Estou recebendo constantemente ataques em meus IP's dos DNS's, com isso os mesmos param de pinngar e perdem o rotiamento e os sites ficam off.
O que fazer nesse caso?
Ataque Dns's
Started By bsantos, 14/12/2005, 14:53
14 replies to this topic
#2
Rafael.Sarti
-
- Usuários
-
- 110 posts
Normal
- Sexo:Não informado
- Localidade:Sorocaba-SP
Posted 14/12/2005, 15:31
Cara, exatamente o que você deve fazer é verificar se isso esta realmente acontecendo, se tiver você vai ter que usar um sistema de segurança mais eficiente, posso estar te auxiliando eu trabalho com hospedagem a mais de 4 anos, entra em contato comigo esse é meu messenger e email: rafael@fulltop.com.br
#3
Hospedar-se .Com
-
- Usuários
-
- 1500 posts
Super Veterano
- Sexo:Masculino
- Localidade:São Paulo - SP
Posted 14/12/2005, 22:02
entra em contato com seu datacenter e pede o bloqueio do ip na rede
Hospedar-se .Com - Monitor Webfórum - Equipe de Gerenciamento de Servidores
Hospedagem de Sites // Revenda de Hospedagem // Streaming & Web Rádio // Domínios // Vps
Hospedagem Ilimitada -> R$ 15,00 ao Mês + 30 Dias Grátis
Outros Sites: Jogos Loucos em Flash | Divulgue seu site Gratis | Web Masters Dicas & Tutoriais
Hospedagem de Sites // Revenda de Hospedagem // Streaming & Web Rádio // Domínios // Vps
Hospedagem Ilimitada -> R$ 15,00 ao Mês + 30 Dias Grátis
Outros Sites: Jogos Loucos em Flash | Divulgue seu site Gratis | Web Masters Dicas & Tutoriais
#4
bsantos
-
- Usuários
-
- 60 posts
Normal
- Sexo:Não informado
Posted 14/12/2005, 23:48
São muitos IP's, não sei como o cara tá fazendo isso, mas ele ataca com centenas de Ips difernetes. Eu bloquio ele no firewal, mas aparecem outras dezenas...
Suspeito de ser dentro do server, algum script rodando em alguma cotnta, mas como descobri isso?!
Suspeito de ser dentro do server, algum script rodando em alguma cotnta, mas como descobri isso?!
Edição feita por: bsantos, 14/12/2005, 23:49.
#5
Hospedar-se .Com
-
- Usuários
-
- 1500 posts
Super Veterano
- Sexo:Masculino
- Localidade:São Paulo - SP
Posted 15/12/2005, 10:42
ps aux
e olhe também nas tarefas cron para ver se tem algo de suspeito, a maioria dos scripts quando rodam, geralmente ficam por bastante tempo usando de 1 a 10% do cpu, as vezes pode estar como processo camuflado.
Pra saber mesmo, só dando um "ps aux" no ssh e ver tudo o que está sendo executado, tenta dar um reboot tbm pra ver se ele para por um tempo e depois volta ...
e olhe também nas tarefas cron para ver se tem algo de suspeito, a maioria dos scripts quando rodam, geralmente ficam por bastante tempo usando de 1 a 10% do cpu, as vezes pode estar como processo camuflado.
Pra saber mesmo, só dando um "ps aux" no ssh e ver tudo o que está sendo executado, tenta dar um reboot tbm pra ver se ele para por um tempo e depois volta ...
Hospedar-se .Com - Monitor Webfórum - Equipe de Gerenciamento de Servidores
Hospedagem de Sites // Revenda de Hospedagem // Streaming & Web Rádio // Domínios // Vps
Hospedagem Ilimitada -> R$ 15,00 ao Mês + 30 Dias Grátis
Outros Sites: Jogos Loucos em Flash | Divulgue seu site Gratis | Web Masters Dicas & Tutoriais
Hospedagem de Sites // Revenda de Hospedagem // Streaming & Web Rádio // Domínios // Vps
Hospedagem Ilimitada -> R$ 15,00 ao Mês + 30 Dias Grátis
Outros Sites: Jogos Loucos em Flash | Divulgue seu site Gratis | Web Masters Dicas & Tutoriais
#6
bsantos
-
- Usuários
-
- 60 posts
Normal
- Sexo:Não informado
Posted 15/12/2005, 15:57
ps aux:
root@srv-rh4 [~]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 1536 484 ? S 01:12 0:06 init
root 2 0.0 0.0 0 0 ? SW 01:12 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SW 01:12 0:00 [migration/1]
root 4 0.0 0.0 0 0 ? SW 01:12 0:00 [migration/2]
root 5 0.0 0.0 0 0 ? SW 01:12 0:00 [migration/3]
root 6 0.0 0.0 0 0 ? SW 01:12 0:00 [keventd]
root 7 0.0 0.0 0 0 ? SWN 01:12 0:00 [ksoftirqd/0]
root 8 0.0 0.0 0 0 ? SWN 01:12 0:00 [ksoftirqd/1]
root 9 0.0 0.0 0 0 ? SWN 01:12 0:00 [ksoftirqd/2]
root 10 0.0 0.0 0 0 ? SWN 01:12 0:00 [ksoftirqd/3]
root 13 0.0 0.0 0 0 ? SW 01:12 0:00 [bdflush]
root 11 0.0 0.0 0 0 ? SW 01:12 0:08 [kswapd]
root 12 0.0 0.0 0 0 ? SW 01:12 0:12 [kscand]
root 14 0.0 0.0 0 0 ? SW 01:12 0:06 [kupdated]
root 15 0.0 0.0 0 0 ? SW 01:12 0:00 [mdrecoveryd]
root 25 0.0 0.0 0 0 ? SW 01:12 0:04 [kjournald]
root 80 0.0 0.0 0 0 ? SW 01:12 0:00 [khubd]
root 572 0.0 0.0 0 0 ? SW 01:12 0:00 [kjournald]
root 573 0.0 0.0 0 0 ? SW 01:12 0:00 [kjournald]
root 574 0.0 0.0 0 0 ? SW 01:12 0:15 [kjournald]
root 575 0.0 0.0 0 0 ? SW 01:12 0:03 [kjournald]
root 576 0.0 0.0 0 0 ? SW 01:12 0:07 [kjournald]
root 577 0.1 0.0 0 0 ? DW 01:12 1:44 [kjournald]
root 900 0.0 0.0 1516 456 ? S 01:13 0:02 irqbalance
root 2729 0.0 0.0 1620 636 ? S 01:13 0:00 crond
root 2929 0.2 0.6 15072 12416 ? SN 01:13 2:48 cpanellogd - sleeping for logs
root 2992 0.0 0.0 4640 552 ? S 01:13 0:00 rhnsd --interval 240
root 3005 0.0 0.1 7140 2576 ? S 01:13 0:00 /usr/bin/perl /usr/local/bin/ipalert_statd
root 3025 0.0 0.0 1536 464 ? S 01:13 0:00 /usr/sbin/portsentry -tcp
root 3063 0.0 0.0 1508 416 tty1 S 01:13 0:00 /sbin/mingetty tty1
root 3064 0.0 0.0 1508 416 tty2 S 01:13 0:00 /sbin/mingetty tty2
root 3065 0.0 0.0 1508 416 tty3 S 01:13 0:00 /sbin/mingetty tty3
root 3066 0.0 0.0 1508 416 tty4 S 01:13 0:00 /sbin/mingetty tty4
root 3067 0.0 0.0 1508 416 tty5 S 01:13 0:00 /sbin/mingetty tty5
root 3068 0.0 0.0 1508 412 tty6 S 01:13 0:00 /sbin/mingetty tty6
root 3069 0.0 0.0 1500 408 ttyS0 S 01:13 0:00 /sbin/mingetty ttyS0 CON9600 vt102
cpanel 4255 0.0 0.0 3684 1456 ? S 05:51 0:00 /usr/bin/stunnel-4.04local /usr/local/cpanel/etc/stunnel/defaul
root 4268 0.0 0.3 11896 6728 ? S 05:51 0:14 cpsrvd - waiting for connections
root 10925 0.2 0.0 1600 584 ? D 06:30 1:36 syslogd -m 0
root 10970 0.0 0.0 1540 456 ? S 06:30 0:00 klogd -x
cpanel 27943 0.0 0.3 11908 6876 ? S 10:11 0:00 webmaild - serving 201.14.250.58
cpanel 27944 0.1 0.4 18688 8852 ? S 10:11 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
cpanel 28042 0.0 0.3 11912 6888 ? S 10:28 0:00 webmaild - serving 201.14.250.58
cpanel 28044 0.1 0.3 16472 6644 ? S 10:28 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
cpanel 28229 0.0 0.3 11912 6888 ? S 10:29 0:00 webmaild - serving 201.14.250.58
cpanel 28230 0.1 0.3 16472 6632 ? S 10:29 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
cpanel 28305 0.0 0.3 11912 6888 ? S 10:30 0:00 webmaild - serving 201.14.250.58
cpanel 28306 0.1 0.3 16484 6644 ? S 10:30 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
cpanel 23981 0.0 0.3 11912 6884 ? S 10:42 0:00 webmaild - serving 201.14.250.58
cpanel 23982 0.1 0.4 18784 8852 ? S 10:42 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
cpanel 4552 0.0 0.3 11916 7048 ? S 13:37 0:00 webmaild - serving 201.17.166.160
cpanel 4553 0.2 0.3 16288 6612 ? S 13:37 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
cpanel 5011 0.0 0.3 11916 7048 ? S 13:38 0:00 webmaild - serving 201.17.166.160
cpanel 5013 0.2 0.3 16280 6596 ? S 13:38 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
cpanel 5145 0.0 0.3 11916 6892 ? S 13:38 0:00 webmaild - serving 201.35.227.122
cpanel 5147 0.2 0.3 16292 6612 ? S 13:38 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
cpanel 7825 0.0 0.3 11916 7052 ? S 13:38 0:00 webmaild - serving 201.17.166.160
cpanel 7826 0.2 0.3 16288 6608 ? S 13:38 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
cpanel 13791 0.0 0.3 11912 7052 ? S 13:40 0:00 webmaild - serving 201.17.166.160
cpanel 13792 0.2 0.3 16288 6608 ? S 13:40 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
root 25171 0.0 0.0 3668 1556 ? S 14:51 0:00 /usr/sbin/sshd
root 31958 0.0 0.2 5740 4332 ? S 14:55 0:00 /usr/local/cpanel/bin/backupadmin
root 1204 0.0 0.2 5496 4120 ? S 14:56 0:00 /usr/bin/perl /usr/local/cpanel/bin/ftpput /home/backup-12.15.2
cpanel 10345 0.0 0.3 11912 7052 ? S 15:00 0:00 webmaild - serving 200.157.201.203
cpanel 10346 0.4 0.3 16804 7076 ? S 15:00 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
root 25846 0.0 0.1 7044 2220 ? S 15:40 0:00 sshd: root@pts/0
root 25950 0.0 0.0 5468 1424 pts/0 S 15:41 0:00 -bash
root 13445 0.0 0.1 7044 2184 ? S 16:06 0:00 sshd: root@pts/1
root 13511 0.0 0.0 5348 1408 pts/1 S 16:06 0:00 -bash
root 20955 0.0 0.0 5332 1184 ? S 16:09 0:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --pid-fil
mysql 20990 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 20991 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 20992 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 20993 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 20994 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 20995 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 20996 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 20997 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 20998 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 20999 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21000 0.0 1.4 75608 30280 ? S 16:09 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21016 0.0 1.4 75608 30280 ? S 16:09 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21020 0.0 1.4 75608 30280 ? S 16:09 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21045 0.0 1.4 75608 30280 ? S 16:09 0:02 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21046 0.0 1.4 75608 30280 ? S 16:09 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21049 0.0 1.4 75608 30280 ? S 16:09 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21051 0.0 1.4 75608 30280 ? S 16:09 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21053 0.0 1.4 75608 30280 ? S 16:10 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21054 0.0 1.4 75608 30280 ? S 16:10 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21055 0.0 1.4 75608 30280 ? S 16:10 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 23362 0.1 1.4 75608 30280 ? S 16:10 0:03 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 24479 0.0 1.4 75608 30280 ? S 16:10 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 24934 0.0 1.4 75608 30280 ? S 16:10 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 24936 0.0 1.4 75608 30280 ? S 16:10 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
postgres 24971 0.0 0.0 10684 2028 ? S 16:10 0:00 /usr/bin/postmaster -p 5432 -D /var/lib/pgsql/data
postgres 24972 0.0 0.0 10244 1840 ? S 16:10 0:00 postgres: stats buffer process
postgres 24973 0.0 0.0 9252 1860 ? S 16:10 0:00 postgres: stats collector process
mysql 25010 0.0 1.4 75608 30280 ? S 16:10 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 25012 0.0 1.4 75608 30280 ? S 16:10 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 25014 0.0 1.4 75608 30280 ? S 16:10 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 25018 0.0 1.4 75608 30280 ? S 16:10 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 754 0.0 1.4 75608 30280 ? S 16:13 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 755 0.0 1.4 75608 30280 ? S 16:13 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mailnull 13707 0.0 0.2 8440 4212 ? S 16:18 0:00 /usr/bin/perl /usr/local/cpanel/bin/eximstats
spot 28114 0.0 0.0 2724 1276 ? S 16:25 0:00 imapd
root 3071 0.0 0.0 2148 840 ? S 16:28 0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
root 3879 0.3 0.4 10112 8624 ? S 16:29 0:04 cppop - accepting on port 110
root 10584 0.0 0.0 6928 1812 ? S 16:37 0:00 pure-ftpd (SERVER)
root 10600 0.0 0.0 6680 968 ? S 16:37 0:00 /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/sbin/pureaut
root 12320 0.0 0.3 12332 7936 ? S 16:39 0:00 chkservd
evetech 26889 0.0 0.0 6952 1984 ? S 16:42 0:00 pure-ftpd (IDLE)
named 29635 0.1 0.3 72024 7252 ? S 16:44 0:01 named-wrapper -u named
root 5199 0.0 0.0 1620 640 ? S 16:45 0:00 CROND
root 5200 0.0 0.0 2116 876 ? S 16:45 0:00 /bin/sh -c /etc/apf/ad/antidos -a > /dev/null 2>&1
root 5203 0.0 0.0 2528 1328 ? S 16:45 0:00 /bin/sh /etc/apf/ad/antidos -a
root 10760 0.0 0.1 6888 2160 ? S 16:48 0:00 sshd: root@pts/2
root 10854 0.0 0.0 5344 1368 pts/2 S 16:49 0:00 -bash
mysql 17445 0.0 1.4 75608 30280 ? S 16:50 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 17446 0.0 1.4 75608 30280 ? S 16:50 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
root 21496 0.0 0.0 1620 640 ? S 16:51 0:00 CROND
root 21497 0.0 0.0 2128 880 ? S 16:51 0:00 /bin/sh -c /etc/apf/ad/antidos -a > /dev/null 2>&1
root 21498 0.0 0.0 2524 1332 ? S 16:51 0:00 /bin/sh /etc/apf/ad/antidos -a
root 24000 0.0 0.0 2524 1332 ? S 16:54 0:00 /bin/sh /etc/apf/ad/antidos -a
root 24001 0.0 0.0 1724 788 ? S 16:54 0:00 whois -h whois.arin.net 200.176.10.210
root 24005 0.0 0.0 1612 468 ? S 16:54 0:00 grep -i abuse
root 24006 0.0 0.0 1604 464 ? S 16:54 0:00 grep @
root 24009 0.0 0.0 1948 628 ? S 16:54 0:00 awk {print$2}
root 24011 0.0 0.0 1820 488 ? S 16:54 0:00 tail -n 1
inamadm 27771 0.1 0.3 11908 7092 ? S 16:54 0:00 webmaild - serving 200.208.82.45
root 27779 2.8 0.8 24276 17032 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
inamadm 27781 0.1 0.3 11908 7092 ? S 16:54 0:00 webmaild - serving 200.208.82.45
inamadm 27782 0.1 0.3 11908 7092 ? S 16:54 0:00 webmaild - serving 200.208.82.45
inamadm 27783 0.1 0.3 11908 7092 ? S 16:54 0:00 webmaild - serving 200.208.82.45
root 27797 0.2 0.1 5788 3532 ? S 16:54 0:00 /usr/bin/perl /usr/local/cpanel/bin/leechprotect
nobody 27798 0.6 0.9 28876 19940 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27799 0.3 0.9 28832 19968 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27800 0.2 0.9 28832 19936 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27801 0.0 0.8 24560 17684 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27802 0.1 0.8 24768 18052 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27806 0.5 0.9 28832 20044 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27809 0.5 1.0 29572 20720 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27810 0.5 0.9 28828 19992 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
root 27811 0.0 0.3 11904 6852 ? S 16:54 0:00 whostmgrd - serving 201.29.113.246
root 27812 0.1 0.0 3508 2040 ? S 16:54 0:00 /usr/bin/perl ./cgi/addon_spamdconf.cgi
root 27813 0.1 0.1 3948 2396 ? S 16:54 0:00 /usr/bin/perl /scripts/restartsrv_exim
nobody 27881 0.2 0.9 28492 19624 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27882 0.1 0.8 24428 17624 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27883 0.5 0.9 28828 19944 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27884 0.4 1.0 29576 20756 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27887 0.0 0.8 24452 17628 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27888 0.1 0.8 24288 17164 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27889 0.2 0.8 24464 17676 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27890 0.2 0.9 28504 19704 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27894 0.2 0.9 27748 19000 ? R 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
juridico 27914 0.4 0.4 10128 8692 ? S 16:54 0:00 cppop - serving 200.233.125.63 - UPDATE - contato@intelectojuri
faurtil 27916 0.2 0.4 10128 8880 ? S 16:54 0:00 cppop - serving 201.27.209.178 - UPDATE - vendas@faurtil.com.br
cervejao 27922 0.3 0.4 10128 8692 ? S 16:54 0:00 cppop - serving 200.140.60.243 - UPDATE - cobranca@knifebrasil.
pbacana 27926 0.5 0.4 10132 8692 ? S 16:54 0:00 cppop - serving 201.29.126.211 - TRANSACTION - marcelomarques@p
unicomex 27927 0.5 0.4 10128 8840 ? S 16:54 0:00 cppop - serving 200.99.123.130 - UPDATE - matthias@unicomex.com
root 27928 0.6 0.0 5236 1216 pts/1 S 16:54 0:00 top
jrelvio 27931 0.4 0.4 10128 8688 ? S 16:54 0:00 cppop - serving 201.29.138.48 - AUTHORIZATION
root 27932 0.0 0.4 10120 8636 ? S 16:54 0:00 cppop - serving 200.233.125.67 - AUTHORIZATION
ghetto 27933 0.1 0.4 10128 8836 ? S 16:54 0:00 cppop - serving 200.180.90.26 - AUTHORIZATION
hussein 27934 0.3 0.4 10128 8684 ? S 16:54 0:00 cppop - serving 200.161.216.27 - AUTHORIZATION
santana 27935 0.6 0.4 10128 8688 ? S 16:54 0:00 cppop - serving 201.15.135.139 - AUTHORIZATION
bellacom 27936 0.4 0.4 10128 8684 ? S 16:54 0:00 cppop - serving 201.19.211.190 - AUTHORIZATION
root 28077 0.2 0.0 5324 1264 ? S 16:54 0:00 /bin/sh /etc/rc.d/init.d/exim start
root 28668 0.0 0.0 2528 1328 ? S 16:54 0:00 /bin/sh /etc/apf/ad/antidos -a
root 28669 0.0 0.0 1704 700 ? S 16:54 0:00 whois -h whois.arin.net 201.2.255.157
root 28670 0.0 0.0 1612 472 ? S 16:54 0:00 grep -i abuse
root 28671 0.0 0.0 1608 464 ? S 16:54 0:00 grep @
root 28672 0.0 0.0 1952 628 ? S 16:54 0:00 awk {print$2}
root 28673 0.0 0.0 1832 488 ? S 16:54 0:00 tail -n 1
root 28674 0.0 0.4 10440 9072 ? S 16:54 0:00 /usr/sbin/clamd
root 28675 0.0 0.0 1544 548 ? S 16:54 0:00 initlog -q -n /etc/rc.d/init.d/exim -s clamd startup -e 1
root 28676 0.0 0.4 10120 8632 ? S 16:54 0:00 cppop - accepting on port 110
root 28677 0.0 0.4 10120 8632 ? S 16:54 0:00 cppop - accepting on port 110
root 28678 0.0 0.4 10120 8632 ? S 16:54 0:00 cppop - accepting on port 110
tonziro 28679 5.0 0.0 0 0 ? Z 16:54 0:00 [emAlbum.cgi <defunct>]
root 28680 0.0 0.0 2868 916 pts/2 R 16:54 0:00 ps aux
Ataque:
root@srv-rh4 [/]# netstat -nap | grep exi
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 28696/exim
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 28685/exim
tcp 0 0 70.84.190.194:25 84.114.159.47:4937 ESTABLISHED 28692/exim
tcp 0 0 70.84.190.194:25 200.181.68.156:33675 ESTABLISHED 4408/exim
tcp 0 0 70.84.190.194:25 62.87.215.70:1651 ESTABLISHED 28814/exim
tcp 0 0 70.84.190.194:25 201.29.123.158:65462 ESTABLISHED 28804/exim
tcp 0 0 70.84.190.194:25 200.195.199.2:42805 ESTABLISHED 4429/exim
tcp 0 0 70.84.190.194:25 200.221.4.109:44695 ESTABLISHED 4402/exim
tcp 0 0 70.84.190.194:25 212.244.155.17:3296 ESTABLISHED 28779/exim
tcp 0 0 70.84.190.194:25 200.176.10.212:53549 ESTABLISHED 4384/exim
tcp 0 0 70.84.190.194:25 200.184.130.20:2923 ESTABLISHED 4382/exim
tcp 0 59 70.84.190.194:25 201.29.135.228:1359 ESTABLISHED 4417/exim
tcp 0 0 70.84.190.194:25 200.184.79.36:59295 ESTABLISHED 4379/exim
udp 0 0 70.84.190.201:46465 70.84.190.201:53 ESTABLISHED 4379/exim
udp 0 0 70.84.190.201:46466 70.84.190.201:53 ESTABLISHED 4381/exim
udp 0 0 70.84.190.201:46467 70.84.190.201:53 ESTABLISHED 4382/exim
udp 0 0 70.84.190.201:46468 70.84.190.201:53 ESTABLISHED 4384/exim
udp 0 0 70.84.190.202:46473 70.84.190.202:53 ESTABLISHED 4381/exim
udp 0 0 70.84.190.202:46474 70.84.190.202:53 ESTABLISHED 4379/exim
udp 0 0 70.84.190.202:46475 70.84.190.202:53 ESTABLISHED 4382/exim
udp 0 0 70.84.190.202:46476 70.84.190.202:53 ESTABLISHED 4384/exim
udp 0 0 70.84.190.201:46479 70.84.190.201:53 ESTABLISHED 28779/exim
udp 0 0 70.84.190.201:46480 70.84.190.201:53 ESTABLISHED 4402/exim
udp 0 0 70.84.190.201:46481 70.84.190.201:53 ESTABLISHED 4408/exim
udp 0 0 70.84.190.202:46487 70.84.190.202:53 ESTABLISHED 28779/exim
udp 0 0 70.84.190.202:46488 70.84.190.202:53 ESTABLISHED 4402/exim
udp 0 0 70.84.190.202:46489 70.84.190.202:53 ESTABLISHED 4408/exim
udp 0 0 70.84.190.201:46496 70.84.190.201:53 ESTABLISHED 4429/exim
Tão minando a porta do DNS para parar de responder, consequentemente os sites ficam off.
root@srv-rh4 [~]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 1536 484 ? S 01:12 0:06 init
root 2 0.0 0.0 0 0 ? SW 01:12 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SW 01:12 0:00 [migration/1]
root 4 0.0 0.0 0 0 ? SW 01:12 0:00 [migration/2]
root 5 0.0 0.0 0 0 ? SW 01:12 0:00 [migration/3]
root 6 0.0 0.0 0 0 ? SW 01:12 0:00 [keventd]
root 7 0.0 0.0 0 0 ? SWN 01:12 0:00 [ksoftirqd/0]
root 8 0.0 0.0 0 0 ? SWN 01:12 0:00 [ksoftirqd/1]
root 9 0.0 0.0 0 0 ? SWN 01:12 0:00 [ksoftirqd/2]
root 10 0.0 0.0 0 0 ? SWN 01:12 0:00 [ksoftirqd/3]
root 13 0.0 0.0 0 0 ? SW 01:12 0:00 [bdflush]
root 11 0.0 0.0 0 0 ? SW 01:12 0:08 [kswapd]
root 12 0.0 0.0 0 0 ? SW 01:12 0:12 [kscand]
root 14 0.0 0.0 0 0 ? SW 01:12 0:06 [kupdated]
root 15 0.0 0.0 0 0 ? SW 01:12 0:00 [mdrecoveryd]
root 25 0.0 0.0 0 0 ? SW 01:12 0:04 [kjournald]
root 80 0.0 0.0 0 0 ? SW 01:12 0:00 [khubd]
root 572 0.0 0.0 0 0 ? SW 01:12 0:00 [kjournald]
root 573 0.0 0.0 0 0 ? SW 01:12 0:00 [kjournald]
root 574 0.0 0.0 0 0 ? SW 01:12 0:15 [kjournald]
root 575 0.0 0.0 0 0 ? SW 01:12 0:03 [kjournald]
root 576 0.0 0.0 0 0 ? SW 01:12 0:07 [kjournald]
root 577 0.1 0.0 0 0 ? DW 01:12 1:44 [kjournald]
root 900 0.0 0.0 1516 456 ? S 01:13 0:02 irqbalance
root 2729 0.0 0.0 1620 636 ? S 01:13 0:00 crond
root 2929 0.2 0.6 15072 12416 ? SN 01:13 2:48 cpanellogd - sleeping for logs
root 2992 0.0 0.0 4640 552 ? S 01:13 0:00 rhnsd --interval 240
root 3005 0.0 0.1 7140 2576 ? S 01:13 0:00 /usr/bin/perl /usr/local/bin/ipalert_statd
root 3025 0.0 0.0 1536 464 ? S 01:13 0:00 /usr/sbin/portsentry -tcp
root 3063 0.0 0.0 1508 416 tty1 S 01:13 0:00 /sbin/mingetty tty1
root 3064 0.0 0.0 1508 416 tty2 S 01:13 0:00 /sbin/mingetty tty2
root 3065 0.0 0.0 1508 416 tty3 S 01:13 0:00 /sbin/mingetty tty3
root 3066 0.0 0.0 1508 416 tty4 S 01:13 0:00 /sbin/mingetty tty4
root 3067 0.0 0.0 1508 416 tty5 S 01:13 0:00 /sbin/mingetty tty5
root 3068 0.0 0.0 1508 412 tty6 S 01:13 0:00 /sbin/mingetty tty6
root 3069 0.0 0.0 1500 408 ttyS0 S 01:13 0:00 /sbin/mingetty ttyS0 CON9600 vt102
cpanel 4255 0.0 0.0 3684 1456 ? S 05:51 0:00 /usr/bin/stunnel-4.04local /usr/local/cpanel/etc/stunnel/defaul
root 4268 0.0 0.3 11896 6728 ? S 05:51 0:14 cpsrvd - waiting for connections
root 10925 0.2 0.0 1600 584 ? D 06:30 1:36 syslogd -m 0
root 10970 0.0 0.0 1540 456 ? S 06:30 0:00 klogd -x
cpanel 27943 0.0 0.3 11908 6876 ? S 10:11 0:00 webmaild - serving 201.14.250.58
cpanel 27944 0.1 0.4 18688 8852 ? S 10:11 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
cpanel 28042 0.0 0.3 11912 6888 ? S 10:28 0:00 webmaild - serving 201.14.250.58
cpanel 28044 0.1 0.3 16472 6644 ? S 10:28 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
cpanel 28229 0.0 0.3 11912 6888 ? S 10:29 0:00 webmaild - serving 201.14.250.58
cpanel 28230 0.1 0.3 16472 6632 ? S 10:29 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
cpanel 28305 0.0 0.3 11912 6888 ? S 10:30 0:00 webmaild - serving 201.14.250.58
cpanel 28306 0.1 0.3 16484 6644 ? S 10:30 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
cpanel 23981 0.0 0.3 11912 6884 ? S 10:42 0:00 webmaild - serving 201.14.250.58
cpanel 23982 0.1 0.4 18784 8852 ? S 10:42 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
cpanel 4552 0.0 0.3 11916 7048 ? S 13:37 0:00 webmaild - serving 201.17.166.160
cpanel 4553 0.2 0.3 16288 6612 ? S 13:37 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
cpanel 5011 0.0 0.3 11916 7048 ? S 13:38 0:00 webmaild - serving 201.17.166.160
cpanel 5013 0.2 0.3 16280 6596 ? S 13:38 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
cpanel 5145 0.0 0.3 11916 6892 ? S 13:38 0:00 webmaild - serving 201.35.227.122
cpanel 5147 0.2 0.3 16292 6612 ? S 13:38 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
cpanel 7825 0.0 0.3 11916 7052 ? S 13:38 0:00 webmaild - serving 201.17.166.160
cpanel 7826 0.2 0.3 16288 6608 ? S 13:38 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
cpanel 13791 0.0 0.3 11912 7052 ? S 13:40 0:00 webmaild - serving 201.17.166.160
cpanel 13792 0.2 0.3 16288 6608 ? S 13:40 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
root 25171 0.0 0.0 3668 1556 ? S 14:51 0:00 /usr/sbin/sshd
root 31958 0.0 0.2 5740 4332 ? S 14:55 0:00 /usr/local/cpanel/bin/backupadmin
root 1204 0.0 0.2 5496 4120 ? S 14:56 0:00 /usr/bin/perl /usr/local/cpanel/bin/ftpput /home/backup-12.15.2
cpanel 10345 0.0 0.3 11912 7052 ? S 15:00 0:00 webmaild - serving 200.157.201.203
cpanel 10346 0.4 0.3 16804 7076 ? S 15:00 0:30 /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/base/horde
root 25846 0.0 0.1 7044 2220 ? S 15:40 0:00 sshd: root@pts/0
root 25950 0.0 0.0 5468 1424 pts/0 S 15:41 0:00 -bash
root 13445 0.0 0.1 7044 2184 ? S 16:06 0:00 sshd: root@pts/1
root 13511 0.0 0.0 5348 1408 pts/1 S 16:06 0:00 -bash
root 20955 0.0 0.0 5332 1184 ? S 16:09 0:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --pid-fil
mysql 20990 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 20991 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 20992 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 20993 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 20994 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 20995 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 20996 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 20997 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 20998 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 20999 0.0 1.4 75608 30280 ? S 16:09 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21000 0.0 1.4 75608 30280 ? S 16:09 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21016 0.0 1.4 75608 30280 ? S 16:09 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21020 0.0 1.4 75608 30280 ? S 16:09 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21045 0.0 1.4 75608 30280 ? S 16:09 0:02 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21046 0.0 1.4 75608 30280 ? S 16:09 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21049 0.0 1.4 75608 30280 ? S 16:09 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21051 0.0 1.4 75608 30280 ? S 16:09 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21053 0.0 1.4 75608 30280 ? S 16:10 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21054 0.0 1.4 75608 30280 ? S 16:10 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 21055 0.0 1.4 75608 30280 ? S 16:10 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 23362 0.1 1.4 75608 30280 ? S 16:10 0:03 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 24479 0.0 1.4 75608 30280 ? S 16:10 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 24934 0.0 1.4 75608 30280 ? S 16:10 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 24936 0.0 1.4 75608 30280 ? S 16:10 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
postgres 24971 0.0 0.0 10684 2028 ? S 16:10 0:00 /usr/bin/postmaster -p 5432 -D /var/lib/pgsql/data
postgres 24972 0.0 0.0 10244 1840 ? S 16:10 0:00 postgres: stats buffer process
postgres 24973 0.0 0.0 9252 1860 ? S 16:10 0:00 postgres: stats collector process
mysql 25010 0.0 1.4 75608 30280 ? S 16:10 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 25012 0.0 1.4 75608 30280 ? S 16:10 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 25014 0.0 1.4 75608 30280 ? S 16:10 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 25018 0.0 1.4 75608 30280 ? S 16:10 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 754 0.0 1.4 75608 30280 ? S 16:13 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 755 0.0 1.4 75608 30280 ? S 16:13 0:01 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mailnull 13707 0.0 0.2 8440 4212 ? S 16:18 0:00 /usr/bin/perl /usr/local/cpanel/bin/eximstats
spot 28114 0.0 0.0 2724 1276 ? S 16:25 0:00 imapd
root 3071 0.0 0.0 2148 840 ? S 16:28 0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
root 3879 0.3 0.4 10112 8624 ? S 16:29 0:04 cppop - accepting on port 110
root 10584 0.0 0.0 6928 1812 ? S 16:37 0:00 pure-ftpd (SERVER)
root 10600 0.0 0.0 6680 968 ? S 16:37 0:00 /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/sbin/pureaut
root 12320 0.0 0.3 12332 7936 ? S 16:39 0:00 chkservd
evetech 26889 0.0 0.0 6952 1984 ? S 16:42 0:00 pure-ftpd (IDLE)
named 29635 0.1 0.3 72024 7252 ? S 16:44 0:01 named-wrapper -u named
root 5199 0.0 0.0 1620 640 ? S 16:45 0:00 CROND
root 5200 0.0 0.0 2116 876 ? S 16:45 0:00 /bin/sh -c /etc/apf/ad/antidos -a > /dev/null 2>&1
root 5203 0.0 0.0 2528 1328 ? S 16:45 0:00 /bin/sh /etc/apf/ad/antidos -a
root 10760 0.0 0.1 6888 2160 ? S 16:48 0:00 sshd: root@pts/2
root 10854 0.0 0.0 5344 1368 pts/2 S 16:49 0:00 -bash
mysql 17445 0.0 1.4 75608 30280 ? S 16:50 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
mysql 17446 0.0 1.4 75608 30280 ? S 16:50 0:00 /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=my
root 21496 0.0 0.0 1620 640 ? S 16:51 0:00 CROND
root 21497 0.0 0.0 2128 880 ? S 16:51 0:00 /bin/sh -c /etc/apf/ad/antidos -a > /dev/null 2>&1
root 21498 0.0 0.0 2524 1332 ? S 16:51 0:00 /bin/sh /etc/apf/ad/antidos -a
root 24000 0.0 0.0 2524 1332 ? S 16:54 0:00 /bin/sh /etc/apf/ad/antidos -a
root 24001 0.0 0.0 1724 788 ? S 16:54 0:00 whois -h whois.arin.net 200.176.10.210
root 24005 0.0 0.0 1612 468 ? S 16:54 0:00 grep -i abuse
root 24006 0.0 0.0 1604 464 ? S 16:54 0:00 grep @
root 24009 0.0 0.0 1948 628 ? S 16:54 0:00 awk {print$2}
root 24011 0.0 0.0 1820 488 ? S 16:54 0:00 tail -n 1
inamadm 27771 0.1 0.3 11908 7092 ? S 16:54 0:00 webmaild - serving 200.208.82.45
root 27779 2.8 0.8 24276 17032 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
inamadm 27781 0.1 0.3 11908 7092 ? S 16:54 0:00 webmaild - serving 200.208.82.45
inamadm 27782 0.1 0.3 11908 7092 ? S 16:54 0:00 webmaild - serving 200.208.82.45
inamadm 27783 0.1 0.3 11908 7092 ? S 16:54 0:00 webmaild - serving 200.208.82.45
root 27797 0.2 0.1 5788 3532 ? S 16:54 0:00 /usr/bin/perl /usr/local/cpanel/bin/leechprotect
nobody 27798 0.6 0.9 28876 19940 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27799 0.3 0.9 28832 19968 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27800 0.2 0.9 28832 19936 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27801 0.0 0.8 24560 17684 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27802 0.1 0.8 24768 18052 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27806 0.5 0.9 28832 20044 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27809 0.5 1.0 29572 20720 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27810 0.5 0.9 28828 19992 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
root 27811 0.0 0.3 11904 6852 ? S 16:54 0:00 whostmgrd - serving 201.29.113.246
root 27812 0.1 0.0 3508 2040 ? S 16:54 0:00 /usr/bin/perl ./cgi/addon_spamdconf.cgi
root 27813 0.1 0.1 3948 2396 ? S 16:54 0:00 /usr/bin/perl /scripts/restartsrv_exim
nobody 27881 0.2 0.9 28492 19624 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27882 0.1 0.8 24428 17624 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27883 0.5 0.9 28828 19944 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27884 0.4 1.0 29576 20756 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27887 0.0 0.8 24452 17628 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27888 0.1 0.8 24288 17164 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27889 0.2 0.8 24464 17676 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27890 0.2 0.9 28504 19704 ? S 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
nobody 27894 0.2 0.9 27748 19000 ? R 16:54 0:00 /usr/local/apache/bin/httpd -DSSL
juridico 27914 0.4 0.4 10128 8692 ? S 16:54 0:00 cppop - serving 200.233.125.63 - UPDATE - contato@intelectojuri
faurtil 27916 0.2 0.4 10128 8880 ? S 16:54 0:00 cppop - serving 201.27.209.178 - UPDATE - vendas@faurtil.com.br
cervejao 27922 0.3 0.4 10128 8692 ? S 16:54 0:00 cppop - serving 200.140.60.243 - UPDATE - cobranca@knifebrasil.
