New on LowEndTalk? Please Register and read our Community Rules.
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Categories
In this Discussion
- 2008-2021 © LowEndBox & LowEndTalk. Privacy Policy. Powered by Vanilla.
Back to Top | LowEndTalk | LowEndBox | Dark Theme Config | Advertise
Comments
probably shouldn't post this publicly -> rename file and gg
ps -Af | grep java | grep shark
ps -Af | grep "./x"
There's a couple others... ./x is an IRC DDoS botnet. Shark just eats up a shitton of CPU. There's another botnet that resides in a ~/g*** folder (can't remember exactly atm).
The problem is, most dumbass's compile from source and don't remove the source. You can rename the file, but I still recognize the code.
Good point!
What about to detect torrenting?
ps -Af | grep python | grep torrentflux
ps -Af | grep transmission
ps -Af | grep rtorrent
The latter two are annoying, kill on detection if node's got a high %LA. The first one is never the cause, only kill if DMCA.
@Rallias, what about netstat output scanning?
http://www.google.com can answer your questions, and many more....
@Damian, what is that site? Is it new?
I would not share these info on public. This will just make it easier for the abusers to abuse my system, knowing and what to rename.
Yeah, ask something that would help many and get accused that you are trolling. You are all paranoid.
@Seriesn it's unlikely a knowledgeable abuser would use standard file naming conventions.
We've had './happy-fun-time.sh' doing port scans to MiT, oh, and './
anal.sh' doing brute forcing to some turkish ISP.The irony.
Said the non-provider :P
pgrep, please.
<Whee, appears I missed a pipe. Oh well>
@Wintereise there's lots of abuse scripts using java
How would you know I'm not a provider? lol
What's netstat?
Sure, completely ignore the part after the second pipe.
Same could be said about C/C++ (Say hello to 'native programs,' might as well start killing those too.)
It applies to every language. You should be filtering by CPU time used, not process names. Some people auto kill/ionice rTorrent/transmission too, which is also not nice, learn to use ioTop rather than being lazy.
An idle rTorrent/Deluge/Transmission instance is probably not causing you issues.
Now that you point that out, logging incoming/outgoing data of one's VM should also not be abuse -- assuming your 'shark' actually points to wireshark.
It's a rare life form found in eastern Kiribati that can survive only by feeding trolls.
Now, only the smart ones know, later, even the dumber ones would know, making my life hell at my dayjob :P
Wireshark wouldn't get picked up by grep java.
I don't autokill. I do use the available heuristic tools to see if it ACTUALLY is causing a mess. I'm just saying transmission and rtorrent often are the case and I kill on site if that is the case. Most the time if I'm feeling nice and they've not attracted a DMCA I'll just drop in and restart the service.
Don't forget to add salt with it. It makes everything better.
Yes, and just a pinch of black pepper.
The only other Shark I can think of is the one that adds Velocity markup.
Which one do you mean anyway?
That wasn't really aimed at you, apologies if it seemed like that. More of a general statement that I've noticed among a few providers here -- some of whom even shared the fact on IRC.
There's a shark.jar that I encountered recently that all it does is forkbomb (I decompiled it to be sure).
Ah, okay. Never encountered it anywhere though, hmm.
Fair enough.
kill Wintereise.exe
I'm extension-less, pffft.