Community Forums
Connect with us on LinkedIn
Community Notice
server load - > a ?!? top process
  
+ Reply to Thread
Results 1 to 3 of 3
  1. 11-17-2004 04:52 AM #1
    mahdionline
    mahdionline is offline
    Member mahdionline's Avatar
    Join Date
    Oct 2003
    Posts
    127

    Default server load - > a ?!? top process

    Hi

    While processing, the cpu has been maxed out for more then a 6 hour period. The current load/uptime line on the server at the time of
    this email is 12:02pm up 2 days, 1:03, 0 users, load average: 4.82, 4.75, 4.73

    and in top of our process :

    ./stealth 82.78.39.226 99999999999999999999999999999999999999999

    what's this process ?

    Regard
    Mahdionline
    Reply With Quote Reply With Quote
  2. 11-17-2004 05:05 AM #2
    chirpy
    chirpy is offline
    Super Moderator This forum account has been confirmed by cPanel staff to represent a vendor. chirpy's Avatar
    Join Date
    Jun 2002
    Location
    Go on, have a guess
    Posts
    13,495

    Default

    Looks like a DOS hacking tool. You should be able to find it (if it's still running) quickly with:

    lsof | grep stealth

    Then kill off the running process, move the file from wherever it is and investigate how your server was breached - most likely through a vulberable perl CGI or PHP script.
    Jonathan Michaelson

    Need your cPanel servers secured and tuned?
    cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
    Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
    http://www.configserver.com
    Reply With Quote Reply With Quote
  3. 11-19-2004 12:49 PM #3
    mahdionline
    mahdionline is offline
    Member mahdionline's Avatar
    Join Date
    Oct 2003
    Posts
    127

    Default

    one of my friend check our server and say to me :

    It appears your've been compromised through /dev/shm, however it appears to be an apache exploit, and not root level. I was unable to find the aforementioned "stealth" file on your system.

    what's the /dev/shm ? and what is different between apche exploid and root level ?

    and how can I check more about this ?

    Regard
    Mahdionline
    Reply With Quote Reply With Quote
«   wish to buy italian language file | Allow Access from two IPs Only »     
Similar Threads & Tags
Similar threads

  1. What is "whostmgr2 - top ./top"? - Load/CPU randomly high then low again?
    By olafadmin in forum Optimization
    Replies: 11
    Last Post: 08-17-2010, 06:39 PM
  2. High server load with nobody httpd process.
    By xxingan in forum Optimization
    Replies: 14
    Last Post: 02-03-2010, 09:59 AM
  3. High server load with nobody httpd process.
    By xxingan in forum cPanel and WHM Discussions
    Replies: 11
    Last Post: 01-15-2010, 07:01 AM
  4. Server Load - i/o process
    By deieno in forum cPanel and WHM Discussions
    Replies: 0
    Last Post: 05-07-2009, 10:38 AM
  5. Server Load and Top
    By buabco in forum cPanel and WHM Discussions
    Replies: 4
    Last Post: 08-19-2007, 11:00 AM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube