The crap never stops. Found this in http error_log
--09:58:18-- http://www.webxprt.com/orders/inc/lol.txt
(try: 2) => `/tmp/.alekshah2\'
Connecting to www.webxprt.com[70.86.106.154]:80... connected.
HTTP request sent, awaiting response... failed: Connection timed out.
Retrying.
--09:58:23-- http://www.webxprt.com/orders/inc/lol.txt
(try: 2) => `/tmp/.alekshah2\'
Connecting to www.webxprt.com[70.86.106.154]:80... 416 Requested Range Not Satisfiable
09:58:24 ERROR 416: Requested Range Not Satisfiable.
% Total % Received % Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0
5 19309 5 1104 0 0 383 0 0:00:50 0:00:02 0:00:47 593
100 19309 100 19309 0 0 6674 0 0:00:02 0:00:02 0:00:00 10292
failed: Connection timed out.
Retrying.
failed: Connection timed out.
Retrying.
Looks like the site webxprt.com is being put under a heavy attack by various servers including ours by way of /tmp, Apache, wget, curl, phpbb2 and more. My god, who comes up with this junk? The files attached were found in my /tmp dir.
The problem it caused was that it was overloading Apache and crashing MySQL. The first step in mitigation was to delete the files from the /tmp, however they just return. So I then chmod them to 000 and disabled wget. This keeps the code from executing and keeps it from being replaced, so that is good for MySQL, but Apache still is getting the thousands of requests and kinda overloading. You can tell by looking at top processes. After a httpd restart, the processes are 96, then slowly they grow to over 400 plus, all apache due to this problem. Gotta find how to solve that part yet.
