Forums



Results 1 to 3 of 3

Thread: What is this? ./anything

  1. 08-20-2009, 01:04 AM #1
    persianwhois
    persianwhois is offline
    Member persianwhois's Avatar
    Join Date
    Apr 2007
    Location
    Mahallat
    Posts
    114

    Default What is this? ./anything

    What is this process?
    ./anything

    Afrer this process, our server load uo to 699 (Just in a second) and server down.

    http://www.upload.sisiric.com/images/919_attack_tn.jpg
    Regards,
    Masood Yarmohammadi
    Reply With Quote Reply With Quote
  2. 08-20-2009, 01:38 AM #2
    stan01
    stan01 is offline
    Member
    Join Date
    Jul 2009
    Posts
    5

    Default

    I'm guessing, that the wwwpars account got hacked. Considering the fact, that so many processes were spawned, I'd say it is a mailer of some sort. You can check the file's content by doing:

    vi /home/wwwpars/public_html/anything

    or wherever the file is located. To make sure it doesn't start anymore, you can chmod it to 0 and chown it to root.
    Reply With Quote Reply With Quote
  3. 08-21-2009, 12:51 PM #3
    ddmd
    ddmd is offline
    Registered User
    Join Date
    Jul 2009
    Posts
    3

    Default

    Quote Originally Posted by persianwhois View Post
    What is this process?
    ./anything

    Afrer this process, our server load uo to 699 (Just in a second) and server down.

    http://www.upload.sisiric.com/images/919_attack_tn.jpg

    That really looks strange. The process was executed locally instead of giving the full path and with so many forks.

    Try doing lsof -p 10526 (or whatever process it has now) to see what it is doing...
    Reply With Quote Reply With Quote
« Why no htcacheclean in easy apache (cpanel apache compiler) ? | Email Notifications »