The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Nobody bin/sh?

Discussion in 'General Discussion' started by Daemon1, Jan 2, 2006.

  1. Daemon1

    Daemon1 Well-Known Member

    Joined:
    Nov 26, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    I see this in top and I was wondering if it is normal or not?

    2297 nobody 0 0.0 0.0 sh -c echo "`uname -a`";echo "`id`";/bin/sh
    2302 nobody 0 0.0 0.0 /bin/sh

    Is this supposed to be there? Why is it a nobody process? If someone could let me know what this exactly is doing and if it's normal it would be appreciated.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That's someone exploiting a web script on your server. That first string is typical of a hacker trying to determine what OS the servers is, the kernel version and the UID (user id) that they've hacked into.
     
Loading...

Share This Page