asked on
Something is done via perl on webserver - how can i find the causing script ?
Hi,
on a webserver there is something wrong (in my opinion). Perl is using much CPU. If i use lsof on its PID, i get this:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
perl 693 uvftpzg cwd DIR 8,1 4096 2 /
perl 693 uvftpzg rtd DIR 8,1 4096 2 /
perl 693 uvftpzg txt REG 8,5 1648400 17983266 /usr/bin/perl
perl 693 uvftpzg mem REG 8,5 31512 17796254 /usr/lib/perl5/5.10.0/x86_
perl 693 account6663 mem REG 8,5 27464 51082960 /usr/lib/perl5/5.10.0/x86_
perl 693 account6663 mem REG 8,1 1495120 783548 /lib64/libc-2.8.so
perl 693 account6663 mem REG 8,1 142867 783542 /lib64/libpthread-2.8.so
perl 693 account6663 mem REG 8,1 61240 783534 /lib64/libcrypt-2.8.so
perl 693 account6663 mem REG 8,1 16040 783530 /lib64/libdl-2.8.so
perl 693 account6663 mem REG 8,1 380776 783535 /lib64/libm-2.8.so
perl 693 account6663 mem REG 8,1 131240 783549 /lib64/ld-2.8.so
perl 693 account6663 0r FIFO 0,5 0t0 84033 pipe
perl 693 account6663 1w FIFO 0,5 0t0 84034 pipe
perl 693 account6663 2w FIFO 0,5 0t0 84035 pipe
perl 693 account6663 3u IPv4 146573 0t0 TCP domainname.com:56158->ns1.
perl 693 account6663 187r FIFO 0,5 0t0 8206 pipe
perl 693 account6663 188w FIFO 0,5 0t0 8206 pipe
perl 693 account6663 189r FIFO 0,5 0t0 8207 pipe
perl 693 account6663 190w FIFO 0,5 0t0 8207 pipe
What exactly does this mean ? I dont know "ns1.openhost.lv:arcp" ...
How can i find out which script is used for this ?
Thanks
on a webserver there is something wrong (in my opinion). Perl is using much CPU. If i use lsof on its PID, i get this:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
perl 693 uvftpzg cwd DIR 8,1 4096 2 /
perl 693 uvftpzg rtd DIR 8,1 4096 2 /
perl 693 uvftpzg txt REG 8,5 1648400 17983266 /usr/bin/perl
perl 693 uvftpzg mem REG 8,5 31512 17796254 /usr/lib/perl5/5.10.0/x86_
perl 693 account6663 mem REG 8,5 27464 51082960 /usr/lib/perl5/5.10.0/x86_
perl 693 account6663 mem REG 8,1 1495120 783548 /lib64/libc-2.8.so
perl 693 account6663 mem REG 8,1 142867 783542 /lib64/libpthread-2.8.so
perl 693 account6663 mem REG 8,1 61240 783534 /lib64/libcrypt-2.8.so
perl 693 account6663 mem REG 8,1 16040 783530 /lib64/libdl-2.8.so
perl 693 account6663 mem REG 8,1 380776 783535 /lib64/libm-2.8.so
perl 693 account6663 mem REG 8,1 131240 783549 /lib64/ld-2.8.so
perl 693 account6663 0r FIFO 0,5 0t0 84033 pipe
perl 693 account6663 1w FIFO 0,5 0t0 84034 pipe
perl 693 account6663 2w FIFO 0,5 0t0 84035 pipe
perl 693 account6663 3u IPv4 146573 0t0 TCP domainname.com:56158->ns1.
perl 693 account6663 187r FIFO 0,5 0t0 8206 pipe
perl 693 account6663 188w FIFO 0,5 0t0 8206 pipe
perl 693 account6663 189r FIFO 0,5 0t0 8207 pipe
perl 693 account6663 190w FIFO 0,5 0t0 8207 pipe
What exactly does this mean ? I dont know "ns1.openhost.lv:arcp" ...
How can i find out which script is used for this ?
Thanks
Apache Web ServerLinux SecurityPerl
Last Comment
loosain