vivaxone
Mar 12 2005, 11:50 PM
anyone knows what that is....
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
24004 nobody 25 0 984 784 568 R 49.6 0.1 45:40 0 sh
23980 nobody 25 0 980 776 560 R 49.6 0.1 45:09 0 sh
these two sh command are killing my server
please let me know
Vivax One
theuruguayan
Mar 13 2005, 10:33 AM
not sure, but for what it looks is that someone manage to put a script inside your folder.
check /tmp folder or /var/tmp or /dev/shm for it.
but i seen it already in other servers.
carlos
Gary Simat
Mar 14 2005, 01:13 AM
also issue a "killall -9 sh" to kill off those process. sounds like either someone has a php script running that or soemones exploited your temp partitions with a vuln php script or such... making /tmp no exec could help but must likly it wont. I would disable some insecure php commands inside your php.ini file as well. also try mod_security. phpsuexec wont hurt either, you can pinpoint this down a little better.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.