Find the answer to your Linux question:
Results 1 to 4 of 4
Hi, My Fedora core 6 install is a web zombie, it visit random sites attempting to access user accounts, post on forums etc. I am not able to find out ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2007
    Posts
    2

    My linux is a website zombie


    Hi,

    My Fedora core 6 install is a web zombie, it visit random sites attempting to access user accounts, post on forums etc. I am not able to find out what is doing this. httpd has all 150 threads opened when i run Top.

    If i turn off access at the router denying WAN access to the machine on port 80, the machine quickly slows down the accessing of websites till nothing, but as soon as i give the machine access to the external network, the relentless posting begins eating up bandwidth and CPU.

    I tried turning off PHP to see if that is the problem but it still keeps accessing the sites.

    Where should i look and what should i do?

    K

  2. #2
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    Well, check what is running that shouldnt be there.
    Run a scan with tcpdump and check what Traffic is there that shouldnt be there.
    And also run rk-hunter or another Rootkit finder.

    Hope that helps
    New Users, please read this..
    Google first, then ask..

  3. #3
    Linux Guru fingal's Avatar
    Join Date
    Jul 2003
    Location
    Birmingham - UK
    Posts
    1,539
    Another approach might be to use the lsof command to list open files and open ports on your system. The file names of the rogue software are likely to be disguised as legitimate system files, but this could give you some clues.

    Edit: This would be useful in addition to using Rootkit Hunter. More information about lsof can be found here. The lsof manual is a little hard to understand IMO.
    I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Oct 2007
    Posts
    2
    we found the problem-- apache was not properly configured and was accepting proxy requests from everywhere, we fixed that-- and that seemed to have solved the problem-- the requests still keep coming.. but not killing our bandwidth

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •