• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Hacked? Need help ...

G

graffix

Guest
Hello,

we have running Plesk 7.5.3 on a Fedora Core 2 Box.
Today i see under ps axu the following process:

/usr/sbin/-e

What is that?

I look in the process list over webmin, and i see that the connections to:

/home/..../customersite/httppdocs/CHATPROGRAMM

Than to root -> /usr/sbin/httpd

Than is follwing connections and open files tto /libs and so on.

Any idea?

Thanks
 
Someone has exploited your system, Id say its a bot, web shell, etc. Something like that. Looks like they compromised the system through a web application
 
Have seen this from a user using a hacked script / warez software... is becoming common with hacked scripts to have keyloggers, and backdoors in them.

Have all users edit every part of their hacked scripts and stolen software and check for suspicous coded email addresses and keyloggers.
 
You must log in or register to reply here.

Similar threads

immc
Issue Websocket configuration, site can't be reached
Replies
1
Views
1K
immc
immc
M
Resolved Failed to start The Apache HTTP Server: SELinux impedisce a /usr/sbin/httpd un accesso open su file /var/log/modsec_audit.log. -- SOLVED --
Replies
0
Views
3K
mmcomputers
M
R
Issue need help error mariadb
Replies
17
Views
7K
ramater
R
H
Question SSH user can see other subdomain directories even with chrooted shell?
Replies
3
Views
3K
Raul A.
R
S
Issue Error changing from litespeed to apache
Replies
2
Views
3K
mow
M
Back
Top