What PHP scripts are running on my server?

Forum Moderators: bakedjake

Message Too Old, No Replies

What PHP scripts are running on my server?

php scripts running

rubenbla

11:00 am on Dec 7, 2007 (gmt 0)

Hi:

I suspect my (Fedora Core 3) server is being attacked by a spammer via an insecure PHP mail form. Qmail queue doesn't stop growing up.

My question is, is there any Linux command that shows what php scripts are being run at a certain moment? I found something like:

lsof +r 1 -p `ps axww Ś grep httpd Ś grep -v grep Ś awk ' { if(!str) { str=$1 } else { str=str","$1}}END{print str}'` Ś grep vhosts Ś grep php

but it doesn't seem to work.

Thanks for your help.
Rubén.

MattyMoose

5:24 am on Dec 8, 2007 (gmt 0)

The easiest would actually be to look through your Apache site logs, I would say... Trying to 'catch' a file request to your php file would be hard to do, since Apache (via mod_php) won't keep your .php file open the whole time, only to read it, then it parses it in memory.

rubenbla

8:23 am on Dec 10, 2007 (gmt 0)

Thanks MattyMoose:

I'll try that. The only problem is there are more than 100 access_logs.

Cheers.

iwannano1

6:08 pm on Dec 11, 2007 (gmt 0)

Use apache mod_status to see all running scripts: [httpd.apache.org...]