[Security Issue] "host" command being run through my forum

Started by boogiedown, January 16, 2006, 02:34:41 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

boogiedown

January 16, 2006, 02:34:41 PM Last Edit: January 16, 2006, 03:17:41 PM by boogiedown
My server has been running high lately so a had a friend check it out. He noted that there was 7000 zombie. He new the problem might be someone or something running script through php. Well he temporarily fixed the problem by removing permissions from the "host" command, so apache cant execute the host command anymore. "someone is executing tons of host commands, trying to resolve IP addresses to hostnames". he didnt know too much info on this forum so im just passing the word along if anyone finds this usefull. I did noticed that the zombies did go back to 0, but the server load is still high. he said itshould go down once the script new it cant run anymore

[unknown] im sure you are aware of my issues with my site, getbig. If you can help out, let me know.


running
SMF 1.1 RC2
http://www.getbig.com/php_info.php

Trekkie101

#1
January 16, 2006, 05:45:12 PM
"disable hostname lookups" in the features and settings panel.

boogiedown

#2
January 16, 2006, 10:02:55 PM
im using 1.1 rc2 and cant seem to find that. where is it?

Sverre

#3
January 16, 2006, 10:06:52 PM
Admin > Features and Options > Layout and Options > check Disable hostname lookups?
Print
Go Up Pages1
User actions
Advertisement: