Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Nobody bin/sh?

Discussion in 'General Discussion' started by Daemon1, Jan 2, 2006.

  1. Daemon1

    Daemon1 Well-Known Member

    Joined:
    Nov 26, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    156
    I see this in top and I was wondering if it is normal or not?

    2297 nobody 0 0.0 0.0 sh -c echo "`uname -a`";echo "`id`";/bin/sh
    2302 nobody 0 0.0 0.0 /bin/sh

    Is this supposed to be there? Why is it a nobody process? If someone could let me know what this exactly is doing and if it's normal it would be appreciated.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    That's someone exploiting a web script on your server. That first string is typical of a hacker trying to determine what OS the servers is, the kernel version and the UID (user id) that they've hacked into.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice