Date: Thu, 5 Mar 2009 08:29:11 +0100 From: Zbigniew Szalbot <zszalbot@gmail.com> To: User Questions <freebsd-questions@freebsd.org> Subject: Re: tool to determine server stability issues Message-ID: <94136a2c0903042329o16bf07f4y8b31fa6550dd4f68@mail.gmail.com> In-Reply-To: <18862.30476.351969.153598@jerusalem.litteratus.org> References: <94136a2c0903040153l7844c353k81769342c424f62@mail.gmail.com> <94136a2c0903040322s75077f3ajd83bc9bf22c3f1dd@mail.gmail.com> <18862.30476.351969.153598@jerusalem.litteratus.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, On Wed, Mar 4, 2009 at 13:41, Robert Huff wrote: > =A0 =A0 =A0 =A0On my system: > > huff@> whereis httpd > httpd: /usr/local/sbin/httpd /usr/local/man/man8/httpd.8.gz > > =A0 =A0 =A0 =A0Someone's looking in the wrong place. =A0(Unless you've tw= iddled > /all/ the settings.) Thank you Robert and some information for the rest. It turns out these two prcoesses looking for /usr/sbin/httpd were zombies so to say (and they were the cause of my problems). Someone used a php script vulnarability and placed a script in /tmp. Apart from looking for security holes in php scripts, I am going to monitor /tmp. I am embarrased to say I haven't done that so far. I am writing it to warn people like myself. All the best, --=20 Zbigniew Szalbot www.slowo.pl www.fairtrade.net.pl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?94136a2c0903042329o16bf07f4y8b31fa6550dd4f68>