[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] RaQ4.. Possible Hack??? What is ' .bd ' ?
- Subject: Re: [cobalt-users] RaQ4.. Possible Hack??? What is ' .bd ' ?
- From: "Bill" <bill@xxxxxxxxxxxxxxxxxxxx>
- Date: Sun Feb 11 03:00:57 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
>I rebooted one of my RaQ4's today and I'm getting some
> strange runaway process. ( .bd command). Normally, this RaQ4 has about
> 70-75 total processes. Today, it's been running over 300 processes
> Has anyone ever seen such a thing on your RaQ? Does anyone know what the
> process .bd is? I've checked the archives, the linux sites, the apache
> sites and I can't find any mention of it
I found this file, '.bd'. It was located in
/usr/doc/.bd
It was causing hundreds of runaway processes on the server that caused
server load to increase dramatically. I spent the last 48 hours fighting to
keep the server from dieing.... killing processes left and right.
I do not know what the hell it was, but I checked my other RaQ4 servers and
they did not have this file in that directory. So, I backed up this '.bd'
file and deleted it. I then restarted the server. After I did this, the
server returned to normal.
I looked at the file under vi to see what it was, and it was encrypted....
but I did see two words in there....
CYA & HIJACK.
I may just be paranoid, but I think someone might have hacked in and put
this there. Anyone else heard of this strange file? I updated the raq with
the Bind Patch... but not until after this problem had begun-- though I
don't think it was a bind hack.
Thanks,
Bill