GET Scanner
- Thread starter Titam
- Start date
Looks like somone scanning you for something. What lines with this IP were after these two lines?
I'm not sure a scan would jump you to 800% CPU, but there are many other logs you probably want to check like everything in /var/log and /var/log/exim and /var/log/httpd etc...
Maybe even a runaway cgi script? Were you watching TOP? Has it happened again?
DaveR~
I'm not sure a scan would jump you to 800% CPU, but there are many other logs you probably want to check like everything in /var/log and /var/log/exim and /var/log/httpd etc...
Maybe even a runaway cgi script? Were you watching TOP? Has it happened again?
DaveR~
nobaloney
NoBaloney Internet Svcs - In Memoriam †
It was most likely a hack attack.
Of course your server can't run at 800%; once it runs at 100% it uses all of it's resources and can't use any more.
What output did you see that you interpreted as 800%?
Jeff
Of course your server can't run at 800%; once it runs at 100% it uses all of it's resources and can't use any more.
What output did you see that you interpreted as 800%?
Jeff
mrtg installed, wath "Sat/Sun" http://195.13.58.119/mrtg/load.html
nobaloney
NoBaloney Internet Svcs - In Memoriam †
I don't see a "%" symbol anywhere.
80.0 is interepreted as an average of 80 processes waiting a processor slice during the past minute.
Not that it's not alot; it is. It's just not 800%.
Jeff
80.0 is interepreted as an average of 80 processes waiting a processor slice during the past minute.
Not that it's not alot; it is. It's just not 800%.
Jeff
here http://195.13.58.119/mrtg/cpu.html it was in WPY, weekly graph
nobaloney
NoBaloney Internet Svcs - In Memoriam †
I presume that's output of some monitoring program, possibly MRTG.
Whatever it is, the terminology is wrong. You can't use 800% of anything. Not even a server.
If it uses the same measurement as the top or uptime command, then as I already explained, it's the average number of processes waiting for execution during the last minute. If it's coming from somewhere else, then I have no idea what it is or where it comes from, but it's certainly misleading.
At 100% of resources used your server becomes completley unresponsive, and probably dies shortly thereafter.
Of course by the time most servers reach 800 average processes waiting they're almost completely unresponsive. We've had servers at a bit over 200 which took over an hour to run a "shutdown -r" command.
Jeff
Whatever it is, the terminology is wrong. You can't use 800% of anything. Not even a server.
If it uses the same measurement as the top or uptime command, then as I already explained, it's the average number of processes waiting for execution during the last minute. If it's coming from somewhere else, then I have no idea what it is or where it comes from, but it's certainly misleading.
At 100% of resources used your server becomes completley unresponsive, and probably dies shortly thereafter.
Of course by the time most servers reach 800 average processes waiting they're almost completely unresponsive. We've had servers at a bit over 200 which took over an hour to run a "shutdown -r" command.
Jeff