possibly hacked
olga at urbantimes.net
olga at urbantimes.net
Thu Nov 16 16:26:20 UTC 2006
Hi,
I wrote about kernel errors which somebody pointed out was because the
server was running out of memory.
Now I found the following which makes me think that that server may have
been compromized.
Here's what I get when I issued: netstat -nap
tcp 0 0 131.x.x.x:38423 72.x.x.x:80 ESTABLISHED 5226/ps x
tcp 0 0 131.x.x.x:38420 72.x.x.x:80 ESTABLISHED 5365/ps x
About a hundred instances of that program 'ps x' running.
Also here's what ps -ef produced:
apache 6323 1 0 10:30 ? 00:00:00 ps x
apache 6324 1 0 10:30 ? 00:00:00 ps x
apache 6326 1 0 10:30 ? 00:00:00 ps x
apache 6328 1 0 10:30 ? 00:00:00 ps x
apache 6330 1 0 10:30 ? 00:00:00 ps x
Again there are a lot of these?
Any insight anyone?
Thank you.
Olga
More information about the fedora-list
mailing list