Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

User nobody: has anyone seen this

Discussion in 'General Discussion' started by computerclone, Mar 5, 2005.

  1. computerclone

    computerclone Member

    Joined:
    Sep 12, 2003
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    151
    User nobody:
    /usr/src/modmono_apache/mod_mono-1.0.2/packaging/.psy/y2kupdate >/dev/null 2>&1: 8635 Time(s)


    This process is trying to run daily. I looked in the add on scripts and modmono is not suppose to be installed.

    Anyone?
     
  2. Tagor

    Tagor Well-Known Member

    Joined:
    Mar 6, 2004
    Messages:
    193
    Likes Received:
    0
    Trophy Points:
    166
    mod_mono is a mod for Apache to run .aspx files on your server.
     
  3. K_aneda

    K_aneda Well-Known Member

    Joined:
    Feb 29, 2004
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    Sydney, Australia
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. jameshsi

    jameshsi Well-Known Member

    Joined:
    Oct 22, 2001
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    316
    It seems like hacker doing something

    Hi!
    I found in my server:
    /usr/src/modmono_apache

    also, there is a dir named:
    \ \ \ \ \ \
    when u cd to that Dir, it will looks like blank in the dir list.

    I found this bacause I have installed "nobody check" from:
    http://www.webhostgear.com/353.html

    and according the script said, it found :
    Process 14955 with name bindtty and path /usr/src/modmono_apache/mod_mono-1.0.2/ DETECTION: Process 14777 with name fsck and path /usr/src/modmono_apache/mod_mono-1.0.2/
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    That would be an exploit then and you'll need to clean it up and either fix or disable the script that it got in through.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    4
    Trophy Points:
    193
    Location:
    Minneapolis, MN
    When done cleaning up, you should harden and secure your server to stop further attacks/hacks on your server.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    655
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Canada
    Glad to see nobody check hard at work!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice