Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Ogłoszenie
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
Strony: 1
- Forum Debian Users Gang
- » Sieci i serwery
- » ftp_scanner... co z tym q....[samocenzura] mac zrobic
#1 2007-03-14 18:32:40
Nickleodeon - 
Członek DUG
- Nickleodeon
- Członek DUG
- Skąd: Drawsko Pomorskie
- Zarejestrowany: 2005-08-19
ftp_scanner... co z tym q....[samocenzura] mac zrobic
Serwus, no i mam ... chyba klopot :(((
Zaczne od poczatku. Stwierdzilem, ze coraz bardziej mam zapchane lacze.
Komenda top dała mi cos takiego:
[color=red][b]2266 processes: 2264 sleeping[/b][/color], 2 running, 0 zombie, 0 stopped
CPU states: 9,1% user 23,8% system 0,0% nice 0,0% iowait 67,0% idle
Mem: 507428k av, 178764k used, 328664k free, 0k shrd, 2828k buff
20136k active, 15344k inactive
Swap: 522104k av, 0k used, 522104k free 32196k cached
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
6893 root 16 0 3188 3188 884 R 18,7 0,6 0:03 0 top
1055 root 19 0 620 620 572 R 2,1 0,1 10:24 0 ipfm
1115 root 11 0 1452 1452 960 S 0,3 0,2 0:04 0 dhcpd
1066 root 9 0 1528 1528 1396 S 0,1 0,3 0:02 0 sshd
4475 apache 9 0 1020 1016 452 S 0,1 0,2 0:01 0 ftp_scanner
4809 apache 9 0 1040 1036 468 S 0,1 0,2 0:16 0 ftp_scanner
5139 apache 9 0 1040 1036 468 S 0,1 0,2 0:04 0 ftp_scanner
5202 apache 9 0 1020 1016 452 S 0,1 0,2 0:06 0 ftp_scanner
5204 apache 9 0 1020 1016 452 S 0,1 0,2 0:01 0 ftp_scanner
5641 apache 9 0 1040 1036 468 S 0,1 0,2 0:12 0 ftp_scanner
1 root 8 0 504 504 456 S 0,0 0,0 0:03 0 init
2 root 9 0 0 0 0 SW 0,0 0,0 0:00 0 keventd
3 root 19 19 0 0 0 SWN 0,0 0,0 0:00 0 ksoftirqd_CPU0
4 root 9 0 0 0 0 SW 0,0 0,0 0:00 0 kswapd
5 root 9 0 0 0 0 SW 0,0 0,0 0:00 0 bdflush
6 root 9 0 0 0 0 SW 0,0 0,0 0:00 0 kupdated
[color=green]7 root 18446744073709551615 -20 0 0 0 SW< 0,0 0,0 0:00 0 mdrecoveryd[/color]
612 root 9 0 0 0 0 SW 0,0 0,0 0:00 0 kjournald
613 root 9 0 0 0 0 SW 0,0 0,0 0:00 0 kjournald
997 root 9 0 680 680 588 S 0,0 0,1 0:01 0 syslogd
1001 root 9 0 460 460 408 S 0,0 0,0 0:00 0 klogd
1019 rpc 9 0 552 552 488 S 0,0 0,1 0:00 0 portmap
1080 named 9 0 4772 4768 2192 S 0,0 0,9 0:19 0 named
1096 root 9 0 1372 1372 1132 S 0,0 0,2 0:00 0 radiusd
1106 root 9 0 8256 8252 8092 S 0,0 1,6 0:01 0 httpd
1124 root 8 0 608 608 536 S 0,0 0,1 0:00 0 crond
1142 daemon 9 0 548 548 492 S 0,0 0,1 0:00 0 atd
2376 root 9 0 416 416 368 S 0,0 0,0 0:00 0 mingetty
2377 root 9 0 416 416 368 S 0,0 0,0 0:00 0 mingetty
2378 root 9 0 416 416 368 S 0,0 0,0 0:00 0 mingetty
2379 root 9 0 416 416 368 S 0,0 0,0 0:00 0 mingetty
2380 root 9 0 416 416 368 S 0,0 0,0 0:00 0 mingetty
2381 root 9 0 416 416 368 S 0,0 0,0 0:00 0 mingetty
3872 apache 9 0 992 988 424 S 0,0 0,1 0:00 0 ftp_scanner
3873 apache 9 0 1020 1016 452 S 0,0 0,2 0:00 0 ftp_scanner
3874 apache 9 0 992 988 424 S 0,0 0,1 0:00 0 ftp_scanner
3875 apache 9 0 992 988 424 S 0,0 0,1 0:00 0 ftp_scanner
3876 apache 9 0 992 988 424 S 0,0 0,1 0:00 0 ftp_scanner[/quote]
Zastanawiajace jest to ze przewaznie na serwie maleo ok 40 -50 procesow a tu ok 2300!!!!!
Wiec zaczalem drazyc temat dalej:
Po wydaniu komendy:
netstat -anp
ujrzałem na konsoli cos, co mnie załamało:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1019/portmap
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1106/httpd
tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 1106/httpd
tcp 0 0 0.0.0.0:82 0.0.0.0:* LISTEN 1106/httpd
tcp 0 0 0.0.0.0:83 0.0.0.0:* LISTEN 1106/httpd
tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 1080/named
tcp 0 0 misio:53 0.0.0.0:* LISTEN 1080/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1080/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1066/sshd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1080/named
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1106/httpd
tcp 0 1 misio:58934 67.63.95.253:21 SYN_SENT 5007/ftp_scanner
tcp 0 14 misio:59600 67.19.5.122:21 ESTABLISHED 4026/ftp_scanner
tcp 0 35 misio:35221 67.95.7.21:21 ESTABLISHED 5709/ftp_scanner
tcp 0 1 misio:59551 67.34.103.105:21 SYN_SENT 4403/ftp_scanner
tcp 0 1 misio:58791 67.83.100.22:21 SYN_SENT 5453/ftp_scanner
tcp 0 47 misio:50254 67.55.41.225:21 ESTABLISHED 4811/ftp_scanner
tcp 0 12 misio:32838 67.68.77.178:21 ESTABLISHED 5139/ftp_scanner
tcp 0 1 misio:58812 67.61.111.115:21 SYN_SENT 5005/ftp_scanner
....
....
tu kilkaset linijek o podobnym charakterze
....
...
tcp 0 1 misio:59384 67.45.109.93:21 SYN_SENT 4608/ftp_scanner
tcp 0 14 misio:60142 67.69.24.77:21 ESTABLISHED 5140/ftp_scanner
tcp 0 1 misio:59748 67.70.88.178:21 SYN_SENT 5244/ftp_scanner
tcp 0 1 misio:59096 67.13.111.126:21 SYN_SENT 3941/ftp_scanner
tcp 0 1 misio:59503 67.66.94.177:21 SYN_SENT 5074/ftp_scanner
tcp 0 20 misio:46454 67.95.12.163:21 ESTABLISHED 5709/ftp_scanner
tcp 0 1 misio:59329 67.1.109.142:21 SYN_SENT 3873/ftp_scanner
tcp 0 1 misio:59785 67.99.17.222:21 SYN_SENT 5836/ftp_scanner
tcp 0 1 misio:58765 67.50.88.202:21 SYN_SENT 4742/ftp_scanner
tcp 0 1 misio:59280 67.68.86.176:21 SYN_SENT 5139/ftp_scanner
tcp 0 1 misio:59363 67.0.109.143:21 SYN_SENT 3872/ftp_scanner
tcp 0 21 misio:52818 67.86.84.118:21 LAST_ACK -
tcp 0 20 misio:46796 67.88.35.136:21 ESTABLISHED 5578/ftp_scanner
tcp 0 12 misio:44147 67.90.14.2:21 ESTABLISHED 5580/ftp_scanner
tcp 0 1 misio:59753 67.25.109.103:21 SYN_SENT -
tcp 0 1 misio:59753 67.25.109.103:21 SYN_SENT -
tcp 0 1 misio:59236 67.55.42.0:21 SYN_SENT 4811/ftp_scanner
tcp 0 53 misio:55650 67.93.59.69:21 ESTABLISHED 5643/ftp_scanner
tcp 0 117 misio:52571 67.100.22.69:21 ESTABLISHED 5840/ftp_scanner
tcp 0 1 misio:58540 67.14.111.128:21 SYN_SENT 3978/ftp_scanner
tcp 0 20 misio:49488 67.52.12.3:21 ESTABLISHED 4805/ftp_scanner
tcp 0 0 misio:35399 67.96.17.1:21 ESTABLISHED 5710/ftp_scanner
tcp 0 260 misio:39933 67.95.21.106:21 ESTABLISHED 5709/ftp_scanner
tcp 0 1 misio:59209 67.0.109.142:21 SYN_SENT 3872/ftp_scanner
tcp 0 1 misio:59407 67.66.94.176:21 SYN_SENT 5074/ftp_scanner
tcp 0 1 misio:58453 67.5.109.136:21 SYN_SENT 3888/ftp_scanner
tcp 0 20 misio:45079 67.96.18.134:21 ESTABLISHED 5710/ftp_scanner
tcp 0 1 misio:59681 67.44.99.226:21 SYN_SENT 4672/ftp_scanner
tcp 0 20 misio:39814 67.95.7.56:21 ESTABLISHED 5709/ftp_scanner
tcp 0 1 misio:59130 67.13.111.127:21 SYN_SENT 3941/ftp_scanner
tcp 0 1 misio:58871 67.13.111.124:21 SYN_SENT 3941/ftp_scanner
tcp 0 40 misio:59891 67.65.46.125:21 ESTABLISHED 5073/ftp_scanner
tcp 0 15 misio:56592 67.19.9.195:21 ESTABLISHED 4026/ftp_scanner
tcp 0 1 misio:59924 67.13.111.140:21 SYN_SENT -
tcp 0 20 misio:42780 67.99.17.209:21 ESTABLISHED 5836/ftp_scanner
tcp 0 1 misio:59684 67.47.100.166:21 SYN_SENT 4716/ftp_scanner
tcp 0 1 misio:59436 67.14.111.141:21 SYN_SENT 3978/ftp_scanner
tcp 0 112 misio:37523 67.95.6.112:21 ESTABLISHED 5709/ftp_scanner
tcp 0 1 misio:59711 67.25.109.102:21 SYN_SENT -
tcp 0 1 misio:58566 67.14.111.129:21 SYN_SENT 3978/ftp_scanner
tcp 0 1 misio:59181 67.45.109.92:21 SYN_SENT 4608/ftp_scanner
tcp 0 1 misio:59356 67.1.109.143:21 SYN_SENT 3873/ftp_scanner
tcp 0 0 misio:36128 67.96.17.7:21 ESTABLISHED 5710/ftp_scanner
tcp 0 1 misio:58885 67.80.101.40:21 SYN_SENT 5391/ftp_scanner
tcp 0 1 misio:58816 67.50.88.203:21 SYN_SENT 4742/ftp_scanner
tcp 0 46 misio:53386 67.89.97.236:21 ESTABLISHED 5579/ftp_scanner
tcp 0 1 misio:59364 67.68.86.177:21 SYN_SENT 5139/ftp_scanner
tcp 0 1 misio:59896 67.70.88.179:21 SYN_SENT -
udp 0 0 0.0.0.0:32768 0.0.0.0:* 1080/named
udp 0 0 0.0.0.0:1812 0.0.0.0:* 1096/radiusd
udp 0 0 0.0.0.0:1813 0.0.0.0:* 1096/radiusd
udp 0 0 misio:35370 193.110.121.20:53 ESTABLISHED 6464/ipfm
udp 0 0 misio:35371 153.19.250.100:53 ESTABLISHED 6464/ipfm
udp 0 0 misio:35372 193.110.121.20:53 ESTABLISHED 6395/ipfm
udp 0 0 misio:35373 194.204.159.1:53 ESTABLISHED 6464/ipfm
udp 0 0 misio:35374 193.110.121.20:53 ESTABLISHED 6516/ipfm
udp 0 0 misio:35375 153.19.250.100:53 ESTABLISHED 6395/ipfm
udp 0 0 misio:35376 153.19.250.100:53 ESTABLISHED 6516/ipfm
udp 0 0 misio:35377 194.204.159.1:53 ESTABLISHED 6395/ipfm
udp 0 0 192.168.1.1:53 0.0.0.0:* 1080/named
udp 0 0 misio:53 0.0.0.0:* 1080/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 1080/named
udp 0 0 0.0.0.0:67 0.0.0.0:* 1115/dhcpd
udp 0 0 0.0.0.0:111 0.0.0.0:* 1019/portmap
raw 0 0 0.0.0.0:1 0.0.0.0:* 7 1115/dhcpd
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 6 [ ] DGRAM 1154 997/syslogd /dev/log
unix 2 [ ] DGRAM 1597 1124/crond
unix 2 [ ] DGRAM 1554 1115/dhcpd
unix 2 [ ] DGRAM 1470 1080/named
unix 2 [ ] DGRAM 1162 1001/klogd [/quote]
Gwozdziem do mojej trumny byla komenda: ps -aux
Oto co dostałem na konsoli:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 1388 504 ? S 06:00 0:03 init [3]
root 2 0.0 0.0 0 0 ? SW 06:00 0:00 [keventd]
root 3 0.0 0.0 0 0 ? SWN 06:00 0:00 [ksoftirqd_CPU0]
root 4 0.0 0.0 0 0 ? SW 06:00 0:00 [kswapd]
root 5 0.0 0.0 0 0 ? SW 06:00 0:00 [bdflush]
root 6 0.0 0.0 0 0 ? SW 06:00 0:00 [kupdated]
root 7 0.0 0.0 0 0 ? SW< 06:00 0:00 [mdrecoveryd]
root 612 0.0 0.0 0 0 ? SW 06:00 0:00 [kjournald]
root 613 0.0 0.0 0 0 ? SW 06:00 0:00 [kjournald]
root 997 0.0 0.1 1556 680 ? S 06:00 0:01 syslogd -m 0
root 1001 0.0 0.0 1388 460 ? S 06:00 0:00 klogd -x
rpc 1019 0.0 0.1 1552 552 ? S 06:00 0:00 portmap
root 1055 1.3 0.1 1544 620 ? S 06:00 10:42 /usr/sbin/ipfm
root 1066 0.0 0.3 3520 1528 ? S 06:00 0:00 /usr/sbin/sshd
named 1080 0.0 0.9 14488 4768 ? S 06:00 0:19 /usr/sbin/named -u named
root 1096 0.0 0.2 4880 1372 ? S 06:00 0:00 /usr/local/sbin/radiusd
root 1106 0.0 1.6 18704 8252 ? S 06:00 0:00 /usr/sbin/httpd
root 1115 0.0 0.2 2436 1452 ? S 06:00 0:05 /usr/sbin/dhcpd eth1
root 1124 0.0 0.1 1452 608 ? S 06:00 0:00 crond
daemon 1142 0.0 0.1 1428 548 ? S 06:00 0:00 /usr/sbin/atd
apache 1408 0.0 1.6 18844 8512 ? S 06:00 0:00 /usr/sbin/httpd
apache 1418 0.0 1.6 18844 8512 ? S 06:00 0:00 /usr/sbin/httpd
apache 1431 0.0 1.6 18800 8456 ? S 06:00 0:00 /usr/sbin/httpd
apache 1432 0.0 1.6 18844 8512 ? S 06:00 0:00 /usr/sbin/httpd
apache 1445 0.0 1.6 18844 8512 ? S 06:00 0:00 /usr/sbin/httpd
apache 1447 0.0 1.6 18848 8524 ? S 06:00 0:00 /usr/sbin/httpd
apache 1472 0.0 1.6 18844 8516 ? S 06:00 0:00 /usr/sbin/httpd
root 2376 0.0 0.0 1368 416 tty1 S 06:01 0:00 /sbin/mingetty tty1
root 2377 0.0 0.0 1368 416 tty2 S 06:01 0:00 /sbin/mingetty tty2
root 2378 0.0 0.0 1368 416 tty3 S 06:01 0:00 /sbin/mingetty tty3
root 2379 0.0 0.0 1368 416 tty4 S 06:01 0:00 /sbin/mingetty tty4
root 2380 0.0 0.0 1368 416 tty5 S 06:01 0:00 /sbin/mingetty tty5
root 2381 0.0 0.0 1368 416 tty6 S 06:01 0:00 /sbin/mingetty tty6
apache 2986 0.0 1.7 19148 9080 ? S 09:53 0:00 /usr/sbin/httpd
apache 3872 0.0 0.1 43008 988 ? S 15:21 0:00 ./ftp_scanner -h 67.0.0.0 16 -u users -p pass -t 6 -c 20
apache 3873 0.0 0.2 43008 1016 ? S 15:21 0:00 ./ftp_scanner -h 67.1.0.0 16 -u users -p pass -t 6 -c 20
apache 3874 0.0 0.1 43008 988 ? S 15:21 0:00 ./ftp_scanner -h 67.2.0.0 16 -u users -p pass -t 6 -c 20
apache 3875 0.0 0.1 43008 988 ? S 15:21 0:00 ./ftp_scanner -h 67.3.0.0 16 -u users -p pass -t 6 -c 20
apache 3876 0.0 0.1 43008 988 ? S 15:21 0:00 ./ftp_scanner -h 67.4.0.0 16 -u users -p pass -t 6 -c 20
apache 3888 0.0 0.2 43008 1016 ? S 15:21 0:00 ./ftp_scanner -h 67.5.0.0 16 -u users -p pass -t 6 -c 20
apache 3894 0.0 0.1 43008 988 ? S 15:21 0:00 ./ftp_scanner -h 67.6.0.0 16 -u users -p pass -t 6 -c 20
apache 3895 0.0 0.1 43008 988 ? S 15:21 0:00 ./ftp_scanner -h 67.7.0.0 16 -u users -p pass -t 6 -c 20
apache 3909 0.0 0.2 43012 1036 ? S 15:21 0:01 ./ftp_scanner -h 67.8.0.0 16 -u users -p pass -t 6 -c 20
apache 3910 0.0 0.2 43008 1016 ? S 15:21 0:00 ./ftp_scanner -h 67.9.0.0 16 -u users -p pass -t 6 -c 20
apache 3911 0.0 0.2 43008 1016 ? S 15:21 0:00 ./ftp_scanner -h 67.10.0.0 16 -u users -p pass -t 6 -c 20
apache 3939 0.0 0.2 43008 1016 ? S 15:21 0:10 ./ftp_scanner -h 67.11.0.0 16 -u users -p pass -t 6 -c 20
apache 3940 0.0 0.1 43008 988 ? S 15:21 0:01 ./ftp_scanner -h 67.12.0.0 16 -u users -p pass -t 6 -c 20
apache 3941 0.0 0.1 43008 988 ? S 15:21 0:01 ./ftp_scanner -h 67.13.0.0 16 -u users -p pass -t 6 -c 20
apache 3978 0.0 0.2 43008 1016 ? S 15:21 0:01 ./ftp_scanner -h 67.14.0.0 16 -u users -p pass -t 6 -c 20
apache 3979 0.0 0.2 43008 1016 ? S 15:21 0:15 ./ftp_scanner -h 67.15.0.0 16 -u users -p pass -t 6 -c 20
apache 4021 0.0 0.1 43008 988 ? S 15:21 0:00 ./ftp_scanner -h 67.16.0.0 16 -u users -p pass -t 6 -c 20
apache 4024 0.0 0.2 43008 1016 ? S 15:21 0:07 ./ftp_scanner -h 67.17.0.0 16 -u users -p pass -t 6 -c 20
apache 4025 0.0 0.2 43008 1016 ? S 15:21 0:36 ./ftp_scanner -h 67.18.0.0 16 -u users -p pass -t 6 -c 20
apache 4026 0.0 0.2 43008 1016 ? S 15:21 0:15 ./ftp_scanner -h 67.19.0.0 16 -u users -p pass -t 6 -c 20
apache 4082 0.0 0.2 43008 1016 ? S 15:21 0:09 ./ftp_scanner -h 67.20.0.0 16 -u users -p pass -t 6 -c 20
apache 4083 0.0 0.2 43008 1016 ? S 15:21 0:09 ./ftp_scanner -h 67.21.0.0 16 -u users -p pass -t 6 -c 20
apache 4084 0.0 0.2 43008 1016 ? S 15:21 0:00 ./ftp_scanner -h 67.22.0.0 16 -u users -p pass -t 6 -c 20
apache 4146 0.0 0.2 43008 1016 ? S 15:21 0:00 ./ftp_scanner -h 67.23.0.0 16 -u users -p pass -t 6 -c 20
apache 4147 0.0 0.1 43008 988 ? S 15:21 0:00 ./ftp_scanner -h 67.24.0.0 16 -u users -p pass -t 6 -c 20
apache 4148 0.0 0.1 43008 988 ? S 15:21 0:00 ./ftp_scanner -h 67.25.0.0 16 -u users -p pass -t 6 -c 20
apache 4210 0.0 0.1 43008 988 ? S 15:21 0:00 ./ftp_scanner -h 67.26.0.0 16 -u users -p pass -t 6 -c 20
apache 4232 0.0 0.1 43008 988 ? S 15:21 0:00 ./ftp_scanner -h 67.27.0.0 16 -u users -p pass -t 6 -c 20
apache 4233 0.0 0.2 43008 1016 ? S 15:21 0:00 ./ftp_scanner -h 67.28.0.0 16 -u users -p pass -t 6 -c 20
apache 4276 0.0 0.2 43008 1016 ? S 15:21 0:06 ./ftp_scanner -h 67.29.0.0 16 -u users -p pass -t 6 -c 20
apache 4277 0.0 0.2 43008 1016 ? S 15:21 0:00 ./ftp_scanner -h 67.30.0.0 16 -u users -p pass -t 6 -c 20
apache 4278 0.0 0.1 43008 988 ? S 15:21 0:00 ./ftp_scanner -h 67.31.0.0 16 -u users -p pass -t 6 -c 20
apache 4342 0.1 0.2 43012 1036 ? S 15:21 0:33 ./ftp_scanner -h 67.32.0.0 16 -u users -p pass -t 6 -c 20
apache 4343 0.0 0.2 43008 1016 ? S 15:21 0:20 ./ftp_scanner -h 67.33.0.0 16 -u users -p pass -t 6 -c 20
apache 4403 0.0 0.2 43008 1016 ? S 15:21 0:01 ./ftp_scanner -h 67.34.0.0 16 -u users -p pass -t 6 -c 20
apache 4408 0.0 0.2 43008 1016 ? S 15:21 0:05 ./ftp_scanner -h 67.35.0.0 16 -u users -p pass -t 6 -c 20
apache 4409 0.0 0.2 43008 1016 ? S 15:21 0:13 ./ftp_scanner -h 67.36.0.0 16 -u users -p pass -t 6 -c 20
apache 4410 0.0 0.2 43008 1016 ? S 15:21 0:01 ./ftp_scanner -h 67.37.0.0 16 -u users -p pass -t 6 -c 20
apache 4475 0.0 0.2 43008 1016 ? S 15:21 0:01 ./ftp_scanner -h 67.38.0.0 16 -u users -p pass -t 6 -c 20
apache 4476 0.0 0.2 43008 1016 ? S 15:21 0:05 ./ftp_scanner -h 67.39.0.0 16 -u users -p pass -t 6 -c 20
apache 4477 0.0 0.2 43008 1016 ? S 15:21 0:07 ./ftp_scanner -h 67.40.0.0 16 -u users -p pass -t 6 -c 20
apache 4540 0.0 0.2 43008 1016 ? S 15:21 0:02 ./ftp_scanner -h 67.41.0.0 16 -u users -p pass -t 6 -c 20
apache 4561 0.0 0.2 43008 1016 ? S 15:21 0:28 ./ftp_scanner -h 67.42.0.0 16 -u users -p pass -t 6 -c 20
apache 4601 0.2 0.2 43012 1036 ? S 15:21 0:57 ./ftp_scanner -h 67.43.0.0 16 -u users -p pass -t 6 -c 20
apache 4607 0.0 0.2 43008 1016 ? S 15:21 0:02 ./ftp_scanner -h 67.44.0.0 16 -u users -p pass -t 6 -c 20
apache 4608 0.0 0.2 43008 1016 ? S 15:21 0:00 ./ftp_scanner -h 67.45.0.0 16 -u users -p pass -t 6 -c 20
apache 4609 0.0 0.2 43008 1016 ? S 15:21 0:00 ./ftp_scanner -h 67.46.0.0 16 -u users -p pass -t 6 -c 20
apache 4673 0.0 0.2 43008 1016 ? S 15:21 0:02 ./ftp_scanner -h 67.47.0.0 16 -u users -p pass -t 6 -c 20
apache 4697 0.0 0.2 43008 1016 ? S 15:21 0:06 ./ftp_scanner -h 67.48.0.0 16 -u users -p pass -t 6 -c 20
apache 4698 0.0 0.2 43012 1036 ? S 15:21 0:03 ./ftp_scanner -h 67.49.0.0 16 -u users -p pass -t 6 -c 20
apache 4742 0.0 0.2 43008 1016 ? S 15:21 0:09 ./ftp_scanner -h 67.50.0.0 16 -u users -p pass -t 6 -c 20
apache 4743 0.0 0.2 43008 1016 ? S 15:21 0:01 ./ftp_scanner -h 67.51.0.0 16 -u users -p pass -t 6 -c 20
apache 4805 0.1 0.2 43008 1016 ? S 15:21 0:38 ./ftp_scanner -h 67.52.0.0 16 -u users -p pass -t 6 -c 20
apache 4809 0.0 0.2 43012 1036 ? S 15:21 0:16 ./ftp_scanner -h 67.53.0.0 16 -u users -p pass -t 6 -c 20
apache 4810 0.0 0.2 43008 1016 ? S 15:21 0:00 ./ftp_scanner -h 67.54.0.0 16 -u users -p pass -t 6 -c 20
apache 4811 0.0 0.2 43008 1016 ? S 15:21 0:05 ./ftp_scanner -h 67.55.0.0 16 -u users -p pass -t 6 -c 20
apache 4875 0.0 0.1 43008 988 ? S 15:21 0:01 ./ftp_scanner -h 67.56.0.0 16 -u users -p pass -t 6 -c 20
apache 4876 0.0 0.1 43008 988 ? S 15:21 0:01 ./ftp_scanner -h 67.57.0.0 16 -u users -p pass -t 6 -c 20
apache 4877 0.0 0.2 43008 1016 ? S 15:21 0:02 ./ftp_scanner -h 67.58.0.0 16 -u users -p pass -t 6 -c 20
apache 4941 7.4 0.2 43008 1016 ? S 15:21 19:12 ./ftp_scanner -h 67.59.0.0 16 -u users -p pass -t 6 -c 20
apache 4942 0.0 0.2 43008 1016 ? S 15:21 0:01 ./ftp_scanner -h 67.60.0.0 16 -u users -p pass -t 6 -c 20
apache 5005 0.0 0.1 43008 988 ? S 15:21 0:01 ./ftp_scanner -h 67.61.0.0 16 -u users -p pass -t 6 -c 20
apache 5006 0.0 0.2 43008 1016 ? S 15:21 0:11 ./ftp_scanner -h 67.62.0.0 16 -u users -p pass -t 6 -c 20
apache 5007 0.0 0.2 43008 1016 ? S 15:21 0:01 ./ftp_scanner -h 67.63.0.0 16 -u users -p pass -t 6 -c 20
apache 5066 0.0 0.2 43008 1016 ? S 15:21 0:01 ./ftp_scanner -h 67.64.0.0 16 -u users -p pass -t 6 -c 20
apache 5073 0.0 0.2 43008 1016 ? S 15:21 0:07 ./ftp_scanner -h 67.65.0.0 16 -u users -p pass -t 6 -c 20
apache 5074 0.0 0.2 43008 1016 ? S 15:21 0:11 ./ftp_scanner -h 67.66.0.0 16 -u users -p pass -t 6 -c 20
apache 5075 0.0 0.2 43008 1016 ? S 15:21 0:07 ./ftp_scanner -h 67.67.0.0 16 -u users -p pass -t 6 -c 20
apache 5139 0.0 0.2 43012 1036 ? S 15:21 0:04 ./ftp_scanner -h 67.68.0.0 16 -u users -p pass -t 6 -c 20
apache 5140 0.0 0.2 43012 1036 ? S 15:21 0:02 ./ftp_scanner -h 67.69.0.0 16 -u users -p pass -t 6 -c 20
apache 5202 0.0 0.2 43008 1016 ? S 15:21 0:06 ./ftp_scanner -h 67.70.0.0 16 -u users -p pass -t 6 -c 20
apache 5203 0.0 0.2 43008 1016 ? S 15:21 0:11 ./ftp_scanner -h 67.71.0.0 16 -u users -p pass -t 6 -c 20
apache 5204 0.0 0.2 43008 1016 ? S 15:21 0:02 ./ftp_scanner -h 67.72.0.0 16 -u users -p pass -t 6 -c 20
apache 5266 0.0 0.1 43008 988 ? S 15:21 0:00 ./ftp_scanner -h 67.73.0.0 16 -u users -p pass -t 6 -c 20
apache 5267 0.0 0.1 43008 988 ? S 15:21 0:00 ./ftp_scanner -h 67.74.0.0 16 -u users -p pass -t 6 -c 20
apache 5268 0.0 0.1 43008 988 ? S 15:21 0:00 ./ftp_scanner -h 67.75.0.0 16 -u users -p pass -t 6 -c 20
apache 5329 0.0 0.2 43008 1016 ? S 15:21 0:05 ./ftp_scanner -h 67.76.0.0 16 -u users -p pass -t 6 -c 20
apache 5330 0.0 0.2 43008 1016 ? S 15:21 0:11 ./ftp_scanner -h 67.77.0.0 16 -u users -p pass -t 6 -c 20
apache 5331 0.0 0.2 43008 1016 ? S 15:21 0:50 ./ftp_scanner -h 67.78.0.0 16 -u users -p pass -t 6 -c 20
apache 5390 0.0 0.2 43012 1036 ? S 15:21 0:20 ./ftp_scanner -h 67.79.0.0 16 -u users -p pass -t 6 -c 20
apache 5391 0.1 0.2 43008 1016 ? S 15:21 0:27 ./ftp_scanner -h 67.80.0.0 16 -u users -p pass -t 6 -c 20
apache 5392 0.0 0.2 43008 1016 ? S 15:21 0:00 ./ftp_scanner -h 67.81.0.0 16 -u users -p pass -t 6 -c 20
apache 5452 0.0 0.2 43008 1016 ? S 15:21 0:04 ./ftp_scanner -h 67.82.0.0 16 -u users -p pass -t 6 -c 20
apache 5453 0.0 0.2 43008 1016 ? S 15:21 0:06 ./ftp_scanner -h 67.83.0.0 16 -u users -p pass -t 6 -c 20
apache 5454 0.0 0.2 43012 1036 ? S 15:21 0:01 ./ftp_scanner -h 67.84.0.0 16 -u users -p pass -t 6 -c 20
apache 5515 0.0 0.2 43012 1036 ? S 15:21 0:00 ./ftp_scanner -h 67.85.0.0 16 -u users -p pass -t 6 -c 20
apache 5516 0.0 0.2 43008 1016 ? S 15:21 0:12 ./ftp_scanner -h 67.86.0.0 16 -u users -p pass -t 6 -c 20
apache 5517 0.0 0.2 43012 1036 ? S 15:21 0:06 ./ftp_scanner -h 67.87.0.0 16 -u users -p pass -t 6 -c 20
apache 5578 0.0 0.2 43008 1016 ? S 15:21 0:15 ./ftp_scanner -h 67.88.0.0 16 -u users -p pass -t 6 -c 20
apache 5579 0.0 0.2 43008 1016 ? S 15:21 0:00 ./ftp_scanner -h 67.89.0.0 16 -u users -p pass -t 6 -c 20
apache 5580 0.0 0.2 43008 1016 ? S 15:21 0:20 ./ftp_scanner -h 67.90.0.0 16 -u users -p pass -t 6 -c 20
apache 5641 0.0 0.2 43012 1036 ? S 15:21 0:12 ./ftp_scanner -h 67.91.0.0 16 -u users -p pass -t 6 -c 20
apache 5642 0.0 0.2 43008 1016 ? S 15:21 0:07 ./ftp_scanner -h 67.92.0.0 16 -u users -p pass -t 6 -c 20
apache 5643 0.0 0.2 43008 1016 ? S 15:21 0:12 ./ftp_scanner -h 67.93.0.0 16 -u users -p pass -t 6 -c 20
apache 5708 0.0 0.2 43008 1016 ? S 15:21 0:02 ./ftp_scanner -h 67.94.0.0 16 -u users -p pass -t 6 -c 20
apache 5709 0.0 0.2 43008 1016 ? S 15:21 0:07 ./ftp_scanner -h 67.95.0.0 16 -u users -p pass -t 6 -c 20
apache 5710 0.0 0.2 43012 1036 ? S 15:21 0:02 ./ftp_scanner -h 67.96.0.0 16 -u users -p pass -t 6 -c 20
apache 5773 0.0 0.2 43008 1016 ? S 15:21 0:12 ./ftp_scanner -h 67.97.0.0 16 -u users -p pass -t 6 -c 20
apache 5774 0.0 0.2 43012 1036 ? S 15:21 0:15 ./ftp_scanner -h 67.98.0.0 16 -u users -p pass -t 6 -c 20
apache 5836 0.4 0.2 43008 1016 ? S 15:21 1:15 ./ftp_scanner -h 67.99.0.0 16 -u users -p pass -t 6 -c 20
apache 5840 0.0 0.2 43008 1016 ? S 15:21 0:08 ./ftp_scanner -h 67.100.0.0 16 -u users -p pass -t 6 -c 2
root 6865 0.0 0.1 1696 804 ? S 18:59 0:00 /usr/sbin/ipfm
root 6894 0.0 0.1 1696 804 ? S 19:09 0:00 /usr/sbin/ipfm
root 6922 0.0 0.1 1696 800 ? S 19:19 0:00 /usr/sbin/ipfm
root 6940 0.0 0.4 6796 2124 ? S 19:20 0:00 /usr/sbin/sshd
root 6942 0.1 0.2 4480 1440 pts/0 S 19:21 0:00 -bash
root 6983 0.0 0.5 4940 3008 pts/0 R 19:22 0:01 ps -aux
[/quote]
Jak pozbyc sie 'tego' ftp_skanera??? POMOCY!!!
Moze jakies podpowiedzi z waszej strony, propozycje rozwiazania problemu?
(Tylko prosze bez komentarzy, zlosliwosci i innych 'zartow' - i tak mam przerabane)Offline
#2 2007-03-14 19:22:10
czadman - Bicycle repairman
- czadman
- Bicycle repairman
- Skąd: Wrocław
- Zarejestrowany: 2005-07-08
Re: ftp_scanner... co z tym q....[samocenzura] mac zrobic
Masz bardzo duży kłopot, ktoś Ci rozp.... system. Jest zupełnie skompromitowany. Najlepiej wyczyść wszystko i postaw od nowa.
[url=http://www.debian.org/][img]http://www.debian.org/logos/openlogo-nd-50.png[/img][/url]
Offline
#3 2007-03-14 20:07:46
stepien86 - Członek DUG
- stepien86
- Członek DUG
- Skąd: Łódź
- Zarejestrowany: 2006-03-26
Re: ftp_scanner... co z tym q....[samocenzura] mac zrobic
w jaki sposob mogl to ktos zrobic ?? :/
manual ponad wszysytko....konsola ponad manual
Debian GNU Linux
Offline
#4 2007-03-14 20:13:30
Nickleodeon - Członek DUG
- Nickleodeon
- Członek DUG
- Skąd: Drawsko Pomorskie
- Zarejestrowany: 2005-08-19
Re: ftp_scanner... co z tym q....[samocenzura] mac zrobic
no wlasnie - podpinam sie pod pytanie kolegi...
Offline
#5 2007-03-14 23:12:28
czadman - Bicycle repairman
- czadman
- Bicycle repairman
- Skąd: Wrocław
- Zarejestrowany: 2005-07-08
Re: ftp_scanner... co z tym q....[samocenzura] mac zrobic
Nie jestem ekspertem, ale ktoś mógł przeskanować system, wybadać wersje oprogramowania, znaleźć jakiegoś eksploita i wykorzystać do wykonania jakiegoś kodu.
Zainstaluj pakiet debsums i wykonaj polecenie:
Kod:
dpkg -l "*"| grep ii | awk '{print $2}'| debsums -sTrochę potrwa, ale zobaczysz czy masz jakieś pliki pozmieniane.
Polecam jeszcze pakiet tiger.
[url=http://www.debian.org/][img]http://www.debian.org/logos/openlogo-nd-50.png[/img][/url]
Offline
#6 2007-03-19 07:54:56
Nickleodeon - Członek DUG
- Nickleodeon
- Członek DUG
- Skąd: Drawsko Pomorskie
- Zarejestrowany: 2005-08-19
Re: ftp_scanner... co z tym q....[samocenzura] mac zrobic
Myślę, że dobrze kombinujesz - miałem "coś", co można nazwać system dostarczania wiadomości do juzerow. Faktycznie był oparty o skrypty php. W zalerzności od reakcji juzera, modyfikował wpis do iptabli. Niestety apache nie był chrootowany. :(((
W '/tmp' znajduje co jakiś czas różne rzeczy (oczywiście niechciane) - wyrzynam to w p...dę a i tak cos sie znowu pojawia. Dziś zaczynam walkę z Apachem - później napisze co i jak.
Offline
Strony: 1
- Forum Debian Users Gang
- » Sieci i serwery
- » ftp_scanner... co z tym q....[samocenzura] mac zrobic
Informacje debugowania
| Time (s) | Query |
|---|---|
| 0.00018 | SET CHARSET latin2 |
| 0.00012 | SET NAMES latin2 |
| 0.00126 | SELECT u.*, g.*, o.logged FROM punbb_users AS u INNER JOIN punbb_groups AS g ON u.group_id=g.g_id LEFT JOIN punbb_online AS o ON o.ident='3.145.89.181' WHERE u.id=1 |
| 0.00112 | REPLACE INTO punbb_online (user_id, ident, logged) VALUES(1, '3.145.89.181', 1738500209) |
| 0.00056 | SELECT * FROM punbb_online WHERE logged<1738499909 |
| 0.00120 | DELETE FROM punbb_online WHERE ident='3.142.55.62' |
| 0.00099 | SELECT topic_id FROM punbb_posts WHERE id=55333 |
| 0.00072 | SELECT id FROM punbb_posts WHERE topic_id=7199 ORDER BY posted |
| 0.00074 | SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM punbb_topics AS t INNER JOIN punbb_forums AS f ON f.id=t.forum_id LEFT JOIN punbb_forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=7199 AND t.moved_to IS NULL |
| 0.00005 | SELECT search_for, replace_with FROM punbb_censoring |
| 0.00247 | SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM punbb_posts AS p INNER JOIN punbb_users AS u ON u.id=p.poster_id INNER JOIN punbb_groups AS g ON g.g_id=u.group_id LEFT JOIN punbb_online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id=7199 ORDER BY p.id LIMIT 0,25 |
| 0.00109 | UPDATE punbb_topics SET num_views=num_views+1 WHERE id=7199 |
| Total query time: 0.0105 s | |