Re: Problema [Idomu @ 2010-10-15 11:44:23]

Tema: Re: Problema
Autorius: Idomu
Data: 2010-10-15 11:44:23
Tai va, kad RAM tik dideja dideja, kol uzsipildo visas, tai ir sustoja 
viskas, tai reikia perkrauti... sshd: nukilinau visus procesus, dabar vel 
jie po truputi dideja, ramo resursus didina, kai jis uzsipildo, tai ir 
sustoja... na reikia patikrinti httpd kaip tu ir sakai...

"Bilibobas" <kakbubu@tralia.lt> wrote in message 
news:i993hv$68g$1@trimpas.omnitel.net...
> uzklausos gali eiti, firewallo darbas filtruoti jas. Bet uzklausos neturi 
> uzlenkti sistemos. Pas mane sshd veikia, uzklausu VISADA buna bet jos 
> gyventi netrugdo. Tas pats is su ftpd- pabando prisiloginti ir poto 
> nustoja. Serveris del to nesijaudina.
> Vienintelis blogas variantas kai tu uzklausu buna tikrai daug, kai tave 
> floodina ir atakuoja (DOSina). Cia tada gelbejo ir kokios nors kitokios 
> priemones ir vamzdio storis.
>
> Tu geriau tikrink, ar i tavo httpd failus neipurske kokio pasalinio kodo. 
> O jei www ten valdomas keliu zmoniu, tai ar kuris nors vartotojas 
> neisitaise kokiu nors virusu.
>
> Bye, Levas
>
> "Idomu" <idomus@omnitel.lt> wrote in message 
> news:i99381$5pd$1@trimpas.omnitel.net...
>> tai rodo begale bandymu jungtis prie ssh, bet kad as pakeiciau ssh porta 
>> ir
>> visai servisa sustabdziau, bet va vistiek tos uzklausos eina... nezinau, 
>> kur
>> ieskoti, galite pasiulyti dar ka? p.s. /tmp tai nieko neradau....
>>
>> "Bilibobas" <kakbubu@tralia.lt> wrote in message
>> news:i992ib$4k4$1@trimpas.omnitel.net...
>>> nu tai log failas apie problemas. Paziurek kas viduje. O poto galima ir
>>> istrinti.
>>>
>>> Ieskok blogesniu reikalu.
>>>
>>> "Idomu" <idomus@omnitel.lt> wrote in message
>>> news:i991q3$35k$1@trimpas.omnitel.net...
>>>> va ka radau /log/var secure 209MB dydzio!!!!! ka daryti?
>>>>
>>>> "arulis" <aruliss@gmail.com> wrote in message
>>>> news:i991gv$2k9$1@trimpas.omnitel.net...
>>>>> tikrink visus /tmp - jau ka idomaus rasi :)
>>>>>
>>>>>
>>>>> Idomu wrote:
>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:41602         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    21698/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:40964         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    13812/sshd:
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:41045         www.irrp.org.ua:ircd
>>>>>> ESTABLISHED 30397/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:42836         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    20227/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:43002         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    19599/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:43417         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    4043/sshd:
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:http
>>>>>> 189.115.38.86.ip.erdve:3660
>>>>>> TIME_WAIT   -
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:45617         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    20028/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:47005         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    9362/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:46140         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    28397/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:47833         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    21565/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:47819         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    23774/sshd:
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:http
>>>>>> 189.115.38.86.ip.erdve:3674
>>>>>> TIME_WAIT   -
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:47270         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    13625/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:47324         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    29728/sshd:
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:http
>>>>>> 189.115.38.86.ip.erdve:3676
>>>>>> TIME_WAIT   -
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:http
>>>>>> 189.115.38.86.ip.erdve:3678
>>>>>> TIME_WAIT   -
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:http
>>>>>> 189.115.38.86.ip.erdve:3680
>>>>>> TIME_WAIT   -
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:33525         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    22203/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:32940         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    5330/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:32978         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    18157/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:33198         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    13399/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:35508         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    3577/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:35587         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    30051/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:35605         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    22380/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:35785         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    31830/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:34859         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    32212/sshd:
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:35024         www.irrp.org.ua:ircd
>>>>>> ESTABLISHED 32526/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:36842         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    22484/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:35962         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    23776/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:36027         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    32349/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:36177         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    3373/sshd:
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:37539         www.irrp.org.ua:ircd
>>>>>> ESTABLISHED 31821/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:37784         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    11581/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:37247         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    25830/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:38662         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    16184/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:38802         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    9790/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:38353         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    26291/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:39881         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    6136/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:39419         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    5884/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:40473         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    29850/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:40569         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    23989/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:40567         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    3972/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:40202         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    15837/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:59192         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    7838/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:59389         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    1913/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:59829         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    13610/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:60745         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    20008/sshd:
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:http
>>>>>> 189.115.38.86.ip.erdve:3607
>>>>>> TIME_WAIT   -
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:http
>>>>>> 189.115.38.86.ip.erdve:3611
>>>>>> TIME_WAIT   -
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:49760         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    32493/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:49675         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    1801/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:49828         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    11630/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:49362         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    18315/sshd:
>>>>>>
>>>>>> tcp        0      0 www.xxx.xxx:http
>>>>>> 189.115.38.86.ip.erdve:3618
>>>>>> TIME_WAIT   -
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:49409         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    26615/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:49421         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    31988/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:50995         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    26518/sshd:
>>>>>>
>>>>>> tcp        0      1 www.xxx.xxx:51000         www.irrp.org.ua:ircd
>>>>>> SYN_SENT    24558/sshd:
>>>>>>
>>>>>>
>>>>>>
>>>>>> va matau koki bruda, tai bando jungtis is www.irrp.org.ua:ircd sshu i
>>>>>> mano
>>>>>> www.xxx.xxx skirtingu portu.... Kaip praspresti sita reikala... 
>>>>>> sakysit
>>>>>> firewall apsirastyti, centos nerases, tik turiu debiabn firewall
>>>>>> prabandyta, kaip ispresti sita reikala?
>>>>>>
>>>>>>
>>>>>> "bertas" <bertas@freemail.lt> wrote in message
>>>>>> news:i98vm1$v26$1@trimpas.omnitel.net...
>>>>>>> Man panaiai bna, bet irgi nerandu prieasties.
>>>>>>> Tik pas mane, kiek suprantu apache visk suvalgo.
>>>>>>> Tiesa iek tiek situacija pasitais, kai ijungiau clamav.
>>>>>>> Bet iaip randomu kart  par, ar  savait randu serv
>>>>>>> (virtual) pakibus - visas RAM sunaudotas, procesorius dirba 100%.
>>>>>>> Nerandu problemos sprendimo. Tame servery pagrinde veikia apache, 
>>>>>>> kiti
>>>>>>> servisai kituose virtualiuose servuose. Jei kas susidr su tuo bt
>>>>>>> gerai, kad duotumt mini. Blogiausia, kad negaliu prognozuoti kada
>>>>>>> tai atsitiks...
>>>>>>> 2010.10.15 09:44, arulis ra:
>>>>>>>> netstat -atp
>>>>>>>
>>>>>
>>>>
>>>>
>>
>>