hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : How do I tracert spam on my server?
Reply

Hosting Security and Technology Configuring and optimizing web hosting servers and operating systems, developing administration scripts, building servers, protecting against hackers, and general security (SSL certificates, etc.)
Forum Jump

How do I tracert spam on my server?

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 09-22-2008, 09:46 AM
thedutchlaw thedutchlaw is offline
Newbie
  
Join Date: Sep 2008
Posts: 11

How do I tracert spam on my server?

Hello. I am using a plain Plesk Server, which is well secured as far as I know. It's running 300 websites.

I do have some clients who are using insecure PHP scripts, so sometimes there is a 20.000 e-mail queue, which is filled with spam.

I wish to look up the sender of spam easily.

Unfortunately 'cat /var/qmail/queue/0/3023230' will only tell me the date of the e-mail sent. If I look up in maillog, it will tell me if it was sent via SMTP or Apache.

But if it is sent via Apache, then I have a problem. I cannot tracert which specific php-file sends out the spam, even though I have a /var/log/spam_log according to tutorials, it doesn't help much.

How do you trace which PHP-file is exploited and sends out the spam?

Reply With Quote


Sponsored Links
  #2  
Old 09-22-2008, 10:04 AM
hosting_we3cares hosting_we3cares is offline
Aspiring Evangelist
  
Join Date: Aug 2008
Location: Right behind you.
Posts: 375
James@we3cares
Hi,

Try this,

http://www.webhostgear.com/353.html

<<signatures to be set up in your profile>>

Last edited by bear; 09-27-2008 at 12:13 PM.
Reply With Quote
  #3  
Old 09-22-2008, 11:15 AM
thedutchlaw thedutchlaw is offline
Newbie
  
Join Date: Sep 2008
Posts: 11
[root@server06 scripts]# /usr/local/nobody_check/nobody_check
Nobody Check 1.0.3 Current
Running on Plesk
Copyright (c) 2006 Wave Point Media Inc
Made available by wwwebhostgear.com
Options: kill bad proc=1 logging lvl=1
Initializing Scan on Mon Sep 22 17:10:18 CEST 2008 ...

httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean

Done Scanning
Clean Processes: 51
Your server is all clean and safe - keep up the good work!

[root@server06 scripts]#

[root@server05 scripts]# wget wwwebhostgear.com/projects/nobodycheck/in stall.sh
--17:10:40-- wwwebhostgear.com/projects/nobodycheck/install.sh
Resolving wwwebhostgear.com... 70.86.41.194
Connecting to wwwebhostgear.com|70.86.41.194|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1111 (1.1K) [application/x-sh]
Saving to: `install.sh'

100%[=======================================>] 1,111 --.-K/s in 0s

17:10:43 (96.3 MB/s) - `install.sh' saved [1111/1111]

[root@server05 scripts]# sh install.sh
Installing Nobody Check now...
Checking for existing install
Continuing...
--17:10:45-- wwwebhostgear.com/projects/nobodycheck/nobody_check.tar.g z
Resolving wwwebhostgear.com... 70.86.41.194
Connecting to wwwebhostgear.com|70.86.41.194|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2953 (2.9K) [application/x-tar]
Saving to: `nobody_check.tar.gz'

100%[=======================================>] 2,953 --.-K/s in 0.1s

17:10:45 (28.4 KB/s) - `nobody_check.tar.gz' saved [2953/2953]

nobody_check/
nobody_check/nobody_check
nobody_check/nc.conf
Cleaning up
*******************************
Nobody Check Install Complete!
*******************************
Installed to: /usr/local/nobody_check
Modify the config file nc.conf
[root@server05 scripts]#
[root@server05 scripts]# nano /usr/local/nobody_check/n
nc.conf nobody_check
[root@server05 scripts]# nano /usr/local/nobody_check/nc.conf
[root@server05 scripts]# /usr/local/nobody_check/nobody_check --help
^[[ANobody Check 1.0.3 Current
Running on Plesk
Copyright (c) 2006 Wave Point Media Inc
Made available by wwwebhostgear.com
Options: kill bad proc=1 logging lvl=1
Initializing Scan on Mon Sep 22 17:11:34 CEST 2008 ...
http d is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
httpd is httpd ...clean
DETECTION: Process 32236 with name httpd and path /var/www/vhosts/notabene.com/httpdocs/language/AhoK/httpd

Done Scanning
DETECTED Malicious Processes: 1
Your servers has found harmful processes - check them right away!
A detailed report has been emailed to dentist@john.nl

[root@server05 scripts]


First of all. Thank you!
But such a malicious process on what I thought was a protected server... does scare me a little.
How do they manage to get this process running, even though safemode is on... and they're in a chrooted environment.

Last edited by thedutchlaw; 09-22-2008 at 11:23 AM.
Reply With Quote
Sponsored Links
  #4  
Old 09-23-2008, 05:23 AM
hosting_we3cares hosting_we3cares is offline
Aspiring Evangelist
  
Join Date: Aug 2008
Location: Right behind you.
Posts: 375
Hi,

Chances are there when any of the webfolders are kept with permission 777.

Malicious users can upload their scripts inside that and execute them.

You may perform a security check in your server.

<<signatures to be set up in your profile>>

Last edited by bear; 09-27-2008 at 12:13 PM.
Reply With Quote
  #5  
Old 09-23-2008, 05:47 AM
rathin rathin is offline
Web Hosting Guru
  
Join Date: Dec 2007
Posts: 255
my httpd process running as nobody that will also cleaned up?

Reply With Quote
  #6  
Old 09-23-2008, 06:22 AM
hosting_we3cares hosting_we3cares is offline
Aspiring Evangelist
  
Join Date: Aug 2008
Location: Right behind you.
Posts: 375
Hi,

Nope, this script do not delete or cleanup any file or process. It will just check and warn you.

<<signatures to be set up in your profile>>

Last edited by bear; 09-27-2008 at 12:12 PM.
Reply With Quote
  #7  
Old 09-26-2008, 03:35 PM
thedutchlaw thedutchlaw is offline
Newbie
  
Join Date: Sep 2008
Posts: 11
Hello. Thanks for your answers. Unfortunatly there was no answer that helped me solve my spam problems.

I am looking for a techsupport guy who is willing to work for $20 per hour for me.

I need quite a few Linux server works to be done. It will be about 12-14 hours work.

Do you know one? Please send me a PB with his MSN or e-mail address. I prefer good experience and fast e-mail response time.
Are you one? Contact me via PM and send your MSN or e-mail address.

Reply With Quote
  #8  
Old 09-27-2008, 06:39 AM
thedutchlaw thedutchlaw is offline
Newbie
  
Join Date: Sep 2008
Posts: 11
Quote:
Nobody Check 1.0.3 Current on Plesk

Sat Sep 27 07:00:01 CEST 2008 on server05.google.nl Server Load: 07:00:01 up 9 days, 16:59, 0 users, load average: 0.22, 0.33, 0.34
Warning: Malicious Nobody Process Found
=========================================
Options: kill bad proc=1 logging lvl=1

SCAN SUMMARY
========================================

Clean Processes: 34
DETECTED Malicious Processes: 13


DETECTION DETAILS
========================================



DETECTION: Process 32448 with name perl and path /usr/bin/perl
DETECTION: Process 32436 with name perl and path /usr/bin/perl
DETECTION: Process 32432 with name perl and path /usr/bin/perl
DETECTION: Process 32429 with name perl and path /usr/bin/perl
DETECTION: Process 32424 with name perl and path /usr/bin/perl
DETECTION: Process 32422 with name perl and path /usr/bin/perl
DETECTION: Process 32420 with name perl and path /usr/bin/perl
DETECTION: Process 32418 with name perl and path /usr/bin/perl
DETECTION: Process 32416 with name perl and path /usr/bin/perl
DETECTION: Process 32353 with name perl and path /usr/bin/perl
DETECTION: Process 32351 with name perl and path /usr/bin/perl
DETECTION: Process 32349 with name perl and path /usr/bin/perl
DETECTION: Process 32347 with name perl and path /usr/bin/perl


Process ID: 32448 has been killed
Restuls for PID: 32448
total 0
dr-xr-xr-x 5 apache apache 0 Sep 27 06:06 .
dr-xr-xr-x 228 root root 0 Sep 17 13:53 ..
dr-xr-xr-x 2 apache apache 0 Sep 27 07:00 attr
-r-------- 1 apache apache 0 Sep 27 07:00 auxv
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cmdline
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cpuset
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 cwd -> /tmp
-r-------- 1 apache apache 0 Sep 27 07:00 environ
lrwxrwxrwx 1 apache apache 0 Sep 27 06:06 exe -> /usr/bin/perl
dr-x------ 2 apache apache 0 Sep 27 07:00 fd
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 loginuid
-r--r--r-- 1 apache apache 0 Sep 27 07:00 maps
-rw------- 1 apache apache 0 Sep 27 07:00 mem
-r--r--r-- 1 apache apache 0 Sep 27 07:00 mounts
-r-------- 1 apache apache 0 Sep 27 07:00 mountstats
-r--r--r-- 1 apache apache 0 Sep 27 07:00 numa_maps
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 oom_adj
-r--r--r-- 1 apache apache 0 Sep 27 07:00 oom_score
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 root -> /
-r--r--r-- 1 apache apache 0 Sep 27 07:00 schedstat
-r-------- 1 apache apache 0 Sep 27 07:00 smaps
-r--r--r-- 1 apache apache 0 Sep 27 06:06 stat
-r--r--r-- 1 apache apache 0 Sep 27 07:00 statm
-r--r--r-- 1 apache apache 0 Sep 27 07:00 status
dr-xr-xr-x 3 apache apache 0 Sep 27 07:00 task
-r--r--r-- 1 apache apache 0 Sep 27 07:00 wchan

Netstat:
tcp 0 0 132.102.91.12:49609 64.233.183.104:80 ESTABLISHED 32448/httpd

Environ:


Process ID: 32436 has been killed
Restuls for PID: 32436
total 0
dr-xr-xr-x 5 apache apache 0 Sep 27 06:06 .
dr-xr-xr-x 228 root root 0 Sep 17 13:53 ..
dr-xr-xr-x 2 apache apache 0 Sep 27 07:00 attr
-r-------- 1 apache apache 0 Sep 27 07:00 auxv
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cmdline
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cpuset
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 cwd -> /tmp
-r-------- 1 apache apache 0 Sep 27 07:00 environ
lrwxrwxrwx 1 apache apache 0 Sep 27 06:06 exe -> /usr/bin/perl
dr-x------ 2 apache apache 0 Sep 27 07:00 fd
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 loginuid
-r--r--r-- 1 apache apache 0 Sep 27 07:00 maps
-rw------- 1 apache apache 0 Sep 27 07:00 mem
-r--r--r-- 1 apache apache 0 Sep 27 07:00 mounts
-r-------- 1 apache apache 0 Sep 27 07:00 mountstats
-r--r--r-- 1 apache apache 0 Sep 27 07:00 numa_maps
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 oom_adj
-r--r--r-- 1 apache apache 0 Sep 27 07:00 oom_score
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 root -> /
-r--r--r-- 1 apache apache 0 Sep 27 07:00 schedstat
-r-------- 1 apache apache 0 Sep 27 07:00 smaps
-r--r--r-- 1 apache apache 0 Sep 27 06:06 stat
-r--r--r-- 1 apache apache 0 Sep 27 07:00 statm
-r--r--r-- 1 apache apache 0 Sep 27 07:00 status
dr-xr-xr-x 3 apache apache 0 Sep 27 07:00 task
-r--r--r-- 1 apache apache 0 Sep 27 07:00 wchan

Netstat:
tcp 0 0 132.102.91.12:49636 64.233.183.104:80 ESTABLISHED 32436/httpd

Environ:


Process ID: 32432 has been killed
Restuls for PID: 32432
total 0
dr-xr-xr-x 5 apache apache 0 Sep 27 06:06 .
dr-xr-xr-x 231 root root 0 Sep 17 13:53 ..
dr-xr-xr-x 2 apache apache 0 Sep 27 07:00 attr
-r-------- 1 apache apache 0 Sep 27 07:00 auxv
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cmdline
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cpuset
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 cwd -> /tmp
-r-------- 1 apache apache 0 Sep 27 07:00 environ
lrwxrwxrwx 1 apache apache 0 Sep 27 06:06 exe -> /usr/bin/perl
dr-x------ 2 apache apache 0 Sep 27 07:00 fd
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 loginuid
-r--r--r-- 1 apache apache 0 Sep 27 07:00 maps
-rw------- 1 apache apache 0 Sep 27 07:00 mem
-r--r--r-- 1 apache apache 0 Sep 27 07:00 mounts
-r-------- 1 apache apache 0 Sep 27 07:00 mountstats
-r--r--r-- 1 apache apache 0 Sep 27 07:00 numa_maps
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 oom_adj
-r--r--r-- 1 apache apache 0 Sep 27 07:00 oom_score
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 root -> /
-r--r--r-- 1 apache apache 0 Sep 27 07:00 schedstat
-r-------- 1 apache apache 0 Sep 27 07:00 smaps
-r--r--r-- 1 apache apache 0 Sep 27 06:06 stat
-r--r--r-- 1 apache apache 0 Sep 27 07:00 statm
-r--r--r-- 1 apache apache 0 Sep 27 07:00 status
dr-xr-xr-x 3 apache apache 0 Sep 27 07:00 task
-r--r--r-- 1 apache apache 0 Sep 27 07:00 wchan