pbacana 27926 0.5 0.4 10132 8692 ? S 16:54 0:00 cppop - serving 201.29.126.211 - TRANSACTION - marcelomarques@p
unicomex 27927 0.5 0.4 10128 8840 ? S 16:54 0:00 cppop - serving 200.99.123.130 - UPDATE - matthias@unicomex.com
root 27928 0.6 0.0 5236 1216 pts/1 S 16:54 0:00 top
jrelvio 27931 0.4 0.4 10128 8688 ? S 16:54 0:00 cppop - serving 201.29.138.48 - AUTHORIZATION
root 27932 0.0 0.4 10120 8636 ? S 16:54 0:00 cppop - serving 200.233.125.67 - AUTHORIZATION
ghetto 27933 0.1 0.4 10128 8836 ? S 16:54 0:00 cppop - serving 200.180.90.26 - AUTHORIZATION
hussein 27934 0.3 0.4 10128 8684 ? S 16:54 0:00 cppop - serving 200.161.216.27 - AUTHORIZATION
santana 27935 0.6 0.4 10128 8688 ? S 16:54 0:00 cppop - serving 201.15.135.139 - AUTHORIZATION
bellacom 27936 0.4 0.4 10128 8684 ? S 16:54 0:00 cppop - serving 201.19.211.190 - AUTHORIZATION
root 28077 0.2 0.0 5324 1264 ? S 16:54 0:00 /bin/sh /etc/rc.d/init.d/exim start
root 28668 0.0 0.0 2528 1328 ? S 16:54 0:00 /bin/sh /etc/apf/ad/antidos -a
root 28669 0.0 0.0 1704 700 ? S 16:54 0:00 whois -h whois.arin.net 201.2.255.157
root 28670 0.0 0.0 1612 472 ? S 16:54 0:00 grep -i abuse
root 28671 0.0 0.0 1608 464 ? S 16:54 0:00 grep @
root 28672 0.0 0.0 1952 628 ? S 16:54 0:00 awk {print$2}
root 28673 0.0 0.0 1832 488 ? S 16:54 0:00 tail -n 1
root 28674 0.0 0.4 10440 9072 ? S 16:54 0:00 /usr/sbin/clamd
root 28675 0.0 0.0 1544 548 ? S 16:54 0:00 initlog -q -n /etc/rc.d/init.d/exim -s clamd startup -e 1
root 28676 0.0 0.4 10120 8632 ? S 16:54 0:00 cppop - accepting on port 110
root 28677 0.0 0.4 10120 8632 ? S 16:54 0:00 cppop - accepting on port 110
root 28678 0.0 0.4 10120 8632 ? S 16:54 0:00 cppop - accepting on port 110
tonziro 28679 5.0 0.0 0 0 ? Z 16:54 0:00 [emAlbum.cgi <defunct>]
root 28680 0.0 0.0 2868 916 pts/2 R 16:54 0:00 ps aux
Ataque:
root@srv-rh4 [/]# netstat -nap | grep exi
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 28696/exim
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 28685/exim
tcp 0 0 70.84.190.194:25 84.114.159.47:4937 ESTABLISHED 28692/exim
tcp 0 0 70.84.190.194:25 200.181.68.156:33675 ESTABLISHED 4408/exim
tcp 0 0 70.84.190.194:25 62.87.215.70:1651 ESTABLISHED 28814/exim
tcp 0 0 70.84.190.194:25 201.29.123.158:65462 ESTABLISHED 28804/exim
tcp 0 0 70.84.190.194:25 200.195.199.2:42805 ESTABLISHED 4429/exim
tcp 0 0 70.84.190.194:25 200.221.4.109:44695 ESTABLISHED 4402/exim
tcp 0 0 70.84.190.194:25 212.244.155.17:3296 ESTABLISHED 28779/exim
tcp 0 0 70.84.190.194:25 200.176.10.212:53549 ESTABLISHED 4384/exim
tcp 0 0 70.84.190.194:25 200.184.130.20:2923 ESTABLISHED 4382/exim
tcp 0 59 70.84.190.194:25 201.29.135.228:1359 ESTABLISHED 4417/exim
tcp 0 0 70.84.190.194:25 200.184.79.36:59295 ESTABLISHED 4379/exim
udp 0 0 70.84.190.201:46465 70.84.190.201:53 ESTABLISHED 4379/exim
udp 0 0 70.84.190.201:46466 70.84.190.201:53 ESTABLISHED 4381/exim
udp 0 0 70.84.190.201:46467 70.84.190.201:53 ESTABLISHED 4382/exim
udp 0 0 70.84.190.201:46468 70.84.190.201:53 ESTABLISHED 4384/exim
udp 0 0 70.84.190.202:46473 70.84.190.202:53 ESTABLISHED 4381/exim
udp 0 0 70.84.190.202:46474 70.84.190.202:53 ESTABLISHED 4379/exim
udp 0 0 70.84.190.202:46475 70.84.190.202:53 ESTABLISHED 4382/exim
udp 0 0 70.84.190.202:46476 70.84.190.202:53 ESTABLISHED 4384/exim
udp 0 0 70.84.190.201:46479 70.84.190.201:53 ESTABLISHED 28779/exim
udp 0 0 70.84.190.201:46480 70.84.190.201:53 ESTABLISHED 4402/exim
udp 0 0 70.84.190.201:46481 70.84.190.201:53 ESTABLISHED 4408/exim
udp 0 0 70.84.190.202:46487 70.84.190.202:53 ESTABLISHED 28779/exim
udp 0 0 70.84.190.202:46488 70.84.190.202:53 ESTABLISHED 4402/exim
udp 0 0 70.84.190.202:46489 70.84.190.202:53 ESTABLISHED 4408/exim
udp 0 0 70.84.190.201:46496 70.84.190.201:53 ESTABLISHED 4429/exim
Tão minando a porta do DNS para parar de responder, consequentemente os sites ficam off.
#7
LarPhozyHah
-
- Usuários
-
- 14515 posts
Super Veterano
- Sexo:Masculino
- Localidade:San Miguel de Tucuman
Posted 17/09/2017, 03:24
Viagra E Cialis Farmacia cialis price Propecia Sale Fda Proviron Viagra Rezept Online Celebrex 22mg Cytotec For Sale online pharmacy Cod Clobetasol Worldwide
Zithromax 600 Mg Pfizer cialis Viagra 50mg Sale Viagra Bestellen Holland Generico Viagra Farmacia Viagra Brand From Amazon cialis price Buy Viagara
Kwikmed Coupon Viagra online pharmacy How Does Amoxicillin Effect The Body
Cialis Generika Preiswert Where To Order Secure Fedex Shipping Stendra Ou Trouver Du Tadalis Sx Pas Cher
Buy Cheap Lasix <a href=http://cialtobuy.com>cheap cialis</a> Viagra Ultime Notizie
Zithromax 600 Mg Pfizer cialis Viagra 50mg Sale Viagra Bestellen Holland Generico Viagra Farmacia Viagra Brand From Amazon cialis price Buy Viagara
Kwikmed Coupon Viagra online pharmacy How Does Amoxicillin Effect The Body
Cialis Generika Preiswert Where To Order Secure Fedex Shipping Stendra Ou Trouver Du Tadalis Sx Pas Cher
Buy Cheap Lasix <a href=http://cialtobuy.com>cheap cialis</a> Viagra Ultime Notizie
#8
LarPhozyHah
-
- Usuários
-
- 14515 posts
Super Veterano
- Sexo:Masculino
- Localidade:San Miguel de Tucuman
Posted 26/09/2017, 08:47
Ou Acheter Cialis Serieux Acquistare Finasteride Propecia Se Puede Comprar Viagra Sin Receta En Farmacias online pharmacy Cephalexin Nursing Intervention Cialis Prix Moyen
Amoxil Dosing Cialis Dove Comprare Online online pharmacy buy cheap accutane online no prescription Generique Levitra 20 10mg
Best Canadian Pharcharmy Online What Does Cephalexin Have In It Canda Pharmasey Male Enhancement cialis How To Order Viagra From Canada
Amoxil Dosing Cialis Dove Comprare Online online pharmacy buy cheap accutane online no prescription Generique Levitra 20 10mg
Best Canadian Pharcharmy Online What Does Cephalexin Have In It Canda Pharmasey Male Enhancement cialis How To Order Viagra From Canada
#9
LarPhozyHah
-
- Usuários
-
- 14515 posts
Super Veterano
- Sexo:Masculino
- Localidade:San Miguel de Tucuman
Posted 02/10/2017, 17:15
Cialis Generique Apcalis Cialis 20 Mg Effets Secondaires viagra Amoxicillin And Sun Exposure Viagra Kaufen Schneller Versand
Eliferx Cialis cialis online Viagra Wirkt Nicht Mehr
Eliferx Cialis cialis online Viagra Wirkt Nicht Mehr
#10
LarPhozyHah
-
- Usuários
-
- 14515 posts
Super Veterano
- Sexo:Masculino
- Localidade:San Miguel de Tucuman
Posted 05/10/2017, 18:55
Buy Zithromax Z Mail Order Doryx cialis Alli Available In Canada Amoxil Ampicillin Anti
Levitra Prices Viagra Without Prescriptions best price for levitra 20mg Secure Online Progesterone Worldwide In Internet Low Price
Levitra Prices Viagra Without Prescriptions best price for levitra 20mg Secure Online Progesterone Worldwide In Internet Low Price
#12
LarPhozyHah
-
- Usuários
-
- 14515 posts
Super Veterano
- Sexo:Masculino
- Localidade:San Miguel de Tucuman
Posted 21/10/2017, 07:22
Viagra Versand Packstation Propecia 3 Months 1 Mg Propecia Effects On Women Male Pattern Hair Loss buy viagra online Cialis Without A Significado De Propecia
Clomid Et Grossesse Posologie buy viagra Puedo Tomar Viagra Hipertension Cheap Viagra Online Ozz Pills
Cephalexin Lawsuit Amoxicillin Wirkungseintritt Zithromax Early Pregnancy viagra Canadian Cheap Cialis
Propecia Generica Cialis France Pharmacie En Ligne Comprar Viagra En Zaragoza generic levitra 20mg Comment Acheter Cialis France
Clomid Et Grossesse Posologie buy viagra Puedo Tomar Viagra Hipertension Cheap Viagra Online Ozz Pills
Cephalexin Lawsuit Amoxicillin Wirkungseintritt Zithromax Early Pregnancy viagra Canadian Cheap Cialis
Propecia Generica Cialis France Pharmacie En Ligne Comprar Viagra En Zaragoza generic levitra 20mg Comment Acheter Cialis France
#13
LarPhozyHah
-
- Usuários
-
- 14515 posts
Super Veterano
- Sexo:Masculino
- Localidade:San Miguel de Tucuman
Posted 31/10/2017, 15:18
Keflex Without A Prescription Viagra Andorra Buy Clomid Via Mail generic cialis Viagra Versand An Packstation Buy Now Progesterone
Bentyl Muscle Spasms Internet Mastercard Accepted Without Perscription Comprar Clomiphene viagra Erection Pills For Sale Buy Priligy Dapoxetine United States Revatio
Looking For Viagra Bien Hora Para Tomar Propecia Cialis Basso Prezzo viagra Levitra Para Diabeticos
Bentyl Muscle Spasms Internet Mastercard Accepted Without Perscription Comprar Clomiphene viagra Erection Pills For Sale Buy Priligy Dapoxetine United States Revatio
Looking For Viagra Bien Hora Para Tomar Propecia Cialis Basso Prezzo viagra Levitra Para Diabeticos
#15
LarPhozyHah
-
- Usuários
-
- 14515 posts
Super Veterano
- Sexo:Masculino
- Localidade:San Miguel de Tucuman
Posted 22/11/2017, 16:25
Montreal Online Pharmacy viagra online Spanish Pharmacies Online
Cephalexin 500 Mg Information viagra Propranolol Sale Order Zithromax Azithromycin Cialis Impuissance Com
Cialis En Ligne Maroc buy cialis Kamagra Villeurbanne 100mg Kamagra En Ligne 100mg Viagra Online No Precription
Cephalexin 500 Mg Information viagra Propranolol Sale Order Zithromax Azithromycin Cialis Impuissance Com
Cialis En Ligne Maroc buy cialis Kamagra Villeurbanne 100mg Kamagra En Ligne 100mg Viagra Online No Precription
0 user(s) are reading this topic
0 membro(s), 0 visitante(s) e 0 membros anônimo(s)
