• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Hacked? Need help ...

G

graffix

Guest
Hello,

we have running Plesk 7.5.3 on a Fedora Core 2 Box.
Today i see under ps axu the following process:

/usr/sbin/-e

What is that?

I look in the process list over webmin, and i see that the connections to:

/home/..../customersite/httppdocs/CHATPROGRAMM

Than to root -> /usr/sbin/httpd

Than is follwing connections and open files tto /libs and so on.

Any idea?

Thanks
 
Someone has exploited your system, Id say its a bot, web shell, etc. Something like that. Looks like they compromised the system through a web application
 
Have seen this from a user using a hacked script / warez software... is becoming common with hacked scripts to have keyloggers, and backdoors in them.

Have all users edit every part of their hacked scripts and stolen software and check for suspicous coded email addresses and keyloggers.
 
You must log in or register to reply here.

Similar threads

S
Issue Too many connections (Several plesk servers same problem in the last week)
Replies
8
Views
1K
SalvadorS
S
B
Resolved Can't start mariadb, nor the mysql service.
Replies
12
Views
7K
bitrogers
B
A
Issue Not closing 127.0.0.1:12346 connections
Replies
1
Views
24K
IgorG
IgorG
S
Resolved 500 Plesk\Exception\Database
Replies
3
Views
4K
weltonw
W
Endre
Issue Server Error 500 Plesk\Exception\Database DB query failed: SQLSTATE[HY000] [2002] No such file or directory
Replies
15
Views
8K
MihaiNecreala
M
Back
Top