The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What do these messages mean?

Discussion in 'Security' started by mrwild, Dec 12, 2012.

  1. mrwild

    mrwild Registered

    Joined:
    Dec 12, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    i got this message from my hosting supplier

    What is this message (2 messages) and how do i fix my sites?

    All of my joomla sites (20+)


    -----Original Message-----
    From: XXXXX
    Sent: Thursday, 13 December 2012 10:02 AM
    To: xxxx
    Subject: xxxxx: Excessive resource
    usage: xxxxx (8111)

    Time: Thu Dec 13 10:02:11 2012 +1000
    Account: xxxxxxx
    Resource: Process Time
    Exceeded: 137937 > 1800 (seconds)
    Executable: /usr/local/bin/perl
    Command Line: find
    PID: 8111
    Killed: No

    ----------------------------------------------------
    ISSUE NUMBER 2
    ----------------------------------------------------

    Suspicious process running under user xxxx

    Time: Thu Dec 13 10:02:11 2012 +1000
    PID: 8111
    Account: xxxxxx
    Uptime: 137937 seconds


    Executable:

    /usr/local/bin/perl


    Command Line (often faked in exploits):

    find


    Network connections by the process (if any):

    tcp: 203.26.188.141:44246 -> 212.48.20.23:25
    udp: 0.0.0.0:36282 -> 0.0.0.0:0
    udp: 0.0.0.0:45813 -> 0.0.0.0:0
    udp: 0.0.0.0:42645 -> 0.0.0.0:0
    udp: 0.0.0.0:60867 -> 0.0.0.0:0
    udp: 0.0.0.0:49104 -> 0.0.0.0:0
    udp: 0.0.0.0:24470 -> 0.0.0.0:0
    udp: 0.0.0.0:53083 -> 0.0.0.0:0
    udp: 0.0.0.0:53165 -> 0.0.0.0:0
    tcp: 203.26.188.141:35718 -> 173.194.71.27:25
    tcp: 203.26.188.141:55093 -> 74.125.133.27:25
    tcp: 203.26.188.141:46337 -> 173.194.68.26:25
    tcp: 203.26.188.141:54315 -> 173.194.79.27:25
    tcp: 203.26.188.141:22388 -> 74.125.136.27:25
    udp: 0.0.0.0:47868 -> 0.0.0.0:0
    udp: 0.0.0.0:20322 -> 0.0.0.0:0
    tcp: 203.26.188.141:35759 -> 64.18.7.10:25
    udp: 0.0.0.0:19612 -> 0.0.0.0:0
    tcp: 203.26.188.141:22389 -> 74.125.136.27:25
    udp: 0.0.0.0:39441 -> 0.0.0.0:0
    udp: 0.0.0.0:43700 -> 0.0.0.0:0
    udp: 0.0.0.0:20629 -> 0.0.0.0:0
    tcp: 203.26.188.141:42296 -> 173.194.66.26:25
    tcp: 203.26.188.141:43051 -> 173.194.66.26:25
    udp: 0.0.0.0:23706 -> 0.0.0.0:0
    tcp: 203.26.188.141:54316 -> 173.194.79.27:25
    udp: 0.0.0.0:50026 -> 0.0.0.0:0
    udp: 0.0.0.0:52967 -> 0.0.0.0:0
    tcp: 203.26.188.141:44240 -> 212.48.20.23:25
    udp: 0.0.0.0:19358 -> 0.0.0.0:0
    tcp: 203.26.188.141:44249 -> 212.48.20.23:25
    udp: 0.0.0.0:40638 -> 0.0.0.0:0
    udp: 0.0.0.0:41014 -> 0.0.0.0:0
    tcp: 203.26.188.141:44254 -> 212.48.20.23:25
    udp: 0.0.0.0:18829 -> 0.0.0.0:0
    udp: 0.0.0.0:51458 -> 0.0.0.0:0
    tcp: 203.26.188.141:19323 -> 74.125.130.26:25
    tcp: 203.26.188.141:44250 -> 212.48.20.23:25
    tcp: 203.26.188.141:47871 -> 65.55.37.104:25
    udp: 0.0.0.0:33132 -> 0.0.0.0:0
    tcp: 203.26.188.141:44247 -> 212.48.20.23:25
    udp: 0.0.0.0:35146 -> 0.0.0.0:0
    udp: 0.0.0.0:41244 -> 0.0.0.0:0
    udp: 0.0.0.0:24936 -> 0.0.0.0:0
    tcp: 203.26.188.141:23308 -> 173.194.79.26:25
    udp: 0.0.0.0:37534 -> 0.0.0.0:0
    udp: 0.0.0.0:56706 -> 0.0.0.0:0
    tcp: 203.26.188.141:22390 -> 74.125.136.27:25
    tcp: 203.26.188.141:44251 -> 212.48.20.23:25
    tcp: 203.26.188.141:19324 -> 74.125.130.26:25
    udp: 0.0.0.0:31360 -> 0.0.0.0:0
    tcp: 203.26.188.141:44243 -> 212.48.20.23:25
    udp: 0.0.0.0:25981 -> 0.0.0.0:0
    tcp: 203.26.188.141:44248 -> 212.48.20.23:25
    udp: 0.0.0.0:41316 -> 0.0.0.0:0
    udp: 0.0.0.0:54293 -> 0.0.0.0:0
    tcp: 203.26.188.141:19325 -> 74.125.130.26:25
    tcp: 203.26.188.141:22407 -> 74.125.25.27:25
    tcp: 203.26.188.141:22391 -> 74.125.136.27:25
    tcp: 203.26.188.141:23278 -> 173.194.79.26:25
    tcp: 203.26.188.141:36856 -> 74.125.141.26:25
    tcp: 203.26.188.141:36857 -> 74.125.141.26:25
    udp: 0.0.0.0:22988 -> 0.0.0.0:0
    tcp: 203.26.188.141:18611 -> 173.194.69.26:25
    tcp: 203.26.188.141:35687 -> 173.194.71.27:25
    tcp: 203.26.188.141:46353 -> 173.194.68.26:25
    tcp: 203.26.188.141:23309 -> 173.194.79.26:25
    tcp: 203.26.188.141:25447 -> 74.125.133.26:25
    tcp: 203.26.188.141:36868 -> 74.125.141.26:25
    tcp: 203.26.188.141:36869 -> 74.125.141.26:25
    tcp: 203.26.188.141:18612 -> 173.194.69.26:25
    tcp: 203.26.188.141:42307 -> 173.194.66.26:25
    tcp: 203.26.188.141:42308 -> 173.194.66.26:25
    tcp: 203.26.188.141:42309 -> 173.194.66.26:25
    tcp: 203.26.188.141:42310 -> 173.194.66.26:25
    tcp: 203.26.188.141:42311 -> 173.194.66.26:25
    tcp: 203.26.188.141:42312 -> 173.194.66.26:25
    tcp: 203.26.188.141:42314 -> 173.194.66.26:25
    tcp: 203.26.188.141:42315 -> 173.194.66.26:25
    tcp: 203.26.188.141:42316 -> 173.194.66.26:25
    tcp: 203.26.188.141:42317 -> 173.194.66.26:25
    tcp: 203.26.188.141:42319 -> 173.194.66.26:25
    tcp: 203.26.188.141:23310 -> 173.194.79.26:25
    tcp: 203.26.188.141:23311 -> 173.194.79.26:25
    tcp: 203.26.188.141:23312 -> 173.194.79.26:25
    tcp: 203.26.188.141:23313 -> 173.194.79.26:25
    tcp: 203.26.188.141:25448 -> 74.125.133.26:25
    tcp: 203.26.188.141:25449 -> 74.125.133.26:25
    tcp: 203.26.188.141:25450 -> 74.125.133.26:25
    tcp: 203.26.188.141:25451 -> 74.125.133.26:25
    tcp: 203.26.188.141:25452 -> 74.125.133.26:25
    tcp: 203.26.188.141:35719 -> 173.194.71.27:25
    tcp: 203.26.188.141:35720 -> 173.194.71.27:25
    udp: 0.0.0.0:37121 -> 0.0.0.0:0
    udp: 0.0.0.0:41037 -> 0.0.0.0:0
    udp: 0.0.0.0:51091 -> 0.0.0.0:0
    udp: 0.0.0.0:28387 -> 0.0.0.0:0
    udp: 0.0.0.0:24213 -> 0.0.0.0:0
    udp: 0.0.0.0:37043 -> 0.0.0.0:0
    udp: 0.0.0.0:48548 -> 0.0.0.0:0
    udp: 0.0.0.0:49148 -> 0.0.0.0:0
    udp: 0.0.0.0:17299 -> 0.0.0.0:0
    udp: 0.0.0.0:43606 -> 0.0.0.0:0
    tcp: 203.26.188.141:42742 -> 199.200.24.190:25
    tcp: 203.26.188.141:46346 -> 159.220.9.53:25
    tcp: 203.26.188.141:31265 -> 203.25.255.81:25
    udp: 0.0.0.0:29182 -> 0.0.0.0:0
    udp: 0.0.0.0:59441 -> 0.0.0.0:0
    udp: 0.0.0.0:33642 -> 0.0.0.0:0
    udp: 0.0.0.0:58129 -> 0.0.0.0:0
    udp: 0.0.0.0:36549 -> 0.0.0.0:0
    udp: 0.0.0.0:58377 -> 0.0.0.0:0
    udp: 0.0.0.0:41852 -> 0.0.0.0:0
    udp: 0.0.0.0:18463 -> 0.0.0.0:0
    udp: 0.0.0.0:31568 -> 0.0.0.0:0
    udp: 0.0.0.0:33388 -> 0.0.0.0:0
    tcp: 203.26.188.141:24562 -> 216.17.3.48:25
    udp: 0.0.0.0:38542 -> 0.0.0.0:0
    tcp: 203.26.188.141:55112 -> 173.194.79.27:25
    udp: 0.0.0.0:22240 -> 0.0.0.0:0
    udp: 0.0.0.0:22034 -> 0.0.0.0:0
    udp: 0.0.0.0:54632 -> 0.0.0.0:0
    tcp: 203.26.188.141:47845 -> 65.55.37.104:25
    tcp: 203.26.188.141:47847 -> 65.55.37.104:25
    tcp: 203.26.188.141:45570 -> 208.255.216.249:25
    udp: 0.0.0.0:38057 -> 0.0.0.0:0
    udp: 0.0.0.0:47438 -> 0.0.0.0:0
    tcp: 203.26.188.141:51390 -> 216.32.181.178:25
    tcp: 203.26.188.141:37693 -> 74.125.25.26:25
    tcp: 203.26.188.141:41750 -> 23.25.82.42:25
    udp: 0.0.0.0:31916 -> 0.0.0.0:0
    udp: 0.0.0.0:54816 -> 0.0.0.0:0
    udp: 0.0.0.0:49376 -> 0.0.0.0:0
    udp: 0.0.0.0:34289 -> 0.0.0.0:0
    tcp: 203.26.188.141:20484 -> 206.176.113.186:25
    udp: 0.0.0.0:30871 -> 0.0.0.0:0
    tcp: 203.26.188.141:36068 -> 173.194.71.27:25
    udp: 0.0.0.0:21588 -> 0.0.0.0:0
    udp: 0.0.0.0:32806 -> 0.0.0.0:0
    udp: 0.0.0.0:36455 -> 0.0.0.0:0
    udp: 0.0.0.0:28631 -> 0.0.0.0:0
    udp: 0.0.0.0:17747 -> 0.0.0.0:0
    tcp: 203.26.188.141:44578 -> 212.48.20.23:25
    udp: 0.0.0.0:53302 -> 0.0.0.0:0
    tcp: 203.26.188.141:43062 -> 196.201.6.228:25
    tcp: 203.26.188.141:47868 -> 65.55.37.104:25
    udp: 0.0.0.0:49542 -> 0.0.0.0:0
    udp: 0.0.0.0:33903 -> 0.0.0.0:0
    udp: 0.0.0.0:32112 -> 0.0.0.0:0
    udp: 0.0.0.0:33124 -> 0.0.0.0:0
    udp: 0.0.0.0:25376 -> 0.0.0.0:0
    udp: 0.0.0.0:55419 -> 0.0.0.0:0
    tcp: 203.26.188.141:23549 -> 173.194.79.26:25
    udp: 0.0.0.0:47406 -> 0.0.0.0:0
    udp: 0.0.0.0:55576 -> 0.0.0.0:0
    udp: 0.0.0.0:24635 -> 0.0.0.0:0
    tcp: 203.26.188.141:29813 -> 174.79.185.35:25
    udp: 0.0.0.0:27867 -> 0.0.0.0:0
    udp: 0.0.0.0:21286 -> 0.0.0.0:0
    udp: 0.0.0.0:32986 -> 0.0.0.0:0
    udp: 0.0.0.0:48690 -> 0.0.0.0:0
    tcp: 203.26.188.141:36057 -> 173.194.71.27:25
    udp: 0.0.0.0:39415 -> 0.0.0.0:0
    udp: 0.0.0.0:31411 -> 0.0.0.0:0
    udp: 0.0.0.0:49305 -> 0.0.0.0:0
    tcp: 203.26.188.141:44024 -> 64.38.116.11:25
    udp: 0.0.0.0:36269 -> 0.0.0.0:0
    tcp: 203.26.188.141:22233 -> 193.222.78.6:25
    udp: 0.0.0.0:52449 -> 0.0.0.0:0
    tcp: 203.26.188.141:36087 -> 173.194.71.27:25
    udp: 0.0.0.0:22936 -> 0.0.0.0:0
    udp: 0.0.0.0:45228 -> 0.0.0.0:0
    udp: 0.0.0.0:34778 -> 0.0.0.0:0
    tcp: 203.26.188.141:28167 -> 192.55.208.20:25
    tcp: 203.26.188.141:41382 -> 38.121.137.2:25
    tcp: 203.26.188.141:43537 -> 85.158.137.35:25
    udp: 0.0.0.0:54766 -> 0.0.0.0:0
    udp: 0.0.0.0:49928 -> 0.0.0.0:0
    udp: 0.0.0.0:38519 -> 0.0.0.0:0
    udp: 0.0.0.0:31478 -> 0.0.0.0:0
    tcp: 203.26.188.141:52846 -> 173.203.2.32:25
    tcp: 203.26.188.141:36070 -> 173.194.71.27:25
    tcp: 203.26.188.141:47889 -> 65.55.37.104:25
    tcp: 203.26.188.141:56981 -> 66.45.246.210:25
    tcp: 203.26.188.141:19971 -> 173.203.2.36:25
    tcp: 203.26.188.141:30217 -> 216.163.188.54:25
    tcp: 203.26.188.141:36077 -> 173.194.71.27:25
    tcp: 203.26.188.141:19987 -> 193.251.214.113:25
    tcp: 203.26.188.141:28335 -> 75.147.60.155:25
    tcp: 203.26.188.141:36075 -> 173.194.71.27:25
    tcp: 203.26.188.141:36072 -> 173.194.71.27:25
    udp: 0.0.0.0:39685 -> 0.0.0.0:0
    tcp: 203.26.188.141:44567 -> 212.48.20.23:25
    udp: 0.0.0.0:58350 -> 0.0.0.0:0
    udp: 0.0.0.0:34654 -> 0.0.0.0:0
    tcp: 203.26.188.141:36076 -> 173.194.71.27:25
    udp: 0.0.0.0:25990 -> 0.0.0.0:0
    tcp: 203.26.188.141:22956 -> 151.193.220.18:25
    tcp: 203.26.188.141:49680 -> 80.12.242.9:25
    udp: 0.0.0.0:23705 -> 0.0.0.0:0
    udp: 0.0.0.0:20980 -> 0.0.0.0:0
    tcp: 203.26.188.141:26686 -> 64.18.6.13:25
    tcp: 203.26.188.141:30278 -> 213.40.180.222:25
    tcp: 203.26.188.141:35884 -> 64.18.7.10:25
    udp: 0.0.0.0:24355 -> 0.0.0.0:0
    tcp: 203.26.188.141:27641 -> 207.35.222.155:25
    tcp: 203.26.188.141:33933 -> 65.54.188.110:25
    tcp: 203.26.188.141:36060 -> 173.194.71.27:25
    tcp: 203.26.188.141:26081 -> 212.27.48.6:25
    tcp: 203.26.188.141:22196 -> 196.14.176.125:25
    tcp: 203.26.188.141:31361 -> 64.12.90.97:25
    tcp: 203.26.188.141:31362 -> 64.12.90.97:25
    tcp: 203.26.188.141:58870 -> 69.93.203.243:25
    tcp: 203.26.188.141:54521 -> 216.129.90.46:25
    tcp: 203.26.188.141:57065 -> 71.74.56.243:25
    tcp: 203.26.188.141:54193 -> 207.250.41.134:25
    tcp: 203.26.188.141:56053 -> 208.65.145.3:25
    tcp: 203.26.188.141:23909 -> 130.230.162.20:25
    tcp: 203.26.188.141:60158 -> 200.34.200.251:25
    tcp: 203.26.188.141:24868 -> 74.208.5.90:25
    tcp: 203.26.188.141:30551 -> 108.179.42.125:25
    tcp: 203.26.188.141:40423 -> 168.10.172.4:25
    tcp: 203.26.188.141:50621 -> 69.41.254.31:25
    tcp: 203.26.188.141:33929 -> 65.54.188.110:25
    tcp: 203.26.188.141:36088 -> 173.194.71.27:25
    tcp: 203.26.188.141:42079 -> 65.246.45.252:25
    tcp: 203.26.188.141:37794 -> 62.103.147.198:25
    tcp: 203.26.188.141:34516 -> 173.194.64.27:25
    tcp: 203.26.188.141:46837 -> 173.194.68.26:25
    tcp: 203.26.188.141:44537 -> 212.48.20.23:25
    tcp: 203.26.188.141:37803 -> 62.103.147.198:25
    tcp: 203.26.188.141:57676 -> 147.188.128.129:25
    udp: 0.0.0.0:18832 -> 0.0.0.0:0
    tcp: 203.26.188.141:44550 -> 212.48.20.23:25
    tcp: 203.26.188.141:44552 -> 212.48.20.23:25
    tcp: 203.26.188.141:58099 -> 74.125.142.27:25
    tcp: 203.26.188.141:44559 -> 212.48.20.23:25
    tcp: 203.26.188.141:44561 -> 212.48.20.23:25
    tcp: 203.26.188.141:44563 -> 212.48.20.23:25
    tcp: 203.26.188.141:43609 -> 71.16.118.67:25
    tcp: 203.26.188.141:44569 -> 212.48.20.23:25
    tcp: 203.26.188.141:57106 -> 71.74.56.243:25
    tcp: 203.26.188.141:44572 -> 212.48.20.23:25
    tcp: 203.26.188.141:44574 -> 212.48.20.23:25
    tcp: 203.26.188.141:44576 -> 212.48.20.23:25
    tcp: 203.26.188.141:55943 -> 69.72.236.196:25
    tcp: 203.26.188.141:50027 -> 159.134.198.135:25
    udp: 0.0.0.0:31947 -> 0.0.0.0:0
    tcp: 203.26.188.141:20486 -> 64.98.36.4:25
