Portal Home > Knowledgebase > Articles Database > At a lose with server errors
At a lose with server errors
| Posted by elygen, 05-04-2005, 10:07 AM |
| I am reselling with a company called varhosting. One of my accounts is throwing some errors to the server. They cant help me and im at a lose. they say a script is running called udp.pl. as far as i know this file is not located on the server at all. All the scripts running are php. here are the errors the datacenter is sending them
12277 flateart Ê25 Ê 0 Ê1688 1688 Ê1184 R Ê Ê 6.0 Ê0.0 Ê 1:23 Ê 3 perl udp.pl 200.101.44.239 0 999
9484 flateart Ê25 Ê 0 Ê1688 1688 Ê1184 R Ê Ê 4.7 Ê0.0 Ê 2:53 Ê 2 perl udp.pl 201.25.66.225 0 999
9475 flateart Ê21 Ê 0 Ê4260 4260 Ê2808 S Ê Ê 0.0 Ê0.2 Ê 0:00 Ê 1 /usr/bin/php
9483 flateart Ê21 Ê 0 Ê 976 Ê976 Ê 856 S Ê Ê 0.0 Ê0.0 Ê 0:00 Ê 1 sh -c cd /tmp;perl udp.pl 201.25.66.225 0 999 1> /tmp/phpshellvQaoIh 2>&1; cat /tmp/phpshe
9486 flateart Ê25 Ê 0 Ê 964 Ê964 Ê 852 S Ê Ê 0.0 Ê0.0 Ê 0:00 Ê 0 sh -c (sleep 999;killall -9 udp) &
9487 flateart Ê25 Ê 0 Ê 512 Ê512 Ê 436 S Ê Ê 0.0 Ê0.0 Ê 0:00 Ê 0 sleep 999
12273 flateart Ê21 Ê 0 Ê4260 4260 Ê2808 S Ê Ê 0.0 Ê0.2 Ê 0:00 Ê 1 /usr/bin/php
12276 flateart Ê21 Ê 0 Ê 976 Ê976 Ê 856 S Ê Ê 0.0 Ê0.0 Ê 0:00 Ê 0 sh -c cd /tmp;perl udp.pl 200.101.44.239 0 999 1> /tmp/phpshell3tgO7A 2>&1; cat /tmp/phpsh
12279 flateart Ê24 Ê 0 Ê 968 Ê968 Ê 852 S Ê Ê 0.0 Ê0.0 Ê 0:00 Ê 0 sh -c (sleep 999;killall -9 udp) &
12280 flateart Ê24 Ê 0 Ê 512 Ê512 Ê 436 S Ê Ê 0.0 Ê0.0 Ê 0:00 Ê 1 sleep 999
root@node106 [/tmp]# ls -la | grep flateart
---------- Ê Ê1 flateart flateart Ê Ê11269 Jul 16 Ê2004 bd.pl
---------- Ê Ê1 flateart flateart Ê Ê 1089 Feb 26 Ê2001 udp.pl
Please someone help me with this. they said the account will be suspended indefinatly. please let me know if you need more information.
thanks
Todd
|
| Posted by Mad_Elektra, 05-04-2005, 10:17 AM |
| Is that something to do with Perl?
I'm on server 106 too. But mine's an on and off PHP - SQL problem. Maybe, just maybe, they are installing the new suPHP stuffs. They must be busy debugging it as well... I saw that on their forum....
But node106 is really a problematic server...
|
| Posted by elygen, 05-04-2005, 10:45 AM |
| i dont have any perl on the site. i dont know it. I thought i may have isolated it to an old sql script. but they told me that suphp is not related to my problem. what changes have you made to correct the problem, if you have correctede any problems
|
| Posted by Russ Foster, 05-04-2005, 10:50 AM |
| It looks like the account has been hacked and a DDOS bot installed, probably via an unsecure PHPBB or PHPNuke install. I would say it is their problem as its probably something in /tmp
Rus
|
| Posted by elygen, 05-04-2005, 11:22 AM |
| I noticed that zen-cart was still partialy installed. could this have been an gateway for hackers. they say this is my fault and are going to suspend me for good. Should i be fighting the issue or looking for a problem.
Thanks for the quick responses by the way.
|
| Posted by Mad_Elektra, 05-04-2005, 11:34 AM |
| No. The problem hasn't been resolved... I even got problem in login in AccountLab...
|
| Posted by elygen, 05-04-2005, 11:44 AM |
| Im using clientexec. that seems to be working well.
|
Add to Favourites 
Print this Article
Also Read
Shared Hosting
Shared Hosting
