Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

New Java Vulnerability?

Discussion in 'General Discussion' started by GOT, Jul 20, 2005.

  1. GOT

    GOT Get Proactive!
    PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,066
    Likes Received:
    47
    Trophy Points:
    178
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    I have seen this on two servers so far.

    The first one I had a guy connected to port 8080 on a server that had tomcat installed. I really couldn't tell what his script was doing, but killing it just caused it to immediately respawn. The worst part is that is was 'disguised' If you looked in a ps axf output, you would only see it as [bdflush] but if you looked at the top outpout the process cam up as perl. Killing it caused a scrip to be created in temp and then ran which relaunched the process. This all happened so fast that it was impossible to tell where the files were coming from.

    I then, the next day, saw this same behavior on a server that has resin installed. This one was even worse in that the connection was coming from within (127.0.0.1) so no firewalling would keep him out. I ultiamtely removed resin and rebooted the server. Tht was the only way to get him off.

    This is not meant as a definitive howto, nor as a release of everything I saw, as this is very abbreviated, but I wanted to know if anyone else was seeing this type of thing.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. lankyb

    lankyb Well-Known Member

    Joined:
    Sep 21, 2004
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Peterborough, UK
    You might want to report this on bugzilla
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice