The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New Java Vulnerability?

Discussion in 'General Discussion' started by GOT, Jul 20, 2005.

  1. GOT

    GOT Get Proactive!

    Joined:
    Apr 8, 2003
    Messages:
    900
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Norfolk, VA
    cPanel Access Level:
    DataCenter Provider
    I have seen this on two servers so far.

    The first one I had a guy connected to port 8080 on a server that had tomcat installed. I really couldn't tell what his script was doing, but killing it just caused it to immediately respawn. The worst part is that is was 'disguised' If you looked in a ps axf output, you would only see it as [bdflush] but if you looked at the top outpout the process cam up as perl. Killing it caused a scrip to be created in temp and then ran which relaunched the process. This all happened so fast that it was impossible to tell where the files were coming from.

    I then, the next day, saw this same behavior on a server that has resin installed. This one was even worse in that the connection was coming from within (127.0.0.1) so no firewalling would keep him out. I ultiamtely removed resin and rebooted the server. Tht was the only way to get him off.

    This is not meant as a definitive howto, nor as a release of everything I saw, as this is very abbreviated, but I wanted to know if anyone else was seeing this type of thing.
     
  2. lankyb

    lankyb Well-Known Member

    Joined:
    Sep 21, 2004
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Peterborough, UK
    You might want to report this on bugzilla
     
Loading...

Share This Page