Kill nobody process ps aux grep nobody awk ‘{print $2}’ xargs kill -9 Kill user process ps aux grep apache awk ‘{print $2}’ xargs kill -9  

The following is a first step in finding and removing exploits and root kits on a Linux or BSD system. 1. EXECUTE THE FOLLOWING COMMANDS TO HELP PREVENT UPLOADS OF EXPLOITS: chmod 0750 `which curl` 2>&-; chmod 0750 `which fetch` 2>&-; chmod 0750 `which wget` 2>&- 2. EXECUTE THE FOLLOWING COMMANDS TO CHECK FOR POSSIBLE […]

Q:- How to trace the server load? (Inludes with all application.)   The steps are according to services :- —————————————————————- 1. Apache :- TOP command >> check for many httpd processes Login to WHM >> Check for “Apache ststus”,if find anyone downloading mp3,rar,exe,zip files then suspen that account Also used to check “cpu/memory/Mysql Usage” option from WHM […]

Following script can help you to catch malicious perl scipts uploaded to /tmp. #!/bin/bash #Script designed for http://dantechie.blogspot.com/. Its GNU,FREE,DISTRIBUTABLE ROOTBADSCRIPTS=/root/badperlscripts EMAILLOG=/root/emailperlscriptlog LOAD=`cat /proc/loadavg | awk ‘{print $1, $2, $3}’` HOST=`hostname` TIME=`date` ADMINEMAILS=”,admin@admin.com” if [ ! -e $ROOTBADSCRIPTS ]; then mkdir $ROOTBADSCRIPTS chmod 700 $ROOTBADSCRIPTS fi rm -f $EMAILLOG touch $EMAILLOG for FILES in /tmp/* do […]

1. Your should have following setting at the time of DDOS attack in httpd.conf: TimeOut = 20 KeepAlive Off MaxClients 384 MinSpareServers 20 MaxSpareServers 25 2. in /usr/local/ddos/ddos.conf NO_OF_CONNECTIONS=20 3. You should have 7 SSH session and 1 WHM at the time of DDOS. 4. Check the domlogs to trace out a particular website for […]

vi /etc/exim.conf timeout_frozen_after = 8d ( 8 Days ) /scripts/restartsrv_exim