Linux operation and maintenance - Linux is hacked and a certain process keeps making http requests. How to find it?
I deployed a 3proxy open proxy on a test linux, but it suddenly became slow recently,
Check the log
1496802724.583 PROXY.8989 00522 - 219.82.139.89:51665 219.82.139.89:12345 43719 0 0 GET_http://219.82.139.89:12345/squid-internal-periodic/store_digest_HTTP/1.1
1496802724.887 PROXY.8989 00522 - 219.82.139.89:48103 219.82.139.89:12345 45533 0 0 GET_http://219.82.139.89:12345/squid-internal-periodic/store_digest_HTTP/1.1
1496802724.926 PROXY.8989 00000 - 0.0.0.0:0 0.0.0.0:0 0 0 0 Warning:_too_many_connected_clients_(100/100)
1496802725.198 PROXY.8989 00522 - 219.82.139.89:48107 219.82.139.89:12345 55196 0 0 GET_http://219.82.139.89:12345/squid-internal-dynamic/netdb_HTTP/1.1
1496802725.523 PROXY.8989 00522 - 219.82.139.89:50957 219.82.139.89:12345 53560 0 0 GET_http://219.82.139.89:12345/squid-internal-dynamic/netdb_HTTP/1.1
I judge that a program on this machine keeps requesting the local proxy 219.82.139.89:12345, causing resource exhaustion
Some instructions
I don’t know why the request is madehttp://219.82.139.89:12345/squid-internal-dynamic
I don’t have squid installed either
top No suspicious process found either
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
6245 root 20 0 14852 9224 0 S 4.0 0.1 102:27.15 3proxy
549 root -51 0 0 0 0 S 2.3 0.0 237:37.93 irq/28-iwlwifi
18361 redis 20 0 41876 8640 2600 S 0.3 0.1 90:43.13 redis-server
20800 root 20 0 43676 3796 3020 R 0.3 0.0 0:00.04 top
1 root 20 0 119720 5932 4068 S 0.0 0.1 0:58.58 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.85 kthreadd
3 root 20 0 0 0 0 S 0.0 0.0 0:03.05 ksoftirqd/0
5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H
7 root 20 0 0 0 0 S 0.0 0.0 88:05.96 rcu_sched
8 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_bh
9 root rt 0 0 0 0 S 0.0 0.0 0:00.37 migration/0
10 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 lru-add-drainIs there any way to solve this problem?
