The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HACK attemps over my box. Any ideas and suggestions ?

Discussion in 'General Discussion' started by docenta, Jun 14, 2006.

  1. docenta

    docenta Well-Known Member

    Joined:
    May 9, 2006
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    Hello this morning I saw strange PIDs in my box:


    nobody 10370 0.0 0.0 3124 1764 ? S 05:39 0:00 lynx
    nobody 10624 0.0 0.0 2060 940 ? S 05:39 0:00 sh -c echo "`uname -a`";echo "`id`";/bin/sh
    nobody 10850 0.0 0.0 2056 948 ? S 05:39 0:00 /bin/sh
    nobody 23290 0.0 0.1 96756 23008 ? S 05:48 0:01 /usr/local/apache/bin/httpd -DSSL
    nobody 20096 0.0 0.1 97496 22332 ? S 05:49 0:01 /usr/local/apache/bin/httpd -DSSL
    nobody 31808 13.3 0.0 1260 220 ? R 05:49 14:16 ./ptrace_kmod_local_root_2.2.x-2.4.x
    nobody 31872 13.3 0.0 1260 220 ? R 05:49 14:16 ./ptrace_kmod_local_root_2.2.x-2.4.x
    nobody 32162 13.3 0.0 1260 220 ? R 05:49 14:16 ./ptrace_kmod_local_root_2.2.x-2.4.x
    nobody 32260 13.3 0.0 1260 220 ? R 05:49 14:17 ./ptrace_kmod_local_root_2.2.x-2.4.x
    nobody 32513 13.3 0.0 1260 220 ? R 05:49 14:17 ./ptrace_kmod_local_root_2.2.x-2.4.x
    nobody 1506 13.3 0.0 1260 220 ? R 05:49 14:17 ./ptrace_kmod_local_root_2.2.x-2.4.x
    nobody 2786 13.3 0.0 1260 220 ? R 05:50 14:17 ./ptrace_kmod_local_root_2.2.x-2.4.x
    nobody 29643 13.5 0.0 1400 348 ? R 05:53 13:53 ./module_loader_local_root_2.4.20
    nobody 30210 0.0 0.0 0 0 ? Z 05:54 0:00 [module_loader_l ]



    Any help , ideas about this king of exploiting and advise me what to do ?
    I have a mod_security installed but ...
    Please some expert to advise me what to do.
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Your server is under serious exploit and you'll have to track down these processes, kill them and clean up. Overall, you must secure your server, and secure it well.
     
  3. danielldf

    danielldf Member

    Joined:
    Oct 9, 2005
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
Loading...

Share This Page