Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Process è¾c - Whats this?

Discussion in 'General Discussion' started by UKDSL, Apr 1, 2005.

  1. UKDSL

    UKDSL Active Member

    Jan 6, 2005
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    DataCenter Provider
    I have a customers server who I belived to be compromised.

    Firstly ps -x showed lots of instances of ./lol30 running. I found in /usr/include/scan a file called lol30 and a text file full of IPs.

    Also shown is a process è¾c - Does anyone have any idea what this is?
  2. chirpy

    chirpy Well-Known Member Verifed Vendor

    Jun 15, 2002
    Likes Received:
    Trophy Points:
    Go on, have a guess
    What are the files and process owners?

    If they're nobody then they're more than likely a result of PHP script compromise.

    If they're ownder by root then you may have suffered a root compromise. Running lsof against the running PIDs should give you more information about what and/or who is running those processes:

    lsof | grep PID
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice