Results 1 to 4 of 4
  1. #1
    Join Date
    Oct 2002
    Location
    Virginia
    Posts
    787

    lwp-download? what is it

    last night my server load went crazy (100+), alot of instances of PERL were showing in TOP, I also noticed the GET command and instances of LWP-DOWNLOAD , I googled LWP-DOWNLOAD and it seems to be a perl script for download large files, which I was not doing, I only host my own sites and a few friends, noone has ssh but me

    I opened a tk with my server co, they said they found a script running in TMP, disabled it and said they hardened the TMP folder (although I just had this done by 2 other server admin co's in the last few weeks)

    no load problems tonight but I see another instance of LWP-DOWNLOAD while viewing top, is this something normal in the server or do I need to have an admin dig deeper and see whats going on?

    thanks in advance for any info
    UrlRedo.com - short URL service

  2. #2
    Join Date
    Oct 2002
    Location
    Virginia
    Posts
    787
    this is what i found doing whereis...

    root@ [~]# whereis lwp-download
    lwp-download: /usr/bin/lwp-download /usr/share/man/man1/lwp-download.1.gz /usr/share/man/man1/lwp-download.1
    root@ [~]#
    UrlRedo.com - short URL service

  3. #3
    Join Date
    Jun 2003
    Location
    World Wide Web
    Posts
    581
    As you mentioned, lwp-download is used to fetch large files from the web.
    You would need to check if any particular user or script is running the instances of lwp-download. Server updates would also be using lwp-download for fetching the updates, and that is normal. Even in such a case, the update can get stuck at any point(for example, when running out of mirrors), which in turn can cause load on the server.
    If you already found malicious or suspicious scripts running from /tmp, it would always be good to dig deeper and make sure the source or any other vulnerabilty is completely removed.
    SupportExpertz.com - the name says it all!
    Managed Cloud Servers
    Server Management and Monitoring
    24x7 outsourced customer support

  4. #4
    Join Date
    Oct 2006
    Posts
    44
    I agree with logicsupport, at this point you'll want to make sure this isn't a malicious script. The /usr/bin/lwp-download is the command being used. What you want to find out is what's calling that program, and why.
    Andrew
    Spry VPS Hosting cPanel VPS, Plesk VPS, Webmin VPS, Shared, Domain Registration, Dedicated and Colo
    VPSLink Cheap VPS accounts CentOS, Fedora 4/5/6, RHEL, Gentoo, Debian, Ubuntu -- Dapper/Edgy, Slackware, OpenSUSE, LAMP + Ruby pre-installed available

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •