Community Forums
Connect with us on LinkedIn
Suspicious process ? Can some one please have a look?
  
+ Reply to Thread
Results 1 to 5 of 5
  1. 10-03-2010 05:37 AM #1
    Fakher
    Fakher is offline
    Member Fakher's Avatar
    Join Date
    Sep 2010
    Location
    Pakistan
    Posts
    8
    Send a message via MSN to Fakher

    Default Suspicious process ? Can some one please have a look?

    Look at this email alert I am getting.....
    I am getting TONs of these....

    you can say over 200 daily....

    Time: Sun Oct 3 14:32:14 2010 +0400
    PID: 16315
    Account: newmoney
    Uptime: 73 seconds


    Executable:

    /usr/bin/php


    Command Line (often faked in exploits):

    /usr/bin/php -f /home/newmoney/public_html/autogidas/scrape.php


    Network connections by the process (if any):

    tcp: 212.95.45.107:49324 -> 79.142.113.248:80


    Files open by the process (if any):



    Memory maps by the process (if any):

    08048000-08741000 r-xp 00000000 08:11 120769792 /usr/bin/php
    08741000-0877c000 rw-p 006f9000 08:11 120769792 /usr/bin/php
    0877c000-08786000 rw-p 0877c000 00:00 0
    09e72000-0a0d1000 rw-p 09e72000 00:00 0 [heap]
    b706b000-b7075000 r-xp 00000000 08:11 120523583 /lib/libnss_files-2.5.so
    b7075000-b7076000 r--p 00009000 08:11 120523583 /lib/libnss_files-2.5.so
    b7076000-b7077000 rw-p 0000a000 08:11 120523583 /lib/libnss_files-2.5.so
    b7077000-b709d000 r-xp 00000000 08:11 121275563 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/suhosin.so
    b709d000-b70a2000 rw-p 00025000 08:11 121275563 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/suhosin.so
    b70a2000-b70a4000 rw-p b70a2000 00:00 0
    b70a4000-b71ef000 r-xp 00000000 08:11 121458110 /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so
    b71ef000-b7200000 rw-p 0014b000 08:11 121458110 /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so
    b7200000-b7205000 rw-p b7200000 00:00 0
    b7205000-b72f1000 r-xp 00000000 08:11 121373331 /usr/local/IonCube/ioncube_loader_lin_5.2.so
    b72f1000-b72f6000 rw-p 000eb000 08:11 121373331 /usr/local/IonCube/ioncube_loader_lin_5.2.so
    b7331000-b7335000 r-xp 00000000 08:11 120523541 /lib/libnss_dns-2.5.so
    b7335000-b7336000 r--p 00003000 08:11 120523541 /lib/libnss_dns-2.5.so
    b7336000-b7337000 rw-p 00004000 08:11 120523541 /lib/libnss_dns-2.5.so
    b7337000-b733a000 rw-p b7337000 00:00 0
    b733a000-b7375000 r-xp 00000000 08:11 120523734 /lib/libsepol.so.1
    b7375000-b7376000 rw-p 0003b000 08:11 120523734 /lib/libsepol.so.1
    b7376000-b7380000 rw-p b7376000 00:00 0
    b7380000-b7396000 r-xp 00000000 08:11 120522864 /lib/libselinux.so.1
    b7396000-b7398000 rw-p 00015000 08:11 120522864 /lib/libselinux.so.1
    b7398000-b73ad000 r-xp 00000000 08:11 120523591 /lib/libpthread-2.5.so
    b73ad000-b73ae000 r--p 00015000 08:11 120523591 /lib/libpthread-2.5.so
    b73ae000-b73af000 rw-p 00016000 08:11 120523591 /lib/libpthread-2.5.so
    b73af000-b73b1000 rw-p b73af000 00:00 0
    b73b1000-b73b3000 r-xp 00000000 08:11 120523810 /lib/libkeyutils-1.2.so
    b73b3000-b73b4000 rw-p 00001000 08:11 120523810 /lib/libkeyutils-1.2.so
    b73b4000-b73bc000 r-xp 00000000 08:11 120737337 /usr/lib/libkrb5support.so.0.1
    b73bc000-b73bd000 rw-p 00007000 08:11 120737337 /usr/lib/libkrb5support.so.0.1
    b73bd000-b73be000 rw-p b73bd000 00:00 0
    b73be000-b73c3000 r-xp 00000000 08:11 120737859 /usr/lib/libXdmcp.so.6.0.0
    b73c3000-b73c4000 rw-p 00004000 08:11 120737859 /usr/lib/libXdmcp.so.6.0.0
    b73c4000-b73c6000 r-xp 00000000 08:11 120737821 /usr/lib/libXau.so.6.0.0
    b73c6000-b73c7000 rw-p 00001000 08:11 120737821 /usr/lib/libXau.so.6.0.0
    b73c7000-b73de000 r-xp 00000000 08:11 120523822 /lib/libaudit.so.0.0.0
    b73de000-b73e0000 rw-p 00016000 08:11 120523822 /lib/libaudit.so.0.0.0
    b73e0000-b73eb000 r-xp 00000000 08:11 120523003 /lib/libgcc_s-4.1.2-20080825.so.1
    b73eb000-b73ec000 rw-p 0000a000 08:11 120523003 /lib/libgcc_s-4.1.2-20080825.so.1
    b73ec000-b753e000 r-xp 00000000 08:11 120523342 /lib/libc-2.5.so
    b753e000-b7540000 r--p 00152000 08:11 120523342 /lib/libc-2.5.so
    b7540000-b7541000 rw-p 00154000 08:11 120523342 /lib/libc-2.5.so
    b7541000-b7545000 rw-p b7541000 00:00 0
    b7545000-b76ab000 r-xp 00000000 08:11 121274538 /opt/xml2/lib/libxml2.so.2.7.6
    b76ab000-b76b0000 rw-p 00165000 08:11 121274538 /opt/xml2/lib/libxml2.so.2.7.6
    b76b0000-b76b1000 rw-p b76b0000 00:00 0
    b76b1000-b76b8000 r-xp 00000000 08:11 120523707 /lib/librt-2.5.so
    b76b8000-b76b9000 r--p 00007000 08:11 120523707 /lib/librt-2.5.so
    b76b9000-b76ba000 rw-p 00008000 08:11 120523707 /lib/librt-2.5.so
    b76ba000-b76ea000 r-xp 00000000 08:11 120737967 /usr/lib/libidn.so.11.5.19
    b76ea000-b76eb000 rw-p 0002f000 08:11 120737967 /usr/lib/libidn.so.11.5.19
    b76eb000-b7735000 r-xp 00000000 08:11 121245044 /opt/curlssl/lib/libcurl.so.4.2.0
    b7735000-b7737000 rw-p 00049000 08:11 121245044 /opt/curlssl/lib/libcurl.so.4.2.0
    b7737000-b7739000 r-xp 00000000 08:11 120523731 /lib/libcom_err.so.2.1
    b7739000-b773a000 rw-p 00001000 08:11 120523731 /lib/libcom_err.so.2.1
    b773a000-b775f000 r-xp 00000000 08:11 120737689 /usr/lib/libk5crypto.so.3.1
    b775f000-b7760000 rw-p 00025000 08:11 120737689 /usr/lib/libk5crypto.so.3.1
    b7760000-b7761000 rw-p b7760000 00:00 0
    b7761000-b77f4000 r-xp 00000000 08:11 120737713 /usr/lib/libkrb5.so.3.3
    b77f4000-b77f7000 rw-p 00092000 08:11 120737713 /usr/lib/libkrb5.so.3.3
    b77f7000-b7823000 r-xp 00000000 08:11 120737686 /usr/lib/libgssapi_krb5.so.2.2
    b7823000-b7824000 rw-p 0002c000 08:11 120737686 /usr/lib/libgssapi_krb5.so.2.2
    b7824000-b7839000 r-xp 00000000 08:11 120523485 /lib/libnsl-2.5.so
    b7839000-b783a000 r--p 00014000 08:11 120523485 /lib/libnsl-2.5.so
    b783a000-b783b000 rw-p 00015000 08:11 120523485 /lib/libnsl-2.5.so
    b783b000-b783d000 rw-p b783b000 00:00 0
    b783d000-b7864000 r-xp 00000000 08:11 120523460 /lib/libm-2.5.so
    b7864000-b7865000 r--p 00026000 08:11 120523460 /lib/libm-2.5.so
    b7865000-b7866000 rw-p 00027000 08:11 120523460 /lib/libm-2.5.so
    b7866000-b7876000 r-xp 00000000 08:11 120523695 /lib/libresolv-2.5.so
    b7876000-b7877000 r--p 0000f000 08:11 120523695 /lib/libresolv-2.5.so
    b7877000-b7878000 rw-p 00010000 08:11 120523695 /lib/libresolv-2.5.so
    b7878000-b787a000 rw-p b7878000 00:00 0
    b787a000-b78b4000 r-xp 00000000 08:11 121228263 /opt/pcre/lib/libpcre.so.0.0.1
    b78b4000-b78b5000 rw-p 00039000 08:11 121228263 /opt/pcre/lib/libpcre.so.0.0.1
    b78b5000-b78b6000 rw-p b78b5000 00:00 0
    b78b6000-b78c6000 r-xp 00000000 08:11 120737343 /usr/lib/libbz2.so.1.0.3
    b78c6000-b78c7000 rw-p 00010000 08:11 120737343 /usr/lib/libbz2.so.1.0.3
    b78c7000-b78e8000 r-xp 00000000 08:11 120737345 /usr/lib/libjpeg.so.62.0.0
    b78e8000-b78e9000 rw-p 00020000 08:11 120737345 /usr/lib/libjpeg.so.62.0.0
    b78e9000-b790e000 r-xp 00000000 08:11 120737827 /usr/lib/libpng12.so.0.10.0
    b790e000-b790f000 rw-p 00024000 08:11 120737827 /usr/lib/libpng12.so.0.10.0
    b790f000-b791f000 r-xp 00000000 08:11 120737879 /usr/lib/libXpm.so.4.11.0
    b791f000-b7920000 rw-p 00010000 08:11 120737879 /usr/lib/libXpm.so.4.11.0
    b7920000-b7a1f000 r-xp 00000000 08:11 120737863 /usr/lib/libX11.so.6.2.0
    b7a1f000-b7a23000 rw-p 000ff000 08:11 120737863 /usr/lib/libX11.so.6.2.0
    b7a23000-b7aa0000 r-xp 00000000 08:11 120737819 /usr/lib/libfreetype.so.6.3.10
    b7aa0000-b7aa3000 rw-p 0007d000 08:11 120737819 /usr/lib/libfreetype.so.6.3.10
    b7aa3000-b7aa4000 rw-p b7aa3000 00:00 0
    b7aa4000-b7aae000 r-xp 00000000 08:11 120523756 /lib/libpam.so.0.81.5
    b7aae000-b7aaf000 rw-p 0000a000 08:11 120523756 /lib/libpam.so.0.81.5
    b7aaf000-b7bd9000 r-xp 00000000 08:11 120523766 /lib/libcrypto.so.0.9.8e
    b7bd9000-b7bec000 rw-p 00129000 08:11 120523766 /lib/libcrypto.so.0.9.8e
    b7bec000-b7bf0000 rw-p b7bec000 00:00 0
    b7bf0000-b7c34000 r-xp 00000000 08:11 120523768 /lib/libssl.so.0.9.8e
    b7c34000-b7c38000 rw-p 00043000 08:11 120523768 /lib/libssl.so.0.9.8e
    b7c38000-b7c3b000 r-xp 00000000 08:11 120523430 /lib/libdl-2.5.so
    b7c3b000-b7c3c000 r--p 00002000 08:11 120523430 /lib/libdl-2.5.so
    b7c3c000-b7c3d000 rw-p 00003000 08:11 120523430 /lib/libdl-2.5.so
    b7c3d000-b7c43000 r-xp 00000000 08:11 120738611 /usr/lib/libltdl.so.3.1.4
    b7c43000-b7c44000 rw-p 00005000 08:11 120738611 /usr/lib/libltdl.so.3.1.4
    b7c44000-b7c71000 r-xp 00000000 08:11 121458034 /opt/libmcrypt/lib/libmcrypt.so.4.4.8
    b7c71000-b7c74000 rw-p 0002c000 08:11 121458034 /opt/libmcrypt/lib/libmcrypt.so.4.4.8
    b7c74000-b7c7b000 rw-p b7c74000 00:00 0
    b7c7b000-b7da7000 r-xp 00000000 08:11 120738590 /usr/lib/libmysqlclient.so.15.0.0
    b7da7000-b7dd6000 rw-p 0012c000 08:11 120738590 /usr/lib/libmysqlclient.so.15.0.0
    b7dd6000-b7dd7000 rw-p b7dd6000 00:00 0
    b7dd7000-b7df6000 r-xp 00000000 08:11 120523791 /lib/libexpat.so.0.5.0
    b7df6000-b7df8000 rw-p 0001e000 08:11 120523791 /lib/libexpat.so.0.5.0
    b7df8000-b7e0a000 r-xp 00000000 08:11 120738048 /usr/lib/libz.so.1.2.3
    b7e0a000-b7e0b000 rw-p 00011000 08:11 120738048 /usr/lib/libz.so.1.2.3
    b7e0b000-b7e14000 r-xp 00000000 08:11 120523406 /lib/libcrypt-2.5.so
    b7e14000-b7e15000 r--p 00008000 08:11 120523406 /lib/libcrypt-2.5.so
    b7e15000-b7e16000 rw-p 00009000 08:11 120523406 /lib/libcrypt-2.5.so
    b7e16000-b7e3d000 rw-p b7e16000 00:00 0
    b7e44000-b7f22000 r-xp 00000000 08:11 120737669 /usr/lib/libstdc++.so.6.0.8
    b7f22000-b7f25000 r--p 000dd000 08:11 120737669 /usr/lib/libstdc++.so.6.0.8
    b7f25000-b7f27000 rw-p 000e0000 08:11 120737669 /usr/lib/libstdc++.so.6.0.8
    b7f27000-b7f2e000 rw-p b7f27000 00:00 0
    b7f2e000-b7f49000 r-xp 00000000 08:11 120523335 /lib/ld-2.5.so
    b7f49000-b7f4a000 r--p 0001a000 08:11 120523335 /lib/ld-2.5.so
    b7f4a000-b7f4b000 rw-p 0001b000 08:11 120523335 /lib/ld-2.5.so
    bf9bd000-bf9d2000 rwxp 7ffffffea000 00:00 0 [stack]
    █ Cheap Unlimited Offshore cPanel Shared, Reseller and Master Hosting Account
    Cheap Google Adword Vouchers
    Reply With Quote Reply With Quote
  2. 10-03-2010 06:26 AM #2
    Fakher
    Fakher is offline
    Member Fakher's Avatar
    Join Date
    Sep 2010
    Location
    Pakistan
    Posts
    8
    Send a message via MSN to Fakher

    Default

    disabling or giving a high value to PT_LIMIT is a safe way to avoid these mails?
    █ Cheap Unlimited Offshore cPanel Shared, Reseller and Master Hosting Account
    Cheap Google Adword Vouchers
    Reply With Quote Reply With Quote
  3. 10-03-2010 09:20 PM #3
    whr
    whr is offline
    Member
    Join Date
    Jul 2009
    Location
    India
    Posts
    21

    Default

    Check your cron jobs and see if you have set to send notifications via email.
    WebHostRepo:: The Ultimate Support Repository
    Official Site: http://www.webhostrepo.com
    Official Blog: http://webhostrepo.com/blog/
    Reply With Quote Reply With Quote
  4. 10-08-2010 01:08 PM #4
    jj@24khost
    jj@24khost is offline
    Member
    Join Date
    May 2009
    Posts
    45

    Default

    are these coming from lfd?

    I get these all the time about suspicious processes.
    Reply With Quote Reply With Quote
  5. 10-08-2010 05:51 PM #5
    Infopro
    Infopro is offline
    cPanel Product Evangelist Infopro's Avatar
    Join Date
    May 2003
    Location
    Pennsylvania
    Posts
    7,894
    cPanel/Enkompass Access Level

    Root Administrator

    Wink

    ConfigServer Forums has a wealth of Info you might have an interest in:
    ConfigServer Scripts Forum - View topic - Process Tracking and csf.pignore
    Reply With Quote Reply With Quote
«   Error When Opening website | Convert Default Addresses to :fail: »     
Similar Threads & Tags
Similar threads

  1. Suspicious process running under user nobody
    By smithster in forum Security
    Replies: 2
    Last Post: 08-17-2010, 06:21 PM
  2. Suspicious process question
    By Hawley in forum New User Questions
    Replies: 0
    Last Post: 07-18-2010, 10:56 PM
  3. A suspicious process?
    By Julien PHAM in forum E-mail Discussions
    Replies: 2
    Last Post: 08-26-2009, 05:42 AM
  4. ldf suspicious process
    By Morley in forum cPanel and WHM Discussions
    Replies: 3
    Last Post: 01-10-2009, 10:44 PM
  5. suspicious process mail every hour..
    By hakabus in forum New User Questions
    Replies: 1
    Last Post: 09-01-2008, 05:13 PM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube