The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Psybnc process hidden...

Discussion in 'General Discussion' started by bmcpanel, Oct 5, 2002.

  1. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    I seem to have a psybnc process located on my server that is escaping notice from Cpanel security software.

    How can I find out where this process is???

    ----------------------

    -httpd(6849)-+-httpd(27804)---psybnc(29244)
    | |-httpd(27813)---psybnc(29202)
    | |-httpd(27817)---psybnc(28125)
    | |-httpd(24042)
    | |-httpd(24043)
    ----------------------
     
  2. shannon

    shannon Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    uhhh

    Seen this?

    http://www.netknowledgebase.com/tutorials/psybnc.html

    Basically it appears to be a IRC bouncer. So someone's proxying their IRC connections through your server...

    If it's the same psybnc...
     
  3. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    Yep. I've seen this. Guess I am looking for a search method to find hidden psybnc's on the server. It's easy if they don't rename it.

    locate psybnc

    does the trick.

    Anyway, thanks.
     
  4. jumpdomain

    jumpdomain Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    Make sure and check /tmp for it...
     
  5. khoonchee

    khoonchee Well-Known Member
    PartnerNOC

    Joined:
    Oct 2, 2002
    Messages:
    134
    Likes Received:
    0
    Trophy Points:
    16
    Hi ,

    Our server only have 2 websites hosted as it is a heavy forum.We noticed one of them is running Psybnc.I have search through the /tmp directory and bingo , there is a pysbnc directory there.

    How can I trace the user who uploaded this file to the server?

    Basically, how whould they access to the /tmp directory?

    cPanel.net Support Ticket Number:
     
  6. phantom

    phantom Well-Known Member

    Joined:
    Sep 17, 2002
    Messages:
    123
    Likes Received:
    0
    Trophy Points:
    16
    I have found psybnc on one of my servers. The domain listed in the config file is BRJato.BR.BRASnet.org.

    Will it hurt anything to just delete the psybnc folder? It's in my /tmp directory.
     
Loading...

Share This Page