The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Kill PID

Discussion in 'General Discussion' started by cmwh, Apr 11, 2006.

  1. cmwh

    cmwh Member

    Joined:
    Apr 7, 2004
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Israel
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    it's probably one of your users cron jobs delete the cron
     
    #2 dalem, Apr 11, 2006
    Last edited: Apr 11, 2006
  3. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    chmod 0000 /usr/bin/wget

    to start with
    then kill any process associated with wget or any /tmp/* files

    then cd /tmp and remove any odd looking files

    once you get things cleaned up then chmod 0700 /usr/bin/wget

    I am sure there is several more steps that could be added here but I was up all night fixing a courier-pop issue so a little brain dead tonight
     
  4. Brad

    Brad Well-Known Member

    Joined:
    Aug 16, 2001
    Messages:
    231
    Likes Received:
    0
    Trophy Points:
    16
    It's some kind of shell hack to run perl process..

    I saw the same thing today on one of our servers. Also, look for a process running by nobody such as /usr/sbin/apache2 or /usr/sbin/apache with a perl process hogging the cpu..

    I believe it's a phpbb hack, not sure what it's doing? I have not found the exact source, so I'm going through all phpbb installations on the server.
     
    #4 Brad, Apr 12, 2006
    Last edited: Apr 12, 2006
  5. cmwh

    cmwh Member

    Joined:
    Apr 7, 2004
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Israel
    Thanks

    Thanks Dave,
    I did just what you said and it worked great.

    I told my customers to up grade all php. One got hacked by the Turkish Hacker. It was a php hack.

    Thanks
     
Loading...

Share This Page