From owner-freebsd-questions@FreeBSD.ORG Thu Mar 5 07:29:12 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B736F106566C for ; Thu, 5 Mar 2009 07:29:12 +0000 (UTC) (envelope-from zszalbot@gmail.com) Received: from mail-fx0-f158.google.com (mail-fx0-f158.google.com [209.85.220.158]) by mx1.freebsd.org (Postfix) with ESMTP id 49D198FC19 for ; Thu, 5 Mar 2009 07:29:12 +0000 (UTC) (envelope-from zszalbot@gmail.com) Received: by fxm2 with SMTP id 2so3124572fxm.43 for ; Wed, 04 Mar 2009 23:29:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=p26VA8YsH8i3nOGBMg6dLBGSHvE82i9XtmFNvBFHTNc=; b=Me2QQctcXUqN2UkboO1pPBA0R+23W88HVr8nzDsD+Kubpm13yZ/2hcBq75qrp+kypy V48XwlE+CdFKkEGqt68IkFCDVobJLB/T8vvGWX2iKAuRbQuJNL2yoS1Q3cLe0VrENA4T Ato1EMwWbAyXl3YZbbUuGa3L1MUUVPkhVEgXY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=XDQbdxmLZ74KD1fc6BYKV+K38itC22fM4wejEw7OgjGsyPkHmS9i92cyTjGFd5o5M3 B1Qjo0mVXEAt0ZuFmhWUzxSRrHWqUsZqAb+e2R20409Zy72mNnNUn+8fMjNofvF9QBWr YL8SFGlotHLGJeoPbHGQshD6skmv+b3l797Gw= MIME-Version: 1.0 Received: by 10.86.98.18 with SMTP id v18mr709988fgb.46.1236238151345; Wed, 04 Mar 2009 23:29:11 -0800 (PST) In-Reply-To: <18862.30476.351969.153598@jerusalem.litteratus.org> References: <94136a2c0903040153l7844c353k81769342c424f62@mail.gmail.com> <94136a2c0903040322s75077f3ajd83bc9bf22c3f1dd@mail.gmail.com> <18862.30476.351969.153598@jerusalem.litteratus.org> Date: Thu, 5 Mar 2009 08:29:11 +0100 Message-ID: <94136a2c0903042329o16bf07f4y8b31fa6550dd4f68@mail.gmail.com> From: Zbigniew Szalbot To: User Questions Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: tool to determine server stability issues X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Mar 2009 07:29:13 -0000 Hello, On Wed, Mar 4, 2009 at 13:41, Robert Huff wrote: > =A0 =A0 =A0 =A0On my system: > > huff@> whereis httpd > httpd: /usr/local/sbin/httpd /usr/local/man/man8/httpd.8.gz > > =A0 =A0 =A0 =A0Someone's looking in the wrong place. =A0(Unless you've tw= iddled > /all/ the settings.) Thank you Robert and some information for the rest. It turns out these two prcoesses looking for /usr/sbin/httpd were zombies so to say (and they were the cause of my problems). Someone used a php script vulnarability and placed a script in /tmp. Apart from looking for security holes in php scripts, I am going to monitor /tmp. I am embarrased to say I haven't done that so far. I am writing it to warn people like myself. All the best, --=20 Zbigniew Szalbot www.slowo.pl www.fairtrade.net.pl