    tcp: 203.26.188.141:44552 -> 32.97.182.142:25
    tcp: 203.26.188.141:32999 -> 200.147.36.15:25
    tcp: 203.26.188.141:27950 -> 72.35.23.4:25
    tcp: 203.26.188.141:36979 -> 66.210.173.31:25
    tcp: 203.26.188.141:47476 -> 208.65.145.1:25
    tcp: 203.26.188.141:40247 -> 72.167.238.201:25
    tcp: 203.26.188.141:33935 -> 65.54.188.110:25
    tcp: 203.26.188.141:48905 -> 65.111.165.108:25
    tcp: 203.26.188.141:20000 -> 54.247.117.159:25
    tcp: 203.26.188.141:36089 -> 173.194.71.27:25
    tcp: 203.26.188.141:36062 -> 173.194.71.27:25
    tcp: 203.26.188.141:36073 -> 173.194.71.27:25
    tcp: 203.26.188.141:36078 -> 173.194.71.27:25
    tcp: 203.26.188.141:36066 -> 173.194.71.27:25
    tcp: 203.26.188.141:39259 -> 64.18.6.10:25
    tcp: 203.26.188.141:36074 -> 173.194.71.27:25
    tcp: 203.26.188.141:36080 -> 173.194.71.27:25
    tcp: 203.26.188.141:36090 -> 173.194.71.27:25
    tcp: 203.26.188.141:36079 -> 173.194.71.27:25
    tcp: 203.26.188.141:36051 -> 173.194.71.27:25
    udp: 0.0.0.0:27699 -> 0.0.0.0:0
    tcp: 203.26.188.141:36064 -> 173.194.71.27:25
    udp: 0.0.0.0:29442 -> 0.0.0.0:0
    tcp: 203.26.188.141:36081 -> 173.194.71.27:25
    tcp: 203.26.188.141:36083 -> 173.194.71.27:25
    tcp: 203.26.188.141:36084 -> 173.194.71.27:25
    tcp: 203.26.188.141:36085 -> 173.194.71.27:25
    tcp: 203.26.188.141:31991 -> 206.252.39.11:25
    tcp: 203.26.188.141:56427 -> 206.78.91.9:25
    tcp: 203.26.188.141:49145 -> 208.65.144.2:25
    tcp: 203.26.188.141:24381 -> 12.102.252.75:25
    udp: 0.0.0.0:17632 -> 0.0.0.0:0
    tcp: 203.26.188.141:36373 -> 208.98.152.13:25
    tcp: 203.26.188.141:51516 -> 74.125.142.26:25
    tcp: 203.26.188.141:33947 -> 65.54.188.110:25
    tcp: 203.26.188.141:38335 -> 74.125.25.26:25
    tcp: 203.26.188.141:40067 -> 72.167.238.201:25
    tcp: 203.26.188.141:51143 -> 94.245.120.86:25
    tcp: 203.26.188.141:56732 -> 71.74.56.243:25
    tcp: 203.26.188.141:32933 -> 200.147.36.15:25
    tcp: 203.26.188.141:33931 -> 65.54.188.110:25
    tcp: 203.26.188.141:21890 -> 216.69.186.201:25
    tcp: 203.26.188.141:19969 -> 173.203.2.36:25
    tcp: 203.26.188.141:18967 -> 66.122.102.67:25
    tcp: 203.26.188.141:31407 -> 62.208.144.158:25
    tcp: 203.26.188.141:47854 -> 65.55.37.104:25
    tcp: 203.26.188.141:19063 -> 207.115.11.16:25
    tcp: 203.26.188.141:19886 -> 208.65.144.12:25
    tcp: 203.26.188.141:24546 -> 74.208.5.90:25
    tcp: 203.26.188.141:47909 -> 65.55.37.104:25
    tcp: 203.26.188.141:43646 -> 96.4.164.63:25
    tcp: 203.26.188.141:46998 -> 156.99.90.147:25
    tcp: 203.26.188.141:35407 -> 74.125.148.10:25
    tcp: 203.26.188.141:19080 -> 207.115.11.16:25
    tcp: 203.26.188.141:47843 -> 65.55.37.104:25
    tcp: 203.26.188.141:16496 -> 217.7.234.181:25
    tcp: 203.26.188.141:26352 -> 64.187.64.6:25
    tcp: 203.26.188.141:21541 -> 216.69.186.201:25
    tcp: 203.26.188.141:38210 -> 74.125.25.26:25
    udp: 0.0.0.0:55747 -> 0.0.0.0:0
    tcp: 203.26.188.141:33939 -> 65.54.188.110:25
    tcp: 203.26.188.141:23536 -> 111.67.14.117:25
    tcp: 203.26.188.141:47856 -> 65.55.37.104:25
    tcp: 203.26.188.141:23544 -> 208.62.148.9:25
    tcp: 203.26.188.141:32986 -> 200.147.36.15:25
    tcp: 203.26.188.141:20572 -> 216.70.64.97:25
    tcp: 203.26.188.141:47001 -> 206.210.128.6:25
    tcp: 203.26.188.141:47865 -> 65.55.37.104:25
    tcp: 203.26.188.141:19513 -> 66.179.173.93:25
    tcp: 203.26.188.141:47861 -> 65.55.37.104:25
    tcp: 203.26.188.141:31139 -> 65.183.182.71:25
    tcp: 203.26.188.141:32946 -> 200.147.36.15:25
    tcp: 203.26.188.141:51733 -> 74.125.142.26:25
    tcp: 203.26.188.141:33943 -> 65.54.188.110:25
    tcp: 203.26.188.141:32967 -> 200.147.36.15:25
    tcp: 203.26.188.141:47875 -> 65.55.37.104:25
    tcp: 203.26.188.141:30648 -> 63.241.189.10:25
    tcp: 203.26.188.141:47878 -> 65.55.37.104:25
    tcp: 203.26.188.141:47897 -> 65.55.37.104:25
    tcp: 203.26.188.141:24376 -> 12.102.252.75:25
    udp: 0.0.0.0:50688 -> 0.0.0.0:0
    tcp: 203.26.188.141:32993 -> 200.147.36.15:25
    tcp: 203.26.188.141:32995 -> 200.147.36.15:25
    tcp: 203.26.188.141:33001 -> 200.147.36.15:25
    tcp: 203.26.188.141:56607 -> 199.91.33.184:25
    tcp: 203.26.188.141:46760 -> 129.71.2.195:25
    tcp: 203.26.188.141:47884 -> 65.55.37.104:25
    tcp: 203.26.188.141:21824 -> 64.18.7.11:25
    tcp: 203.26.188.141:23988 -> 173.194.79.26:25
    tcp: 203.26.188.141:17045 -> 94.229.167.136:25
    tcp: 203.26.188.141:19529 -> 66.179.173.93:25
    tcp: 203.26.188.141:20418 -> 167.127.98.30:25
    tcp: 203.26.188.141:32839 -> 69.226.179.140:25
    tcp: 203.26.188.141:25591 -> 184.173.197.199:25
    tcp: 203.26.188.141:56499 -> 194.25.134.72:25
    tcp: 203.26.188.141:20045 -> 173.203.2.36:25
    tcp: 203.26.188.141:47841 -> 65.55.37.104:25
    tcp: 203.26.188.141:47900 -> 65.55.37.104:25
    tcp: 203.26.188.141:47903 -> 65.55.37.104:25


    Files open by the process (if any):

    /dev/null
    /dev/null
    /dev/null

    Memory maps by the process (if any):

    00400000-00403000 r-xp 00000000 fd:00 3317640
    /usr/local/bin/perl
    00602000-00603000 rwxp 00002000 fd:00 3317640
    /usr/local/bin/perl
    1c865000-1e5c0000 rwxp 1c865000 00:00 0
    [heap]
    2b6d5fc21000-2b6d5fc3d000 r-xp 00000000 fd:00 4032559
    /lib64/ld-2.5.so
    2b6d5fc3d000-2b6d5fc3f000 rwxp 2b6d5fc3d000 00:00 0
    2b6d5fe3d000-2b6d5fe3e000 r-xp 0001c000 fd:00 4032559
    /lib64/ld-2.5.so
    2b6d5fe3e000-2b6d5fe3f000 rwxp 0001d000 fd:00 4032559
    /lib64/ld-2.5.so
    2b6d5fe3f000-2b6d5fe50000 r-xp 00000000 fd:00 4032553
    /lib64/libresolv-2.5.so
    2b6d5fe50000-2b6d60050000 ---p 00011000 fd:00 4032553
    /lib64/libresolv-2.5.so
    2b6d60050000-2b6d60051000 r-xp 00011000 fd:00 4032553
    /lib64/libresolv-2.5.so
    2b6d60051000-2b6d60052000 rwxp 00012000 fd:00 4032553
    /lib64/libresolv-2.5.so
    2b6d60052000-2b6d60054000 rwxp 2b6d60052000 00:00 0
    2b6d60054000-2b6d60069000 r-xp 00000000 fd:00 4032549
    /lib64/libnsl-2.5.so
    2b6d60069000-2b6d60268000 ---p 00015000 fd:00 4032549
    /lib64/libnsl-2.5.so
    2b6d60268000-2b6d60269000 r-xp 00014000 fd:00 4032549
    /lib64/libnsl-2.5.so
    2b6d60269000-2b6d6026a000 rwxp 00015000 fd:00 4032549
    /lib64/libnsl-2.5.so
    2b6d6026a000-2b6d6026c000 rwxp 2b6d6026a000 00:00 0
    2b6d6026c000-2b6d6026e000 r-xp 00000000 fd:00 4032547
    /lib64/libdl-2.5.so
    2b6d6026e000-2b6d6046e000 ---p 00002000 fd:00 4032547
    /lib64/libdl-2.5.so
    2b6d6046e000-2b6d6046f000 r-xp 00002000 fd:00 4032547
    /lib64/libdl-2.5.so
    2b6d6046f000-2b6d60470000 rwxp 00003000 fd:00 4032547
    /lib64/libdl-2.5.so
    2b6d60470000-2b6d60471000 rwxp 2b6d60470000 00:00 0
    2b6d60471000-2b6d604f3000 r-xp 00000000 fd:00 4032548
    /lib64/libm-2.5.so
    2b6d604f3000-2b6d606f2000 ---p 00082000 fd:00 4032548
    /lib64/libm-2.5.so
    2b6d606f2000-2b6d606f3000 r-xp 00081000 fd:00 4032548
    /lib64/libm-2.5.so
    2b6d606f3000-2b6d606f4000 rwxp 00082000 fd:00 4032548
    /lib64/libm-2.5.so
     
  2. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Please do not post the same message in two different forum sections. I have deleted one copy and left this one in the Security section, as this may be security-related.

    What you have presented appears to be evidence of a Perl script making outbound connections, and a lot of them, to port 25 on remote servers. Port 25 is used to send mail. In short, you have a Perl script sending mail. You should work with your hosting provider to find the script and examine what it is doing. It may be that the Perl script is being used to send spam. Your hosting provider is in the best position to help you with this, and since it is in their interest to prevent spam from being sent, they have an interest in helping you identify and stop this if it is illegitimate.
     
Loading...

Share This Page