Netstat:
tcp 0 0 132.102.91.12:49597 64.233.183.104:80 ESTABLISHED 32432/httpd

Environ:


Process ID: 32429 has been killed
Restuls for PID: 32429
total 0
dr-xr-xr-x 5 apache apache 0 Sep 27 06:06 .
dr-xr-xr-x 231 root root 0 Sep 17 13:53 ..
dr-xr-xr-x 2 apache apache 0 Sep 27 07:00 attr
-r-------- 1 apache apache 0 Sep 27 07:00 auxv
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cmdline
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cpuset
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 cwd -> /tmp
-r-------- 1 apache apache 0 Sep 27 07:00 environ
lrwxrwxrwx 1 apache apache 0 Sep 27 06:06 exe -> /usr/bin/perl
dr-x------ 2 apache apache 0 Sep 27 07:00 fd
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 loginuid
-r--r--r-- 1 apache apache 0 Sep 27 07:00 maps
-rw------- 1 apache apache 0 Sep 27 07:00 mem
-r--r--r-- 1 apache apache 0 Sep 27 06:19 mounts
-r-------- 1 apache apache 0 Sep 27 07:00 mountstats
-r--r--r-- 1 apache apache 0 Sep 27 07:00 numa_maps
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 oom_adj
-r--r--r-- 1 apache apache 0 Sep 27 07:00 oom_score
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 root -> /
-r--r--r-- 1 apache apache 0 Sep 27 07:00 schedstat
-r-------- 1 apache apache 0 Sep 27 07:00 smaps
-r--r--r-- 1 apache apache 0 Sep 27 06:06 stat
-r--r--r-- 1 apache apache 0 Sep 27 07:00 statm
-r--r--r-- 1 apache apache 0 Sep 27 07:00 status
dr-xr-xr-x 3 apache apache 0 Sep 27 07:00 task
-r--r--r-- 1 apache apache 0 Sep 27 07:00 wchan

Netstat:
tcp 0 0 132.102.91.12:49621 64.233.183.104:80 ESTABLISHED 32429/httpd

Environ:


Process ID: 32424 has been killed
Restuls for PID: 32424
total 0
dr-xr-xr-x 5 apache apache 0 Sep 27 06:06 .
dr-xr-xr-x 231 root root 0 Sep 17 13:53 ..
dr-xr-xr-x 2 apache apache 0 Sep 27 07:00 attr
-r-------- 1 apache apache 0 Sep 27 07:00 auxv
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cmdline
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cpuset
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 cwd -> /tmp
-r-------- 1 apache apache 0 Sep 27 07:00 environ
lrwxrwxrwx 1 apache apache 0 Sep 27 06:06 exe -> /usr/bin/perl
dr-x------ 2 apache apache 0 Sep 27 07:00 fd
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 loginuid
-r--r--r-- 1 apache apache 0 Sep 27 07:00 maps
-rw------- 1 apache apache 0 Sep 27 07:00 mem
-r--r--r-- 1 apache apache 0 Sep 27 07:00 mounts
-r-------- 1 apache apache 0 Sep 27 07:00 mountstats
-r--r--r-- 1 apache apache 0 Sep 27 07:00 numa_maps
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 oom_adj
-r--r--r-- 1 apache apache 0 Sep 27 07:00 oom_score
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 root -> /
-r--r--r-- 1 apache apache 0 Sep 27 07:00 schedstat
-r-------- 1 apache apache 0 Sep 27 07:00 smaps
-r--r--r-- 1 apache apache 0 Sep 27 06:06 stat
-r--r--r-- 1 apache apache 0 Sep 27 07:00 statm
-r--r--r-- 1 apache apache 0 Sep 27 07:00 status
dr-xr-xr-x 3 apache apache 0 Sep 27 07:00 task
-r--r--r-- 1 apache apache 0 Sep 27 07:00 wchan

Netstat:
tcp 0 0 132.102.91.12:49596 64.233.183.104:80 ESTABLISHED 32424/httpd

Environ:


Process ID: 32422 has been killed
Restuls for PID: 32422
total 0
dr-xr-xr-x 5 apache apache 0 Sep 27 06:06 .
dr-xr-xr-x 235 root root 0 Sep 17 13:53 ..
dr-xr-xr-x 2 apache apache 0 Sep 27 07:00 attr
-r-------- 1 apache apache 0 Sep 27 07:00 auxv
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cmdline
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cpuset
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 cwd -> /tmp
-r-------- 1 apache apache 0 Sep 27 07:00 environ
lrwxrwxrwx 1 apache apache 0 Sep 27 06:06 exe -> /usr/bin/perl
dr-x------ 2 apache apache 0 Sep 27 07:00 fd
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 loginuid
-r--r--r-- 1 apache apache 0 Sep 27 07:00 maps
-rw------- 1 apache apache 0 Sep 27 07:00 mem
-r--r--r-- 1 apache apache 0 Sep 27 07:00 mounts
-r-------- 1 apache apache 0 Sep 27 07:00 mountstats
-r--r--r-- 1 apache apache 0 Sep 27 07:00 numa_maps
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 oom_adj
-r--r--r-- 1 apache apache 0 Sep 27 07:00 oom_score
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 root -> /
-r--r--r-- 1 apache apache 0 Sep 27 07:00 schedstat
-r-------- 1 apache apache 0 Sep 27 07:00 smaps
-r--r--r-- 1 apache apache 0 Sep 27 06:06 stat
-r--r--r-- 1 apache apache 0 Sep 27 07:00 statm
-r--r--r-- 1 apache apache 0 Sep 27 07:00 status
dr-xr-xr-x 3 apache apache 0 Sep 27 07:00 task
-r--r--r-- 1 apache apache 0 Sep 27 07:00 wchan

Netstat:
tcp 0 0 132.102.91.12:49614 64.233.183.104:80 ESTABLISHED 32422/httpd

Environ:


Process ID: 32420 has been killed
Restuls for PID: 32420
total 0
dr-xr-xr-x 5 apache apache 0 Sep 27 06:06 .
dr-xr-xr-x 238 root root 0 Sep 17 13:53 ..
dr-xr-xr-x 2 apache apache 0 Sep 27 07:00 attr
-r-------- 1 apache apache 0 Sep 27 07:00 auxv
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cmdline
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cpuset
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 cwd -> /tmp
-r-------- 1 apache apache 0 Sep 27 07:00 environ
lrwxrwxrwx 1 apache apache 0 Sep 27 06:06 exe -> /usr/bin/perl
dr-x------ 2 apache apache 0 Sep 27 07:00 fd
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 loginuid
-r--r--r-- 1 apache apache 0 Sep 27 07:00 maps
-rw------- 1 apache apache 0 Sep 27 07:00 mem
-r--r--r-- 1 apache apache 0 Sep 27 07:00 mounts
-r-------- 1 apache apache 0 Sep 27 07:00 mountstats
-r--r--r-- 1 apache apache 0 Sep 27 07:00 numa_maps
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 oom_adj
-r--r--r-- 1 apache apache 0 Sep 27 07:00 oom_score
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 root -> /
-r--r--r-- 1 apache apache 0 Sep 27 07:00 schedstat
-r-------- 1 apache apache 0 Sep 27 07:00 smaps
-r--r--r-- 1 apache apache 0 Sep 27 06:06 stat
-r--r--r-- 1 apache apache 0 Sep 27 07:00 statm
-r--r--r-- 1 apache apache 0 Sep 27 07:00 status
dr-xr-xr-x 3 apache apache 0 Sep 27 07:00 task
-r--r--r-- 1 apache apache 0 Sep 27 07:00 wchan

Netstat:
tcp 0 0 132.102.91.12:49637 64.233.183.104:80 ESTABLISHED 32420/httpd

Environ:


Process ID: 32418 has been killed
Restuls for PID: 32418
total 0
dr-xr-xr-x 5 apache apache 0 Sep 27 06:06 .
dr-xr-xr-x 238 root root 0 Sep 17 13:53 ..
dr-xr-xr-x 2 apache apache 0 Sep 27 07:00 attr
-r-------- 1 apache apache 0 Sep 27 07:00 auxv
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cmdline
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cpuset
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 cwd -> /tmp
-r-------- 1 apache apache 0 Sep 27 07:00 environ
lrwxrwxrwx 1 apache apache 0 Sep 27 06:06 exe -> /usr/bin/perl
dr-x------ 2 apache apache 0 Sep 27 07:00 fd
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 loginuid
-r--r--r-- 1 apache apache 0 Sep 27 07:00 maps
-rw------- 1 apache apache 0 Sep 27 07:00 mem
-r--r--r-- 1 apache apache 0 Sep 27 07:00 mounts
-r-------- 1 apache apache 0 Sep 27 07:00 mountstats
-r--r--r-- 1 apache apache 0 Sep 27 07:00 numa_maps
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 oom_adj
-r--r--r-- 1 apache apache 0 Sep 27 07:00 oom_score
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 root -> /
-r--r--r-- 1 apache apache 0 Sep 27 07:00 schedstat
-r-------- 1 apache apache 0 Sep 27 07:00 smaps
-r--r--r-- 1 apache apache 0 Sep 27 06:06 stat
-r--r--r-- 1 apache apache 0 Sep 27 07:00 statm
-r--r--r-- 1 apache apache 0 Sep 27 07:00 status
dr-xr-xr-x 3 apache apache 0 Sep 27 07:00 task
-r--r--r-- 1 apache apache 0 Sep 27 07:00 wchan

