stop command

[azednet]

hello,

in process manager i found this command:

/bin/ps -ewwo pid,uid,user,nice,pmem,pcpu,command

with cpu more than 46.0%

how can i stop this command?

thanks

 

[Infopro]

You might want to hire a security expert to take a closer look at your system.
Sys Admin Services | cPanel App Catalog


There are links beside each item in Process Manager titled (Kill) that would kill this I think. But my guess is, not for long. If there's a owner name listed there with a valid account on your server, I think I would suspend it.

 

[azednet]

thank you, how can i find the account which run this command please?

 

[JaredR.]

The user running the command is going to be in the process list, which you can view using either top or ps.

 

[azednet]

hello, i cant find the user in top; any idea please

 

[Infopro]

What does it say on the Process Manager page?

 

[azednet]

Pid Owner Priority CPU % Memory % Command
30134 (Trace) (Kill) root 0 48.0 0.0 /bin/ps -ewwo pid,uid,user,nice,pmem,pcpu,command

 

[Infopro]

Click kill there and go find an expert at the link I posted above.

cPanel is not able to assist with compromised servers, AFAIK, if that's what this is. You could put in a ticket to ask, but I believe this to be true.

 

[JaredR.]

Server security is ultimately the responsibility of the server admin. The only security support we provide is to determine if a cPanel component allowed a security problem to happen.

If you suspect a security problem on your server, you really need to hire a security admin as soon as possible to determine the extent of the problem and advise you on the best way to mitigate it. We have a list of companies that offer security admin services in our application catalog here:

cPanel App Catalog

If your server is root compromised, the only way to be sure to get rid of the compromise is to format the hard drive, reinstall the operating system and cPanel, and restore your accounts from backups that were made before the compromise happened.