Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Process è¾c - Whats this?

Discussion in 'General Discussion' started by UKDSL, Apr 1, 2005.

  1. UKDSL

    UKDSL Active Member

    Joined:
    Jan 6, 2005
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    151
    cPanel Access Level:
    DataCenter Provider
    I have a customers server who I belived to be compromised.

    Firstly ps -x showed lots of instances of ./lol30 running. I found in /usr/include/scan a file called lol30 and a text file full of IPs.

    Also shown is a process è¾c - Does anyone have any idea what this is?
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    What are the files and process owners?

    If they're nobody then they're more than likely a result of PHP script compromise.

    If they're ownder by root then you may have suffered a root compromise. Running lsof against the running PIDs should give you more information about what and/or who is running those processes:

    lsof | grep PID
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice