The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Process è¾c - Whats this?

Discussion in 'General Discussion' started by UKDSL, Apr 1, 2005.

  1. UKDSL

    UKDSL Active Member

    Joined:
    Jan 6, 2005
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    0
    cPanel Access Level:
    DataCenter Provider
    I have a customers server who I belived to be compromised.

    Firstly ps -x showed lots of instances of ./lol30 running. I found in /usr/include/scan a file called lol30 and a text file full of IPs.

    Also shown is a process è¾c - Does anyone have any idea what this is?
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    What are the files and process owners?

    If they're nobody then they're more than likely a result of PHP script compromise.

    If they're ownder by root then you may have suffered a root compromise. Running lsof against the running PIDs should give you more information about what and/or who is running those processes:

    lsof | grep PID
     
Loading...

Share This Page