Netstat:
tcp 0 0 132.102.91.12:49526 216.246.29.20:80 ESTABLISHED 32418/httpd

Environ:


Process ID: 32416 has been killed
Restuls for PID: 32416
total 0
dr-xr-xr-x 5 apache apache 0 Sep 27 06:06 .
dr-xr-xr-x 240 root root 0 Sep 17 13:53 ..
dr-xr-xr-x 2 apache apache 0 Sep 27 07:00 attr
-r-------- 1 apache apache 0 Sep 27 07:00 auxv
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cmdline
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cpuset
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 cwd -> /tmp
-r-------- 1 apache apache 0 Sep 27 07:00 environ
lrwxrwxrwx 1 apache apache 0 Sep 27 06:06 exe -> /usr/bin/perl
dr-x------ 2 apache apache 0 Sep 27 07:00 fd
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 loginuid
-r--r--r-- 1 apache apache 0 Sep 27 07:00 maps
-rw------- 1 apache apache 0 Sep 27 07:00 mem
-r--r--r-- 1 apache apache 0 Sep 27 06:07 mounts
-r-------- 1 apache apache 0 Sep 27 07:00 mountstats
-r--r--r-- 1 apache apache 0 Sep 27 07:00 numa_maps
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 oom_adj
-r--r--r-- 1 apache apache 0 Sep 27 07:00 oom_score
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 root -> /
-r--r--r-- 1 apache apache 0 Sep 27 07:00 schedstat
-r-------- 1 apache apache 0 Sep 27 07:00 smaps
-r--r--r-- 1 apache apache 0 Sep 27 06:06 stat
-r--r--r-- 1 apache apache 0 Sep 27 07:00 statm
-r--r--r-- 1 apache apache 0 Sep 27 07:00 status
dr-xr-xr-x 3 apache apache 0 Sep 27 07:00 task
-r--r--r-- 1 apache apache 0 Sep 27 07:00 wchan

Netstat:
tcp 0 1 132.102.91.12:46545 124.217.243.106:80 SYN_SENT 32416/httpd

Environ:


Process ID: 32353 has been killed
Restuls for PID: 32353
total 0
dr-xr-xr-x 5 apache apache 0 Sep 27 06:01 .
dr-xr-xr-x 241 root root 0 Sep 17 13:53 ..
dr-xr-xr-x 2 apache apache 0 Sep 27 07:00 attr
-r-------- 1 apache apache 0 Sep 27 07:00 auxv
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cmdline
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cpuset
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 cwd -> /tmp
-r-------- 1 apache apache 0 Sep 27 07:00 environ
lrwxrwxrwx 1 apache apache 0 Sep 27 06:01 exe -> /usr/bin/perl
dr-x------ 2 apache apache 0 Sep 27 07:00 fd
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 loginuid
-r--r--r-- 1 apache apache 0 Sep 27 07:00 maps
-rw------- 1 apache apache 0 Sep 27 07:00 mem
-r--r--r-- 1 apache apache 0 Sep 27 07:00 mounts
-r-------- 1 apache apache 0 Sep 27 07:00 mountstats
-r--r--r-- 1 apache apache 0 Sep 27 07:00 numa_maps
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 oom_adj
-r--r--r-- 1 apache apache 0 Sep 27 07:00 oom_score
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 root -> /
-r--r--r-- 1 apache apache 0 Sep 27 07:00 schedstat
-r-------- 1 apache apache 0 Sep 27 07:00 smaps
-r--r--r-- 1 apache apache 0 Sep 27 06:01 stat
-r--r--r-- 1 apache apache 0 Sep 27 07:00 statm
-r--r--r-- 1 apache apache 0 Sep 27 07:00 status
dr-xr-xr-x 3 apache apache 0 Sep 27 07:00 task
-r--r--r-- 1 apache apache 0 Sep 27 07:00 wchan

Netstat:
tcp 0 0 132.102.91.12:57449 128.143.21.244:80 ESTABLISHED 32353/httpd

Environ:


Process ID: 32351 has been killed
Restuls for PID: 32351
total 0
dr-xr-xr-x 5 apache apache 0 Sep 27 06:01 .
dr-xr-xr-x 243 root root 0 Sep 17 13:53 ..
dr-xr-xr-x 2 apache apache 0 Sep 27 07:00 attr
-r-------- 1 apache apache 0 Sep 27 07:00 auxv
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cmdline
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cpuset
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 cwd -> /tmp
-r-------- 1 apache apache 0 Sep 27 07:00 environ
lrwxrwxrwx 1 apache apache 0 Sep 27 06:01 exe -> /usr/bin/perl
dr-x------ 2 apache apache 0 Sep 27 07:00 fd
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 loginuid
-r--r--r-- 1 apache apache 0 Sep 27 07:00 maps
-rw------- 1 apache apache 0 Sep 27 07:00 mem
-r--r--r-- 1 apache apache 0 Sep 27 07:00 mounts
-r-------- 1 apache apache 0 Sep 27 07:00 mountstats
-r--r--r-- 1 apache apache 0 Sep 27 07:00 numa_maps
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 oom_adj
-r--r--r-- 1 apache apache 0 Sep 27 07:00 oom_score
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 root -> /
-r--r--r-- 1 apache apache 0 Sep 27 07:00 schedstat
-r-------- 1 apache apache 0 Sep 27 07:00 smaps
-r--r--r-- 1 apache apache 0 Sep 27 06:01 stat
-r--r--r-- 1 apache apache 0 Sep 27 07:00 statm
-r--r--r-- 1 apache apache 0 Sep 27 07:00 status
dr-xr-xr-x 3 apache apache 0 Sep 27 07:00 task
-r--r--r-- 1 apache apache 0 Sep 27 07:00 wchan

Netstat:
tcp 0 0 132.102.91.12:49604 64.233.183.104:80 ESTABLISHED 32351/httpd

Environ:


Process ID: 32349 has been killed
Restuls for PID: 32349
total 0
dr-xr-xr-x 5 apache apache 0 Sep 27 06:01 .
dr-xr-xr-x 225 root root 0 Sep 17 13:53 ..
dr-xr-xr-x 2 apache apache 0 Sep 27 07:00 attr
-r-------- 1 apache apache 0 Sep 27 07:00 auxv
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cmdline
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cpuset
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 cwd -> /tmp
-r-------- 1 apache apache 0 Sep 27 07:00 environ
lrwxrwxrwx 1 apache apache 0 Sep 27 06:01 exe -> /usr/bin/perl
dr-x------ 2 apache apache 0 Sep 27 07:00 fd
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 loginuid
-r--r--r-- 1 apache apache 0 Sep 27 07:00 maps
-rw------- 1 apache apache 0 Sep 27 07:00 mem
-r--r--r-- 1 apache apache 0 Sep 27 07:00 mounts
-r-------- 1 apache apache 0 Sep 27 07:00 mountstats
-r--r--r-- 1 apache apache 0 Sep 27 07:00 numa_maps
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 oom_adj
-r--r--r-- 1 apache apache 0 Sep 27 07:00 oom_score
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 root -> /
-r--r--r-- 1 apache apache 0 Sep 27 07:00 schedstat
-r-------- 1 apache apache 0 Sep 27 07:00 smaps
-r--r--r-- 1 apache apache 0 Sep 27 06:01 stat
-r--r--r-- 1 apache apache 0 Sep 27 07:00 statm
-r--r--r-- 1 apache apache 0 Sep 27 07:00 status
dr-xr-xr-x 3 apache apache 0 Sep 27 07:00 task
-r--r--r-- 1 apache apache 0 Sep 27 07:00 wchan

Netstat:
tcp 0 0 132.102.91.12:49611 64.233.183.104:80 ESTABLISHED 32349/httpd

Environ:


Process ID: 32347 has been killed
Restuls for PID: 32347
total 0
dr-xr-xr-x 5 apache apache 0 Sep 27 06:01 .
dr-xr-xr-x 226 root root 0 Sep 17 13:53 ..
dr-xr-xr-x 2 apache apache 0 Sep 27 07:00 attr
-r-------- 1 apache apache 0 Sep 27 07:00 auxv
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cmdline
-r--r--r-- 1 apache apache 0 Sep 27 07:00 cpuset
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 cwd -> /tmp
-r-------- 1 apache apache 0 Sep 27 07:00 environ
lrwxrwxrwx 1 apache apache 0 Sep 27 06:01 exe -> /usr/bin/perl
dr-x------ 2 apache apache 0 Sep 27 07:00 fd
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 loginuid
-r--r--r-- 1 apache apache 0 Sep 27 07:00 maps
-rw------- 1 apache apache 0 Sep 27 07:00 mem
-r--r--r-- 1 apache apache 0 Sep 27 07:00 mounts
-r-------- 1 apache apache 0 Sep 27 07:00 mountstats
-r--r--r-- 1 apache apache 0 Sep 27 07:00 numa_maps
-rw-r--r-- 1 apache apache 0 Sep 27 07:00 oom_adj
-r--r--r-- 1 apache apache 0 Sep 27 07:00 oom_score
lrwxrwxrwx 1 apache apache 0 Sep 27 07:00 root -> /
-r--r--r-- 1 apache apache 0 Sep 27 07:00 schedstat
-r-------- 1 apache apache 0 Sep 27 07:00 smaps
-r--r--r-- 1 apache apache 0 Sep 27 06:01 stat
-r--r--r-- 1 apache apache 0 Sep 27 07:00 statm
-r--r--r-- 1 apache apache 0 Sep 27 07:00 status
dr-xr-xr-x 3 apache apache 0 Sep 27 07:00 task
-r--r--r-- 1 apache apache 0 Sep 27 07:00 wchan

Netstat:
tcp 0 178 132.102.91.12:42142 75.126.154.248:80 ESTABLISHED 32347/httpd

Environ:




Server Admin action is required immediately.
Not sure what to do about this?
Hire an Expert http://www.webhostgear.com/quote Generated by WebHostGear.com Nobody Check
Feel free to comment. I have some technical server problems that will eventually cost me clients.

Reply With Quote
  #9  
Old 04-29-2010, 01:54 AM
nileshparmar nileshparmar is offline
Web Hosting Evangelist
  
Join Date: Aug 2008
Location: India
Posts: 481
Quote:
Originally Posted by hosting_we3cares View Post
Hi,

Try this,

http://www.webhostgear.com/353.html

<<signatures to be set up in your profile>>
The download link is not working

ttp://www.webhostgear.com/projects/nobodycheck/install.sh

Code:
root@server[~]# wget http://www.webhostgear.com/projects/nobodycheck/install.sh
--2010-04-29 11:06:57--  http://www.webhostgear.com/projects/nobodycheck/install.sh
Resolving www.webhostgear.com... 69.164.214.105
Connecting to www.webhostgear.com|69.164.214.105|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2010-04-29 11:06:57 ERROR 404: Not Found.

Reply With Quote
  #10  
Old 04-29-2010, 03:22 AM
david510 david510 is offline
Web Hosting Master
  
Join Date: Oct 2004
Location: Kerala, India
Posts: 4,617
Have a check with them. We may not have another copy in other sites.

Reply With Quote
Reply

Related posts from TheWhir.com
Title Type Date Posted
Outbound Spam Causing Sleepless Nights? Blog 2013-05-13 09:52:21
InterNetX Launches Server Administration Software Web Hosting News 2011-12-22 22:06:48
Security Firm eleven Report Finds 89 Percent Spam Increase Since July Web Hosting News 2011-10-12 19:04:26
Email Security Firm eleven Expects Obselecense of Blacklist Anti-Spam Solutions Web Hosting News 2011-09-15 17:03:15
eleven Email Security Report Finds Decrease in US Spam Web Hosting News 2011-06-16 19:17:06


« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:

US Attorney says Government Should Have Warrants to Search Email

8kMiles Acquires Cloud Security Firm FuGen Solutions for $7.5 Million

Name.com Resets Customer Passwords After Security Breach

Outbound Spam Causing Sleepless Nights?

Malwarebytes Launches Data Scan-and-Backup Service

Commtouch Report: Spam, Malware Continues to Increase in Q1 2013

Researchers Urge System Admins to Check for New Apache Web Server Backdoor Malware

APWG Study Finds Phishers Increasingly Target Shared Virtual Servers

Man Arrested in Connection to Spamhaus DDoS Attacks

Cisco Researcher Discovers Possible Exploit Vector for DarkLeech Attacks



 

Learn more about advertising opportunities across the iNET Interactive Network.

LiquidWeb
X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?