The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

User nobody: has anyone seen this

Discussion in 'General Discussion' started by computerclone, Mar 5, 2005.

  1. computerclone

    computerclone Member

    Joined:
    Sep 12, 2003
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    User nobody:
    /usr/src/modmono_apache/mod_mono-1.0.2/packaging/.psy/y2kupdate >/dev/null 2>&1: 8635 Time(s)


    This process is trying to run daily. I looked in the add on scripts and modmono is not suppose to be installed.

    Anyone?
     
  2. Tagor

    Tagor Well-Known Member

    Joined:
    Mar 6, 2004
    Messages:
    193
    Likes Received:
    0
    Trophy Points:
    16
    mod_mono is a mod for Apache to run .aspx files on your server.
     
  3. K_aneda

    K_aneda Well-Known Member

    Joined:
    Feb 29, 2004
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Sydney, Australia
  4. jameshsi

    jameshsi Well-Known Member

    Joined:
    Oct 22, 2001
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    It seems like hacker doing something

    Hi!
    I found in my server:
    /usr/src/modmono_apache

    also, there is a dir named:
    \ \ \ \ \ \
    when u cd to that Dir, it will looks like blank in the dir list.

    I found this bacause I have installed "nobody check" from:
    http://www.webhostgear.com/353.html

    and according the script said, it found :
    Process 14955 with name bindtty and path /usr/src/modmono_apache/mod_mono-1.0.2/ DETECTION: Process 14777 with name fsck and path /usr/src/modmono_apache/mod_mono-1.0.2/
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That would be an exploit then and you'll need to clean it up and either fix or disable the script that it got in through.
     
  6. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    When done cleaning up, you should harden and secure your server to stop further attacks/hacks on your server.
     
  7. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Glad to see nobody check hard at work!
     
Loading...

Share This Page