Hello,
Iam running a apache webserver in CentOS recenlty a hacker has attacked my server using RFI attack and did something in my server.. After that everyday at 8Pm my httpd is using about 5000 pid's actually in normal it takes only about 30 - 40 pid's. and also exim uses 2000 pid's totally my server is overusing...and the system is set to busy...and iam unable to reboot it also...only option for me is to power cycle my server..I've checked my cron jobs if anything set..But no..
Now i wanted to know which script is starting those process..Is it possible to know when the httpd and exim are using too many process...Now the system is busy...but however i logged into my shell..
Any help is appreciated...But i wanted to know which script is running those many process..
I have DirectAdmin, dovecot, exim, proftpd, httpd, named, mysqld, sshd running now..In that exim and httpd are using too many process..