Apache ( nobody ) Command and server load > 25

**ezztro** · 12-22-2004 09:03 AM

Hi,

since last night, a have 50 - 100 nobody Pids running with this command:

sh - c chmod 0777 /home/username/public_html/

what is apache 24/7 doing with chmod 0777 ?

**haze** · 12-22-2004 09:58 AM

That looks suspicious to me mate, i'd have a qualified system admin take a look at the box ASAP and make sure its not compromised. Hope you have backups.

**ezztro** · 12-22-2004 12:13 PM

Hm,

i think its OSCommerce with Image Cache.

The Command sh -c chmod 0777 is using the OSC Path of this cPanel account...

**haze** · 12-22-2004 12:19 PM

Why would it need to modify the public_html folder to 777 ? I don't understand, i've never seen that sort of functionality in OSC unless its new ?

The reason i said its sus is because its chmoding the public_html folder from what you said. Which just sort of rings out as a possible mass defacement program of some kind.. We don't the access to your server so, i can't say for sure.

**haze** · 12-22-2004 12:22 PM

Are you saying that its origonating from the oscommerce install ? If so, is the oscommerce out of date or have any known vulnerabilites? It could be someone trying to bugger with your system via a vuln.

LinkBack

Thread Tools

Apache ( nobody ) Command and server load > 25

Apache cause server high load

Heavy server load - apache

High server load problem (apache/mysql)

php wont load, ssl stops working, i restart apache and they load, but then they load