Page 1 of 1
300+ laufende Prozesse! Hackangriff?
Posted: 2006-10-02 16:15
by stamos
Da bin ich mal wieder :D Nun gehts wohl meinem zweiten Server an den Kragen, und der Server wird geflooded, das sieht dann so aus:
Code: Select all
top - 16:13:26 up 38 min, 1 user, load average: 174.84, 106.70, 82.05
Tasks: 602 total, 370 running, 232 sleeping, 0 stopped, 0 zombie
Cpu(s): 73.8% us, 16.5% sy, 0.0% ni, 3.9% id, 3.6% wa, 1.1% hi, 1.2% si
Mem: 2043052k total, 1990916k used, 52136k free, 7136k buffers
Swap: 1052248k total, 1400k used, 1050848k free, 947224k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
17996 wwwrun 15 0 32768 8836 4704 S 10.2 0.4 0:00.32 httpd2-prefork
13426 wwwrun 15 0 32864 9004 4784 S 6.8 0.4 0:00.44 httpd2-prefork
887 wwwrun 15 0 33520 9944 5036 S 5.1 0.5 0:01.75 httpd2-prefork
14773 wwwrun 15 0 32820 8988 4816 S 5.1 0.4 0:00.59 httpd2-prefork
15242 wwwrun 15 0 32820 8876 4720 S 5.1 0.4 0:00.47 httpd2-prefork
19008 wwwrun 15 0 32620 7932 3952 S 5.1 0.4 0:00.16 httpd2-prefork
19112 root 16 0 2324 1212 672 R 5.1 0.1 0:00.05 top
18971 wwwrun 16 0 32824 9168 4968 R 3.4 0.4 0:02.45 httpd2-prefork
29037 wwwrun 15 0 32964 9392 5076 S 3.4 0.5 0:01.70 httpd2-prefork
12929 wwwrun 16 0 32824 8920 4760 R 3.4 0.4 0:00.77 httpd2-prefork
14764 wwwrun 16 0 32892 8988 4784 S 3.4 0.4 0:00.59 httpd2-prefork
18952 wwwrun 16 0 32604 7912 3952 S 3.4 0.4 0:00.20 httpd2-prefork
19010 wwwrun 15 0 32604 7952 3984 S 3.4 0.4 0:00.73 httpd2-prefork
1870 mysql 19 0 251m 75m 4336 R 1.7 3.8 9:46.12 mysqld-max
24148 wwwrun 16 0 32988 9320 4964 R 1.7 0.5 0:02.08 httpd2-prefork
13083 wwwrun 16 0 32828 9048 4872 S 1.7 0.4 0:00.69 httpd2-prefork
13087 wwwrun 15 0 32936 9180 4876 S 1.7 0.4 0:00.68 httpd2-prefork
13155 wwwrun 15 0 32820 9084 4892 S 1.7 0.4 0:01.06 httpd2-prefork
13454 wwwrun 16 0 32872 9084 4892 S 1.7 0.4 0:01.01 httpd2-prefork
13705 wwwrun 16 0 32972 9148 4812 R 1.7 0.4 0:01.06 httpd2-prefork
13713 wwwrun 15 0 32820 8932 4796 S 1.7 0.4 0:00.73 httpd2-prefork
14856 wwwrun 15 0 32844 8980 4796 S 1.7 0.4 0:00.58 httpd2-prefork
15622 wwwrun 15 0 32820 8940 4748 S 1.7 0.4 0:00.90 httpd2-prefork
15631 wwwrun 15 0 32880 8976 4728 S 1.7 0.4 0:00.67 httpd2-prefork
15655 wwwrun 16 0 32820 8944 4760 R 1.7 0.4 0:00.40 httpd2-prefork
18013 wwwrun 15 0 32812 8784 4656 S 1.7 0.4 0:00.22 httpd2-prefork
18949 wwwrun 15 0 32724 8144 4060 S 1.7 0.4 0:00.26 httpd2-prefork
18960 wwwrun 15 0 32692 7984 3956 S 1.7 0.4 0:00.29 httpd2-prefork
18961 wwwrun 16 0 32620 7932 3952 R 1.7 0.4 0:00.11 httpd2-prefork
18986 wwwrun 16 0 32584 7904 3960 R 1.7 0.4 0:00.23 httpd2-prefork
18999 wwwrun 16 0 32620 7936 3956 R 1.7 0.4 0:00.50 httpd2-prefork
1 root 15 0 684 252 216 S 0.0 0.0 0:00.48 init
2 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
3 root 34 19 0 0 0 R 0.0 0.0 0:00.00 ksoftirqd/0
4 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 events/0
5 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 khelper
6 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 kthread
8 root 10 -5 0 0 0 S 0.0 0.0 0:00.09 kblockd/0
9 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 kseriod
65 root 20 0 0 0 0 S 0.0 0.0 0:00.00 pdflush
66 root 15 0 0 0 0 S 0.0 0.0 0:00.10 pdflush
67 root 15 0 0 0 0 S 0.0 0.0 0:00.22 kswapd0
68 root 20 -5 0 0 0 S 0.0 0.0 0:00.00 aio/0
370 laufende Prozesse??? wo bitte laufen die alle?
das eigenartige ist, das per netstat -n -t alle IP-Adressen absolut verschieden sind, es kann doch nicht sein, daß so viele user plötzlich auf meinem server zu greifen?
Dieser Server ist bei Server4you, SuSe 9.3 mit Confixx, 2 GB Ram, Opteron
ich hab den apachen erstmal gestoppt. Irgendwelche Ideen?
Re: 300+ laufende Prozesse! Hackangriff?
Posted: 2006-10-02 16:59
by mattiass
stamos wrote:
370 laufende Prozesse??? wo bitte laufen die alle?
PS: Admin: könnten wir eine Rubrik "Hilfe, ich wurde gehackt?" einrichten. Scheint grad wieder arg zu sein mit unsicheren CMSen und Boards...
Re: 300+ laufende Prozesse! Hackangriff?
Posted: 2006-10-02 17:26
by stamos
alles Apachen fast, das kann doch nicht sein?!
Code: Select all
wwwrun 28233 0.1 0.4 32756 8604 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28234 0.8 0.4 33148 9068 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28235 0.5 0.4 33148 9072 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28241 0.5 0.4 33180 9152 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28246 0.6 0.4 33164 9096 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28247 0.8 0.4 33168 9120 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28251 0.5 0.4 33112 9060 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28252 0.2 0.4 33100 9004 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28253 0.5 0.4 33168 9060 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28254 0.6 0.4 33112 9016 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28264 0.7 0.4 33164 9028 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28266 0.4 0.4 33140 9012 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28267 0.3 0.4 32776 8576 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28268 0.4 0.4 33148 9068 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28269 0.8 0.4 33148 9040 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28270 0.4 0.4 33148 9044 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28271 0.4 0.4 33220 9108 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28272 0.0 0.2 31956 4096 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28288 0.5 0.4 33120 8916 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28289 0.6 0.4 33112 8964 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28290 0.4 0.4 32884 8728 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28291 0.3 0.4 33148 9048 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28292 0.3 0.4 33144 9024 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28293 0.5 0.4 33156 9004 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28294 0.1 0.4 33112 8748 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28295 0.8 0.4 33088 8924 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28296 0.5 0.4 33088 8876 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28297 0.3 0.4 33140 9020 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28299 0.4 0.4 33112 9068 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28301 0.5 0.4 33164 9036 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28302 0.5 0.4 33160 9036 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28303 1.0 0.4 33900 9792 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28304 0.3 0.4 32796 8640 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28306 1.0 0.4 33108 8800 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28325 0.4 0.4 33044 8864 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28326 0.4 0.4 33132 8968 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28327 0.3 0.4 33152 9024 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28328 0.4 0.4 33088 8872 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28330 0.5 0.4 33144 9008 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28331 0.6 0.4 33148 9048 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28333 0.3 0.4 33112 8800 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28334 0.4 0.4 33140 9064 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28335 0.6 0.4 32804 8732 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28339 0.3 0.4 32768 8544 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28340 0.5 0.4 33160 9044 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28341 0.3 0.4 33132 8968 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28342 0.3 0.4 33112 8808 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28343 0.6 0.4 33176 8976 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28346 0.7 0.4 33148 9044 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28347 0.4 0.4 32804 8648 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28348 0.2 0.4 33112 8808 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28350 0.6 0.4 33164 8996 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28351 0.4 0.4 33044 8928 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28355 0.5 0.4 33160 9008 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28356 0.9 0.4 33152 9032 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28358 0.6 0.4 33140 9012 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28359 0.4 0.4 33140 9012 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28361 0.4 0.4 33112 9024 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28375 0.7 0.4 33124 8952 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28378 0.8 0.4 33116 8940 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28380 0.5 0.4 33088 8896 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28381 0.7 0.4 33112 8948 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28382 0.6 0.4 33228 9056 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28383 0.4 0.4 33100 8980 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28385 0.8 0.4 33148 9040 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28387 0.7 0.4 33100 8960 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28406 0.0 0.2 31956 4096 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28407 0.2 0.4 32776 8572 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28408 0.5 0.4 32804 8660 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28409 0.8 0.4 32700 8620 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28410 0.3 0.4 33132 8968 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28411 0.4 0.4 33120 8908 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28412 0.3 0.4 33112 8764 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28415 1.0 0.4 33168 9036 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28417 0.4 0.4 33160 9000 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28418 0.6 0.4 33156 9012 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28419 0.2 0.4 33112 8808 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28420 0.4 0.4 33160 9000 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28422 0.3 0.4 33132 8896 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28423 0.3 0.4 33112 8808 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28424 0.5 0.4 33112 8936 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28425 0.4 0.4 33088 8896 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28426 0.5 0.4 33112 8940 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28429 0.7 0.4 33140 8992 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28430 0.6 0.4 33132 8916 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28431 0.8 0.4 33220 9056 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28432 0.2 0.4 33112 8796 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28433 0.2 0.4 33016 8852 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28436 0.6 0.4 33084 8876 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28437 0.5 0.4 33112 8936 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28438 1.3 0.4 33112 8956 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28439 0.3 0.4 33112 8796 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28440 0.3 0.4 33112 8784 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28441 0.7 0.4 33088 8864 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28442 0.7 0.4 33120 8920 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28443 0.2 0.4 33100 8708 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28444 0.3 0.4 33112 8784 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28445 0.6 0.4 33132 8944 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28485 0.4 0.4 33112 8668 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28486 0.5 0.4 33140 9028 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28488 0.2 0.4 33112 8788 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28489 0.2 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28490 0.8 0.4 33088 8944 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28492 0.4 0.4 33112 8748 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28493 0.8 0.4 33044 8940 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28494 0.2 0.4 32608 8368 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28495 0.2 0.4 33112 8804 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28496 0.7 0.4 33088 8924 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28499 0.2 0.4 33112 8808 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28500 0.2 0.4 33112 8812 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28501 0.4 0.4 32608 8368 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28502 0.8 0.4 33220 9116 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28503 0.5 0.4 33108 8976 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28505 0.4 0.4 33140 9040 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28506 0.2 0.4 33100 8676 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28507 0.5 0.4 33016 8860 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28508 0.2 0.4 33112 8800 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28509 0.4 0.4 33016 8856 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28511 0.7 0.4 33112 8928 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28512 0.7 0.4 32768 8548 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28513 0.5 0.4 33112 8924 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28514 0.4 0.4 33100 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28515 0.4 0.4 33112 8772 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28518 0.4 0.4 33140 9012 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28519 0.8 0.4 33228 9080 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28520 0.2 0.4 33112 8684 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28521 0.5 0.4 33120 8948 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28522 0.8 0.4 33120 8944 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28523 0.2 0.4 32608 8368 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28524 0.2 0.4 32608 8368 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28575 0.3 0.4 33112 8676 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28576 0.3 0.4 33112 8800 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28577 0.5 0.4 33112 8740 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28578 0.6 0.4 33088 8864 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28579 0.6 0.4 33248 9012 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28580 0.6 0.4 33016 8848 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28581 0.6 0.4 33112 8784 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28582 0.3 0.4 33100 8676 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28584 0.6 0.4 33108 8968 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28585 0.5 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28586 0.3 0.4 33100 8668 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28587 0.5 0.4 32608 8372 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28588 0.6 0.4 33016 8856 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28591 0.8 0.4 33088 8880 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28592 0.5 0.4 33112 8940 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28594 0.3 0.4 32796 8624 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28597 0.5 0.4 33112 8772 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28598 0.5 0.4 33112 8740 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28599 0.3 0.4 33112 8768 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28600 0.5 0.4 33112 8568 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28601 0.3 0.4 33112 8684 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28602 0.3 0.4 33100 8664 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28603 0.5 0.4 33112 8772 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28605 0.6 0.4 33044 8856 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28607 0.6 0.4 32744 8480 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28608 0.6 0.4 33016 8852 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28609 0.5 0.4 33112 8676 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28610 0.3 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28613 0.6 0.4 33016 8852 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28614 0.6 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28615 0.8 0.4 32744 8480 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28616 0.4 0.4 32864 8260 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28653 0.7 0.4 33112 8668 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28654 0.5 0.4 33112 8668 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28655 0.7 0.4 33016 8856 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28656 0.5 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28657 0.5 0.4 33112 8676 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28658 0.2 0.4 33112 8668 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28662 1.0 0.4 33112 8680 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28663 0.7 0.4 33112 8684 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28664 0.7 0.4 33112 8676 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28665 0.5 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28668 1.0 0.4 33016 8852 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28670 0.5 0.4 32796 8652 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28671 0.7 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28672 0.7 0.4 33104 8664 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28673 1.2 0.4 32744 8488 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28676 0.7 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28685 1.0 0.4 32692 8408 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28686 0.7 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28687 1.0 0.4 33016 8860 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28688 1.2 0.4 33088 8872 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28689 0.7 0.4 33112 8668 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28691 0.5 0.4 33112 8668 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28692 0.7 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28693 0.5 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28694 0.7 0.4 33112 8572 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28695 1.0 0.4 33016 8868 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28698 0.7 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28699 0.5 0.4 33108 8680 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28700 0.5 0.4 33112 8576 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28701 0.5 0.4 33112 8480 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28705 1.0 0.4 33016 8856 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28707 0.7 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28758 0.0 0.2 31956 4096 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28759 0.6 0.4 33112 8480 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28762 2.5 0.4 33016 8860 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28763 1.0 0.4 33112 8684 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28765 1.5 0.4 33112 8676 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28766 1.5 0.4 33112 8572 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28767 1.5 0.4 33112 8584 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28768 1.5 0.4 33112 8572 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28769 1.5 0.4 33112 8676 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28771 1.0 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28772 1.5 0.4 33112 8576 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28773 1.0 0.4 33112 8572 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28774 1.0 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28774 1.0 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28773 1.0 0.4 33112 8572 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28774 1.0 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28776 1.5 0.4 33112 8676 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28784 1.0 0.4 33112 8676 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28785 1.0 0.4 33112 8668 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28787 1.0 0.4 32864 8264 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28791 0.0 0.2 31956 4096 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28792 1.5 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28796 1.0 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28798 0.0 0.2 31956 4096 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28802 1.5 0.4 33112 8584 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28804 0.0 0.3 32444 6552 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28805 0.0 0.3 32332 6348 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28829 4.0 0.4 33072 8876 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28831 1.0 0.3 32864 8120 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28834 1.0 0.3 32660 6812 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28835 0.0 0.3 32308 6540 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28836 1.0 0.3 32984 7736 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28838 3.0 0.4 33112 8576 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28845 2.0 0.3 32864 8124 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28847 0.0 0.3 32656 6804 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
root 28884 0.0 0.0 2728 828 pts/1 R+ 17:23 0:00 ps waux
root 28885 0.0 0.0 2128 852 pts/1 S+ 17:23 0:00 less
wwwrun 28902 0.0 0.4 33112 8672 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28903 0.0 0.4 33080 8856 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28904 0.0 0.4 33100 8564 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28905 0.0 0.3 32980 7084 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28906 0.0 0.3 32904 6928 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28907 0.0 0.2 31956 4096 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28908 0.0 0.4 33112 8576 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28912 0.0 0.4 33112 8484 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28914 0.0 0.3 32972 7724 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28915 0.0 0.2 31956 4096 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28916 0.0 0.3 32828 6776 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28917 0.0 0.4 33112 8568 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
root 28921 0.0 0.0 2512 948 ? S 17:23 0:00 proftpd: (accepting connections)
wwwrun 28924 0.0 0.4 33112 8572 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28926 0.0 0.4 33112 8576 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28928 0.0 0.3 32584 6672 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28931 0.0 0.3 32088 6256 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28932 0.0 0.3 32332 6344 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28939 0.0 0.4 33112 8484 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28941 0.0 0.4 32972 8324 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28943 0.0 0.3 32436 6688 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28944 0.0 0.2 31956 4096 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
root 28945 0.0 0.1 31956 3700 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28947 0.0 0.4 33112 8676 ? S 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28949 0.0 0.3 32984 7736 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28952 0.0 0.3 32680 6816 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 28953 0.0 0.3 32432 6652 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
root 28954 0.0 0.1 31956 3404 ? R 17:23 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
Re: 300+ laufende Prozesse! Hackangriff?
Posted: 2006-10-02 17:31
by mattiass
stamos wrote:
alles Apachen fast, das kann doch nicht sein?!
Doch. Kann. Wenn der Apache schlecht konfiguriert wurde, bspw. zu hohe MaxSpareServers...
http://httpd.apache.org/docs/2.0/mod/prefork.html
Poste mal Deine Config.
Re: 300+ laufende Prozesse! Hackangriff?
Posted: 2006-10-02 17:37
by stamos
die sache ist doch aber die, das der Server seit ca. 10 monaten problemlos läuft, und nun plötzlich dies.
Hier ist meine server-tuning.conf:
Code: Select all
##
## Server-Pool Size Regulation (MPM specific)
##
# the MPM (multiprocessing module) is not a dynamically loadable module in the
# sense of other modules. It is a compile time decision which one is used. We
# provide different apache2 MPM packages, containing different httpd2 binaries
# compiled with the available MPMs. See APACHE_MPM in /etc/sysconfig/apache2.
# prefork MPM
<IfModule prefork.c>
# number of server processes to start
StartServers 5
# minimum number of server processes which are kept spare
MinSpareServers 5
# maximum number of server processes which are kept spare
MaxSpareServers 10
# highest possible MaxClients setting for the lifetime of the Apache process.
ServerLimit 500
# maximum number of server processes allowed to start
MaxClients 500
# maximum number of requests a server process serves
MaxRequestsPerChild 0
</IfModule>
# worker MPM
<IfModule worker.c>
# initial number of server processes to start
StartServers 2
# minimum number of worker threads which are kept spare
MinSpareThreads 25
# maximum number of worker threads which are kept spare
MaxSpareThreads 75
# maximum number of simultaneous client connections
MaxClients 150
# constant number of worker threads in each server process
ThreadsPerChild 25
# maximum number of requests a server process serves
MaxRequestsPerChild 0
</IfModule>
# leader MPM
<IfModule leader.c>
# initial number of server processes to start
StartServers 2
# minimum number of worker threads which are kept spare
MinSpareThreads 25
# maximum number of worker threads which are kept spare
MaxSpareThreads 75
# maximum number of simultaneous client connections
MaxClients 150
# constant number of worker threads in each server process
ThreadsPerChild 25
# maximum number of requests a server process serves
MaxRequestsPerChild 0
</IfModule>
# perchild MPM
<IfModule perchild.c>
# constant number of server processes
NumServers 5
# initial number of worker threads in each server process
StartThreads 5
# minimum number of worker threads which are kept spare
MinSpareThreads 5
# maximum number of worker threads which are kept spare
MaxSpareThreads 10
# maximum number of worker threads in each server process
MaxThreadsPerChild 20
# maximum number of connections per server process
MaxRequestsPerChild 0
AcceptMutex fcntl
</IfModule>
# metux MPM
<IfModule metuxmpm.c>
# initial number of worker threads in each server process
StartThreads 5
# minimum number of worker threads which are kept spare
MinSpareThreads 5
# maximum number of worker threads which are kept spare
MaxSpareThreads 10
# maximum number of connections per server process
MaxRequestsPerChild 0
Multiplexer "wwwrun" "www"
</IfModule>
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive Off
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 400
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 4
#
# EnableMMAP: Control whether memory-mapping is used to deliver
# files (assuming that the underlying OS supports it).
# The default is on; turn this off if you serve from NFS-mounted
# filesystems. On some systems, turning it off (regardless of
# filesystem) can improve performance; for details, please see
# http://httpd.apache.org/docs-2.0/mod/core.html#enablemmap
#
#EnableMMAP off
#
# EnableSendfile: Control whether the sendfile kernel support is
# used to deliver files (assuming that the OS supports it).
# The default is on; turn this off if you serve from NFS-mounted
# filesystems. Please see
# http://httpd.apache.org/docs-2.0/mod/core.html#enablesendfile
#
#EnableSendfile off
#
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4.0" force-response-1.0
BrowserMatch "Java/1.0" force-response-1.0
BrowserMatch "JDK/1.0" force-response-1.0
#
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
Re: 300+ laufende Prozesse! Hackangriff?
Posted: 2006-10-02 17:39
by wgot
Hallo,
MattiasS wrote:PS: Admin: könnten wir eine Rubrik "Hilfe, ich wurde gehackt?" einrichten. Scheint grad wieder arg zu sein mit unsicheren CMSen und Boards...
bin ich auch dafür, dann können wir in dieser Rubrik wieder über Security diskutieren statt über Unsecurity. *SCNR*
Gruß, Wolfgang
Re: 300+ laufende Prozesse! Hackangriff?
Posted: 2006-10-02 17:49
by Roger Wilco
stamos wrote:die sache ist doch aber die, das der Server seit ca. 10 monaten problemlos läuft, und nun plötzlich dies.
Vielleicht kamen in der Zeit einfach nicht so viele Requests?
stamos wrote:Code: Select all
# prefork MPM
<IfModule prefork.c>
# number of server processes to start
StartServers 5
# minimum number of server processes which are kept spare
MinSpareServers 5
# maximum number of server processes which are kept spare
MaxSpareServers 10
# highest possible MaxClients setting for the lifetime of the Apache process.
ServerLimit 500
# maximum number of server processes allowed to start
MaxClients 500
# maximum number of requests a server process serves
MaxRequestsPerChild 0
</IfModule>
Lies folgende Seiten der Apache Dokumentation:
http://httpd.apache.org/docs/2.0/mod/mpm_common.html
http://httpd.apache.org/docs/2.0/mod/prefork.html
Re: 300+ laufende Prozesse! Hackangriff?
Posted: 2006-10-02 18:13
by stamos
Roger Wilco wrote:
Vielleicht kamen in der Zeit einfach nicht so viele Requests?
doch, sehr viele sogar.
die themen kenne ich gut, wenn ich die einstellung des apachen verändere kommt das aufs gleiche raus. gebe ich ihm server-limit 2000 dann habe ich 2000 tasks im top zu laufen. eigentlich kann ich einstellen was ich will, der server wird mit anfragen überschüttet.
aber lasst mal, wenn ich Antworten wie von wgot lese dann vergeht mir die lust am diskutieren irgendwie, schade...
Re: 300+ laufende Prozesse! Hackangriff?
Posted: 2006-10-02 18:27
by mattiass
stamos wrote:Roger Wilco wrote:
Vielleicht kamen in der Zeit einfach nicht so viele Requests?
die themen kenne ich gut, wenn ich die einstellung des apachen verändere kommt das aufs gleiche raus. gebe ich ihm server-limit 2000 dann habe ich 2000 tasks im top zu laufen. eigentlich kann ich einstellen was ich will, der server wird mit anfragen überschüttet.
aber lasst mal, wenn ich Antworten wie von wgot lese dann vergeht mir die lust am diskutieren irgendwie, schade...
Wie wäre es mit einer simplen Rechenaufgabe? 500 Indianer zu je 35MB macht 17,5GB Speicherbedarf. Wieviel hast Du? Wahrscheinlich 2GB RAM und 4GB Swap?
Also setzt das Limit in den Bereich von 100 bis 200 (je nachdem, wieviel virt. Speicger Du der DB geben musst, damit sie sauber arbeitet. Und die MaxRequests nicht auf 0 (unendlich), sondern je nachdem, wie gut die Scripte sind, die laufen zwischen 1.000 und 10.000. Ältere Apache werden so auch mal beendet und die aktiven haben dann zu Zeiten kleinerer Last mehr Luft.
Re: 300+ laufende Prozesse! Hackangriff?
Posted: 2006-10-02 19:00
by elias5000
Ist denn eigentlich schon die Erkenntnis gesichert, dass die Apache-Prozesse auch nur das tun, was sie tun sollen?
Die Menge und der plötzliche Anstieg sehen verdächtig nach den Bots aus, von denen in letzter Zeit häufiger berichtet wurde.
Re: 300+ laufende Prozesse! Hackangriff?
Posted: 2006-10-02 19:45
by stamos
@MattiasS: wenn ich die Werte herabsetze schmiert er noch schneller ab (Serverlimit reached, consider raising the bla bla...)
@elias5000: welche bots?! :?:
Re: 300+ laufende Prozesse! Hackangriff?
Posted: 2006-10-02 19:59
by daemotron
Hmm, wenn Dein Indianer so mächtig unter Dampf steht, müsste er ja auch ne Menge Seiten ausliefern. Was erzählt denn das access_log? Sind das alles saubere Requests auf tatsächlich existierende Seiten, oder steht da bloß Bullshit drin? Wenn letzteres der Fall ist, kannst Du *eventuell* mit mod_security und mod_evasive gegen die Pest vorgehen (ist heutzutage leider völlig normal - bei gut konfigurierten Servern eher ungefährlich, aber eben lästig und ressourcenfressend).