computerclone

Member
Sep 12, 2003
12
0
151
User nobody:
/usr/src/modmono_apache/mod_mono-1.0.2/packaging/.psy/y2kupdate >/dev/null 2>&1: 8635 Time(s)


This process is trying to run daily. I looked in the add on scripts and modmono is not suppose to be installed.

Anyone?
 

Tagor

Well-Known Member
Mar 6, 2004
193
0
166
mod_mono is a mod for Apache to run .aspx files on your server.
 

jameshsi

Well-Known Member
Oct 22, 2001
347
0
316
It seems like hacker doing something

Hi!
I found in my server:
/usr/src/modmono_apache

also, there is a dir named:
\ \ \ \ \ \
when u cd to that Dir, it will looks like blank in the dir list.

I found this bacause I have installed "nobody check" from:
http://www.webhostgear.com/353.html

and according the script said, it found :
Process 14955 with name bindtty and path /usr/src/modmono_apache/mod_mono-1.0.2/ DETECTION: Process 14777 with name fsck and path /usr/src/modmono_apache/mod_mono-1.0.2/
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,453
31
473
Go on, have a guess
That would be an exploit then and you'll need to clean it up and either fix or disable the script that it got in through.
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,217
4
193
Minneapolis, MN
jameshsi said:
I found in my server:
/usr/src/modmono_apache

also, there is a dir named:
\ \ \ \ \ \
when u cd to that Dir, it will looks like blank in the dir list.
When done cleaning up, you should harden and secure your server to stop further attacks/hacks on your server.