Hello, i'm experiencing 100% CPU usage from www-data user. command top: Code: Tasks: 99 total, 3 running, 96 sleeping, 0 stopped, 0 zombie Cpu(s): 78.6%us, 21.4%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 1036092k total, 831372k used, 204720k free, 51652k buffers Swap: 746980k total, 0k used, 746980k free, 341864k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND [B]22624 www-data 20 0 4924 2524 896 R 99.7 0.2 18:29.25 perl[/B] 1 root 20 0 2104 688 588 S 0.0 0.1 0:01.64 init 2 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 kthreadd 3 root RT -5 0 0 0 S 0.0 0.0 0:00.00 migration/0 4 root 15 -5 0 0 0 S 0.0 0.0 0:00.02 ksoftirqd/0 5 root RT -5 0 0 0 S 0.0 0.0 0:00.10 watchdog/0 In this forum i've read PHP 5.x Remote Code Execution Exploit ... i would like to fix this ... but ... how can i do ? Do i have to update PHP ?
Seems as if you run a old and vulnerable php version: http://www.howtoforge.com/forums/showthread.php?t=63735
Thanks, i infact did a apt-get update and upgrade but the problem is still there how can i update php to a safe version ?
Solved Thanks ... i'm running a debian lenny and a apt-get update & apt-get upgrade did not solve the problem. Yes i was running a vulnerable PHP version to PHP 5.x Remote Code Execution Exploit anyway i solved installing mod_security, following this tutorial http://www.faqforge.com/linux/apache-mod-security-installation-on-debian-6-0-squeeze/ thanks !!! Now i'm just wondering how to update mod_security ruleset, but i'm not in hurry anymore
lenny is not supported anymore with security updates, so an apt-get update and apt-get upgrade can not solve it unless you update to squeeze.
