17:31

stamos wrote: alles Apachen fast, das kann doch nicht sein?!
Doch. Kann. Wenn der Apache schlecht konfiguriert wurde, bspw. zu hohe MaxSpareServers...

http://httpd.apache.org/docs/2.0/mod/prefork.html

Poste mal Deine Config.

stamos
Posts: 66
Joined: 2003-05-17 18:21
Location: Berlin

Re: 300+ laufende Prozesse! Hackangriff?

Post by stamos » 2006-10-02 17:37

die sache ist doch aber die, das der Server seit ca. 10 monaten problemlos läuft, und nun plötzlich dies.

Hier ist meine server-tuning.conf:

Code: Select all

##
## Server-Pool Size Regulation (MPM specific)
## 

# the MPM (multiprocessing module) is not a dynamically loadable module in the
# sense of other modules. It is a compile time decision which one is used. We
# provide different apache2 MPM packages, containing different httpd2 binaries
# compiled with the available MPMs. See APACHE_MPM in /etc/sysconfig/apache2.

# prefork MPM
<IfModule prefork.c>
	# number of server processes to start
	StartServers         5
	# minimum number of server processes which are kept spare
	MinSpareServers      5
	# maximum number of server processes which are kept spare
	MaxSpareServers     10
	# highest possible MaxClients setting for the lifetime of the Apache process.
	ServerLimit        500
	# maximum number of server processes allowed to start
	MaxClients         500
	# maximum number of requests a server process serves
	MaxRequestsPerChild  0
</IfModule>

# worker MPM
<IfModule worker.c>
	# initial number of server processes to start
	StartServers         2
	# minimum number of worker threads which are kept spare
	MinSpareThreads     25
	# maximum number of worker threads which are kept spare
	MaxSpareThreads     75 
	# maximum number of simultaneous client connections
	MaxClients         150
	# constant number of worker threads in each server process
	ThreadsPerChild     25
	# maximum number of requests a server process serves
	MaxRequestsPerChild  0
</IfModule>

# leader MPM
<IfModule leader.c>
	# initial number of server processes to start
	StartServers         2
	# minimum number of worker threads which are kept spare
	MinSpareThreads     25
	# maximum number of worker threads which are kept spare
	MaxSpareThreads     75 
	# maximum number of simultaneous client connections
	MaxClients         150
	# constant number of worker threads in each server process
	ThreadsPerChild     25
	# maximum number of requests a server process serves
	MaxRequestsPerChild  0
</IfModule>

# perchild MPM
<IfModule perchild.c>
	# constant number of server processes
	NumServers           5
	# initial number of worker threads in each server process
	StartThreads         5
	# minimum number of worker threads which are kept spare
	MinSpareThreads      5
	# maximum number of worker threads which are kept spare
	MaxSpareThreads     10
	# maximum number of worker threads in each server process
	MaxThreadsPerChild  20
	# maximum number of connections per server process
	MaxRequestsPerChild  0

	AcceptMutex fcntl
</IfModule>

# metux MPM
<IfModule metuxmpm.c>
	# initial number of worker threads in each server process
	StartThreads          5
	# minimum number of worker threads which are kept spare
	MinSpareThreads       5
	# maximum number of worker threads which are kept spare
	MaxSpareThreads      10
	# maximum number of connections per server process
	MaxRequestsPerChild   0

	Multiplexer	"wwwrun"	"www"

</IfModule>


#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive Off

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 400

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 4

#
# EnableMMAP: Control whether memory-mapping is used to deliver
# files (assuming that the underlying OS supports it).
# The default is on; turn this off if you serve from NFS-mounted
# filesystems.  On some systems, turning it off (regardless of
# filesystem) can improve performance; for details, please see
# http://httpd.apache.org/docs-2.0/mod/core.html#enablemmap
#
#EnableMMAP off

#
# EnableSendfile: Control whether the sendfile kernel support is
# used  to deliver files (assuming that the OS supports it).
# The default is on; turn this off if you serve from NFS-mounted
# filesystems.  Please see
# http://httpd.apache.org/docs-2.0/mod/core.html#enablesendfile
#
#EnableSendfile off


#
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4.0" force-response-1.0
BrowserMatch "Java/1.0" force-response-1.0
BrowserMatch "JDK/1.0" force-response-1.0

#
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash.  This fixes a 
# problem with Microsoft WebFolders which does not appropriately handle 
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully


wgot
Posts: 1675
Joined: 2003-07-06 02:03

Re: 300+ laufende Prozesse! Hackangriff?

Post by wgot » 2006-10-02 17:39

Hallo,
MattiasS wrote:PS: Admin: könnten wir eine Rubrik "Hilfe, ich wurde gehackt?" einrichten. Scheint grad wieder arg zu sein mit unsicheren CMSen und Boards...
bin ich auch dafür, dann können wir in dieser Rubrik wieder über Security diskutieren statt über Unsecurity. *SCNR*

Gruß, Wolfgang

Roger Wilco
Administrator
Administrator
Posts: 5924
Joined: 2004-05-23 12:53

Re: 300+ laufende Prozesse! Hackangriff?

Post by Roger Wilco » 2006-10-02 17:49

stamos wrote:die sache ist doch aber die, das der Server seit ca. 10 monaten problemlos läuft, und nun plötzlich dies.
Vielleicht kamen in der Zeit einfach nicht so viele Requests?
stamos wrote:

Code: Select all

# prefork MPM
<IfModule prefork.c>
	# number of server processes to start
	StartServers         5
	# minimum number of server processes which are kept spare
	MinSpareServers      5
	# maximum number of server processes which are kept spare
	MaxSpareServers     10
	# highest possible MaxClients setting for the lifetime of the Apache process.
	ServerLimit        500
	# maximum number of server processes allowed to start
	MaxClients         500
	# maximum number of requests a server process serves
	MaxRequestsPerChild  0
</IfModule>
Lies folgende Seiten der Apache Dokumentation: http://httpd.apache.org/docs/2.0/mod/mpm_common.html
http://httpd.apache.org/docs/2.0/mod/prefork.html

stamos
Posts: 66
Joined: 2003-05-17 18:21
Location: Berlin

Re: 300+ laufende Prozesse! Hackangriff?

Post by stamos » 2006-10-02 18:13

Roger Wilco wrote: Vielleicht kamen in der Zeit einfach nicht so viele Requests?
doch, sehr viele sogar.

die themen kenne ich gut, wenn ich die einstellung des apachen verändere kommt das aufs gleiche raus. gebe ich ihm server-limit 2000 dann habe ich 2000 tasks im top zu laufen. eigentlich kann ich einstellen was ich will, der server wird mit anfragen überschüttet.

aber lasst mal, wenn ich Antworten wie von wgot lese dann vergeht mir die lust am diskutieren irgendwie, schade...

mattiass
Userprojekt
Userprojekt
Posts: 608
Joined: 2005-12-16 17:57

Re: 300+ laufende Prozesse! Hackangriff?

Post by mattiass » 2006-10-02 18:27

stamos wrote:
Roger Wilco wrote: Vielleicht kamen in der Zeit einfach nicht so viele Requests?
die themen kenne ich gut, wenn ich die einstellung des apachen verändere kommt das aufs gleiche raus. gebe ich ihm server-limit 2000 dann habe ich 2000 tasks im top zu laufen. eigentlich kann ich einstellen was ich will, der server wird mit anfragen überschüttet.

aber lasst mal, wenn ich Antworten wie von wgot lese dann vergeht mir die lust am diskutieren irgendwie, schade...
Wie wäre es mit einer simplen Rechenaufgabe? 500 Indianer zu je 35MB macht 17,5GB Speicherbedarf. Wieviel hast Du? Wahrscheinlich 2GB RAM und 4GB Swap?

Also setzt das Limit in den Bereich von 100 bis 200 (je nachdem, wieviel virt. Speicger Du der DB geben musst, damit sie sauber arbeitet. Und die MaxRequests nicht auf 0 (unendlich), sondern je nachdem, wie gut die Scripte sind, die laufen zwischen 1.000 und 10.000. Ältere Apache werden so auch mal beendet und die aktiven haben dann zu Zeiten kleinerer Last mehr Luft.

elias5000
Posts: 66
Joined: 2006-08-18 14:35
Location: Berlin

Re: 300+ laufende Prozesse! Hackangriff?

Post by elias5000 » 2006-10-02 19:00

Ist denn eigentlich schon die Erkenntnis gesichert, dass die Apache-Prozesse auch nur das tun, was sie tun sollen?
Die Menge und der plötzliche Anstieg sehen verdächtig nach den Bots aus, von denen in letzter Zeit häufiger berichtet wurde.

stamos
Posts: 66
Joined: 2003-05-17 18:21
Location: Berlin

Re: 300+ laufende Prozesse! Hackangriff?

Post by stamos » 2006-10-02 19:45

@MattiasS: wenn ich die Werte herabsetze schmiert er noch schneller ab (Serverlimit reached, consider raising the bla bla...)

@elias5000: welche bots?! :?:

User avatar
daemotron
Administrator
Administrator
Posts: 2635
Joined: 2004-01-21 17:44

Re: 300+ laufende Prozesse! Hackangriff?

Post by daemotron » 2006-10-02 19:59

Hmm, wenn Dein Indianer so mächtig unter Dampf steht, müsste er ja auch ne Menge Seiten ausliefern. Was erzählt denn das access_log? Sind das alles saubere Requests auf tatsächlich existierende Seiten, oder steht da bloß Bullshit drin? Wenn letzteres der Fall ist, kannst Du *eventuell* mit mod_security und mod_evasive gegen die Pest vorgehen (ist heutzutage leider völlig normal - bei gut konfigurierten Servern eher ungefährlich, aber eben lästig und ressourcenfressend).