The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Some sort of hack?

Discussion in 'General Discussion' started by ZachICU, Sep 29, 2004.

  1. ZachICU

    ZachICU Well-Known Member

    Joined:
    Aug 11, 2001
    Messages:
    130
    Likes Received:
    0
    Trophy Points:
    16
    This looks suspicous to me?

    /usr/lib/gcc-lib/i386-redhat-linux/2.96/cc1 /tmp/ccFYUZ0N.i -quiet -dumpbase p_memory.c -O -o /tmp/ccOjamQB.s
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Looks very suspicious to me - either a customer or a vulnerable script is being exploited in an attempt to abuse your server.

    Check the ownership of the files in /tmp mentioned to trace where the intrusion is coming from (so long as you have suexec/pgpsuexec enabled).
     
  3. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Yikes!

    Someone is trying to compile a script form your /tmp directory to most likely run an exploit on your system and try to get root or install a backdor.

    Disable compiler permissions and wget to prevent this.
     
Loading...

Share This Page