Tutorial: August 2011 Archives

XCache 1.3.2

user-pic
Vote 0 Votes

XCache 1.3.2 Release date: 2011-06-04

Apache in /usr/local/apache
php.ini in /usr/local/etc/php.ini

wget http://xcache.lighttpd.net/pub/Releases/1.3.2/xcache-1.3.2.tar.bz2
tar jxf xcache-1.3.2.tar.bz2
cd xcache-1.3.2
phpize --clean
phpize
./configure --enable-xcache --with-php-config=/usr/local/bin/php-config
make
make install
cat xcache.ini >> /usr/local/etc/php.ini

edit /usr/local/etc/php.ini
zend_extension = /usr/local/lib/php/extensions/no-debug-non-zts-20060613/xcache.so
xcache.size = 64M

xcache.so path may different from yours

To check if XCache enabled

# php -i |grep XCache
with XCache v1.3.2, Copyright (c) 2005-2011, by mOo
XCache
XCache Support => enabled

先開命令提示字元視窗(CMD)
netstat -an 看一下 session, 若看到超多 session (超過1000),
Foreign Address 後面都是 :25
那 99% 是中了發送圾垃郵件的木馬,
開機後木馬開始運作, 等 session 都被佔滿了就無法上網.

解決方式:
netstat -anb 看一下是那個執行檔(木馬)在寄 mail,
用 dir/a/s {執行檔名}找出木馬位置,
然後用 unlocker 砍掉, unlocker 會顯示需要重開機,
重開機後應該就會正常了,
木馬的檔名通常會魚目混珠跟系統的程式一樣,
上次處理的 Case 檔名是 winlogon.exe, 正常的 winlogon.exe 在 \windows\system32,
若是在其他位置, 很可能就是木馬.

About this Archive

This page is an archive of entries in the Tutorial category from August 2011.

Tutorial: July 2011 is the previous archive.

Tutorial: December 2012 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives