Hacked? Need help ...

graffix · Jul 16, 2005

Hello,

we have running Plesk 7.5.3 on a Fedora Core 2 Box.
Today i see under ps axu the following process:

/usr/sbin/-e

What is that?

I look in the process list over webmin, and i see that the connections to:

/home/..../customersite/httppdocs/CHATPROGRAMM

Than to root -> /usr/sbin/httpd

Than is follwing connections and open files tto /libs and so on.

Any idea?

Thanks

atomicturtle · Jul 16, 2005

Someone has exploited your system, Id say its a bot, web shell, etc. Something like that. Looks like they compromised the system through a web application

MrBafner · Jul 31, 2005

Have seen this from a user using a hacked script / warez software... is becoming common with hacked scripts to have keyloggers, and backdoors in them.

Have all users edit every part of their hacked scripts and stolen software and check for suspicous coded email addresses and keyloggers.

AlbertS · Jul 31, 2005

if ur the one who made

http://www.grafxsoftware.com/util/PLESK-HOWTO.txt

I ques my system is not safe asswell?

EDIT (..)
Ques ur not the one who made that howto.. U should read it, and preform it on ur systems.. Works verry good without much effort.

Hacked? Need help ...

graffix

Guest

atomicturtle

Golden Pleskian

MrBafner

Guest

AlbertS

Guest

Similar threads