The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

server load - > a ?!? top process

Discussion in 'General Discussion' started by mahdionline, Nov 17, 2004.

  1. mahdionline

    mahdionline Well-Known Member

    Joined:
    Oct 18, 2003
    Messages:
    127
    Likes Received:
    0
    Trophy Points:
    16
    Hi

    While processing, the cpu has been maxed out for more then a 6 hour period. The current load/uptime line on the server at the time of
    this email is 12:02pm up 2 days, 1:03, 0 users, load average: 4.82, 4.75, 4.73

    and in top of our process :

    ./stealth 82.78.39.226 99999999999999999999999999999999999999999

    what's this process ?

    Regard
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Looks like a DOS hacking tool. You should be able to find it (if it's still running) quickly with:

    lsof | grep stealth

    Then kill off the running process, move the file from wherever it is and investigate how your server was breached - most likely through a vulberable perl CGI or PHP script.
     
  3. mahdionline

    mahdionline Well-Known Member

    Joined:
    Oct 18, 2003
    Messages:
    127
    Likes Received:
    0
    Trophy Points:
    16
    one of my friend check our server and say to me :

    It appears your've been compromised through /dev/shm, however it appears to be an apache exploit, and not root level. I was unable to find the aforementioned "stealth" file on your system.

    what's the /dev/shm ? and what is different between apche exploid and root level ?

    and how can I check more about this ?

    Regard
     
Loading...

Share This Page