Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Server hacked or "wormed" or "trojaned" ?

Discussion in 'General Discussion' started by duranduran, Aug 19, 2005.

  1. duranduran

    duranduran Well-Known Member

    Joined:
    Apr 30, 2004
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    166
    Hi, i found this in TOP:

    23:18:31 up 3:18, 3 users, load average: 7.87, 7.95, 7.82
    160 processes: 145 sleeping, 11 running, 4 zombie, 0 stopped
    CPU states: cpu user nice system irq softirq iowait idle
    total 83.6% 0.0% 14.9% 0.7% 0.7% 0.0% 0.0%
    Mem: 502292k av, 488280k used, 14012k free, 0k shrd, 16596k buff
    367040k actv, 70028k in_d, 6648k in_c
    Swap: 2048276k av, 313328k used, 1734948k free 164504k cached

    PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
    10439 nobody 25 0 3512 1872 1648 R 17.8 0.3 33:57 0 /usr/sbin/http/box
    10472 nobody 25 0 3512 1872 1648 R 17.8 0.3 33:44 0 /usr/sbin/http/box
    10511 nobody 25 0 3516 1876 1648 R 17.8 0.3 33:44 0 /usr/sbin/http/box
    10560 nobody 25 0 3516 1868 1648 R 16.7 0.3 33:20 0 /usr/sbin/http/box

    what is /usr/sbin/http/box ? This file/path dont exist in this server.
    This is a virus/backdoor ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Probably. You need to check the files open by that process and investigate further. If you don't know how, then you'll need to hire a server admin to sort it out for you. A starting point:

    lsof -p PID
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice