var sidebar_align = 'right';
var content_container_margin = parseInt('350px');
var sidebar_width = parseInt('330px');
I believe one or more of my client's sites have been exploited. From time to time I notice proc utilization increasing and I have found a few processes running as nobody that once I kill them everything returns to normal.
Is there an easy way to locate the origin? I am assuming that it is due to an exploit running in one of my client's php sites.
My best first suggestion would be to if possible make the spawned php processes run as the user. That will help you trace it to which account is launching them.
if there are process id's you could use ll /proc/ then put the process id at the end
Master Reseller Accounts
If you post the name of the process using most of your resources then that may help in identifying it.
You can also use lsof (list open files) to see where in the filesystem the process may be coming from. use ps or top to find the PID (process id) and then run:
lsof | grep PID | more
BSD based hosting for smart people
:: FreeBSD and OpenBSD Hosting Powered By Xen
IRC: #rootbsd on freenode
Well wouldn't you know. Now that I am waiting for it to happen again everything is fine LOL.
I will post more information if and when it happens again. Thanks,