Facebook
Twitter
swopedesign
Regular Pleskian
My VPS host claims that SiteBuilder 4.5 is being exploited so that suspicious processes are running on my VPS. Has anyone else had this issue? This is also occurring that I have 1 Web Presence Builder site (and I know WPB was going to be called SiteBuilder 5) which errors every time a new blog entry is created (posted in another thread, but no response yet to that problem with Plesk product). I do not know if the problems are related and the VPS admins can't seem to determine it either.
Below are the email messages I receive from my server regarding the SiteBuilder vulnerability when it is exploited apparently:
1)
Time: Thu Oct 18 13:31:41 2012 -0500
File: /tmp/.state
Reason: Suspicious directory
Owner: apache:apache (48:48)
Action: No action taken
2)
Time: Thu Oct 18 13:31:41 2012 -0500
File: /tmp/d1e.txt.1
Reason: Script, starts with #!
Owner: apache:apache (48:48)
Action: No action taken
3)
Time: Thu Oct 18 13:31:41 2012 -0500
File: /tmp/d1e.txt
Reason: Script, starts with #!
Owner: apache:apache (48:48)
Action: No action taken
4)
Time: Thu Oct 18 13:36:47 2012 -0500
Account: apache
Resource: Process Time
Exceeded: 14765 > 1800 (seconds)
Executable: /usr/bin/perl
Command Line: /usr/sbin/apache/asterisks
PID: 30003
Killed: No
5)
Time: Thu Oct 18 13:36:47 2012 -0500
PID: 30003
Account: apache
Uptime: 14765 seconds
Executable:
/usr/bin/perl
Command Line (often faked in exploits):
/usr/sbin/apache/asterisks
Network connections by the process (if any):
tcp: 67.222.1.151:42265 -> 173.203.58.251:8080
Files open by the process (if any):
/usr/local/sitebuilder/htdocs/index.php
Memory maps by the process (if any):
08048000-0804b000 r-xp 00000000 00:b6 223894519 /usr/bin/perl
0804b000-0804c000 rw-p 00002000 00:b6 223894519 /usr/bin/perl
090df000-0926b000 rw-p 090df000 00:00 0 [heap]
b7c19000-b7c23000 r-xp 00000000 00:b6 221283262 /lib/libnss_files-2.5.so
b7c23000-b7c24000 r--p 00009000 00:b6 221283262 /lib/libnss_files-2.5.so
b7c24000-b7c25000 rw-p 0000a000 00:b6 221283262 /lib/libnss_files-2.5.so
b7c2e000-b7c33000 r-xp 00000000 00:b6 232816108 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Socket/Socket.so
b7c33000-b7c34000 rw-p 00004000 00:b6 232816108 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Socket/Socket.so
b7c34000-b7c56000 rw-p b7c34000 00:00 0
b7c56000-b7da9000 r-xp 00000000 00:b6 221283227 /lib/libc-2.5.so
b7da9000-b7dab000 r--p 00153000 00:b6 221283227 /lib/libc-2.5.so
b7dab000-b7dac000 rw-p 00155000 00:b6 221283227 /lib/libc-2.5.so
b7dac000-b7daf000 rw-p b7dac000 00:00 0
b7daf000-b7dc4000 r-xp 00000000 00:b6 221283273 /lib/libpthread-2.5.so
b7dc4000-b7dc5000 r--p 00015000 00:b6 221283273 /lib/libpthread-2.5.so
b7dc5000-b7dc6000 rw-p 00016000 00:b6 221283273 /lib/libpthread-2.5.so
b7dc6000-b7dc8000 rw-p b7dc6000 00:00 0
b7dc8000-b7dca000 r-xp 00000000 00:b6 221283287 /lib/libutil-2.5.so
b7dca000-b7dcb000 r--p 00001000 00:b6 221283287 /lib/libutil-2.5.so
b7dcb000-b7dcc000 rw-p 00002000 00:b6 221283287 /lib/libutil-2.5.so
b7dcc000-b7dcd000 rw-p b7dcc000 00:00 0
b7dcd000-b7dd6000 r-xp 00000000 00:b6 221283230 /lib/libcrypt-2.5.so
b7dd6000-b7dd7000 r--p 00008000 00:b6 221283230 /lib/libcrypt-2.5.so
b7dd7000-b7dd8000 rw-p 00009000 00:b6 221283230 /lib/libcrypt-2.5.so
b7dd8000-b7dff000 rw-p b7dd8000 00:00 0
b7dff000-b7e26000 r-xp 00000000 00:b6 221283258 /lib/libm-2.5.so
b7e26000-b7e27000 r--p 00026000 00:b6 221283258 /lib/libm-2.5.so
b7e27000-b7e28000 rw-p 00027000 00:b6 221283258 /lib/libm-2.5.so
b7e28000-b7e2b000 r-xp 00000000 00:b6 221283239 /lib/libdl-2.5.so
b7e2b000-b7e2c000 r--p 00002000 00:b6 221283239 /lib/libdl-2.5.so
b7e2c000-b7e2d000 rw-p 00003000 00:b6 221283239 /lib/libdl-2.5.so
b7e2d000-b7e42000 r-xp 00000000 00:b6 221283259 /lib/libnsl-2.5.so
b7e42000-b7e43000 r--p 00014000 00:b6 221283259 /lib/libnsl-2.5.so
b7e43000-b7e44000 rw-p 00015000 00:b6 221283259 /lib/libnsl-2.5.so
b7e44000-b7e46000 rw-p b7e44000 00:00 0
b7e46000-b7e56000 r-xp 00000000 00:b6 221283274 /lib/libresolv-2.5.so
b7e56000-b7e57000 r--p 0000f000 00:b6 221283274 /lib/libresolv-2.5.so
b7e57000-b7e58000 rw-p 00010000 00:b6 221283274 /lib/libresolv-2.5.so
b7e58000-b7e5a000 rw-p b7e58000 00:00 0
b7e5e000-b7e62000 r-xp 00000000 00:b6 232815947 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so
b7e62000-b7e63000 rw-p 00003000 00:b6 232815947 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so
b7e63000-b7f8e000 r-xp 00000000 00:b6 232815803 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
b7f8e000-b7f93000 rw-p 0012a000 00:b6 232815803 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
b7f93000-b7f96000 rw-p b7f93000 00:00 0
b7f96000-b7fb1000 r-xp 00000000 00:b6 221283218 /lib/ld-2.5.so
b7fb1000-b7fb2000 r--p 0001a000 00:b6 221283218 /lib/ld-2.5.so
b7fb2000-b7fb3000 rw-p 0001b000 00:b6 221283218 /lib/ld-2.5.so
bf8e3000-bf8f8000 rw-p 7ffffffe9000 00:00 0 [stack]
Below are the email messages I receive from my server regarding the SiteBuilder vulnerability when it is exploited apparently:
1)
Time: Thu Oct 18 13:31:41 2012 -0500
File: /tmp/.state
Reason: Suspicious directory
Owner: apache:apache (48:48)
Action: No action taken
2)
Time: Thu Oct 18 13:31:41 2012 -0500
File: /tmp/d1e.txt.1
Reason: Script, starts with #!
Owner: apache:apache (48:48)
Action: No action taken
3)
Time: Thu Oct 18 13:31:41 2012 -0500
File: /tmp/d1e.txt
Reason: Script, starts with #!
Owner: apache:apache (48:48)
Action: No action taken
4)
Time: Thu Oct 18 13:36:47 2012 -0500
Account: apache
Resource: Process Time
Exceeded: 14765 > 1800 (seconds)
Executable: /usr/bin/perl
Command Line: /usr/sbin/apache/asterisks
PID: 30003
Killed: No
5)
Time: Thu Oct 18 13:36:47 2012 -0500
PID: 30003
Account: apache
Uptime: 14765 seconds
Executable:
/usr/bin/perl
Command Line (often faked in exploits):
/usr/sbin/apache/asterisks
Network connections by the process (if any):
tcp: 67.222.1.151:42265 -> 173.203.58.251:8080
Files open by the process (if any):
/usr/local/sitebuilder/htdocs/index.php
Memory maps by the process (if any):
08048000-0804b000 r-xp 00000000 00:b6 223894519 /usr/bin/perl
0804b000-0804c000 rw-p 00002000 00:b6 223894519 /usr/bin/perl
090df000-0926b000 rw-p 090df000 00:00 0 [heap]
b7c19000-b7c23000 r-xp 00000000 00:b6 221283262 /lib/libnss_files-2.5.so
b7c23000-b7c24000 r--p 00009000 00:b6 221283262 /lib/libnss_files-2.5.so
b7c24000-b7c25000 rw-p 0000a000 00:b6 221283262 /lib/libnss_files-2.5.so
b7c2e000-b7c33000 r-xp 00000000 00:b6 232816108 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Socket/Socket.so
b7c33000-b7c34000 rw-p 00004000 00:b6 232816108 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Socket/Socket.so
b7c34000-b7c56000 rw-p b7c34000 00:00 0
b7c56000-b7da9000 r-xp 00000000 00:b6 221283227 /lib/libc-2.5.so
b7da9000-b7dab000 r--p 00153000 00:b6 221283227 /lib/libc-2.5.so
b7dab000-b7dac000 rw-p 00155000 00:b6 221283227 /lib/libc-2.5.so
b7dac000-b7daf000 rw-p b7dac000 00:00 0
b7daf000-b7dc4000 r-xp 00000000 00:b6 221283273 /lib/libpthread-2.5.so
b7dc4000-b7dc5000 r--p 00015000 00:b6 221283273 /lib/libpthread-2.5.so
b7dc5000-b7dc6000 rw-p 00016000 00:b6 221283273 /lib/libpthread-2.5.so
b7dc6000-b7dc8000 rw-p b7dc6000 00:00 0
b7dc8000-b7dca000 r-xp 00000000 00:b6 221283287 /lib/libutil-2.5.so
b7dca000-b7dcb000 r--p 00001000 00:b6 221283287 /lib/libutil-2.5.so
b7dcb000-b7dcc000 rw-p 00002000 00:b6 221283287 /lib/libutil-2.5.so
b7dcc000-b7dcd000 rw-p b7dcc000 00:00 0
b7dcd000-b7dd6000 r-xp 00000000 00:b6 221283230 /lib/libcrypt-2.5.so
b7dd6000-b7dd7000 r--p 00008000 00:b6 221283230 /lib/libcrypt-2.5.so
b7dd7000-b7dd8000 rw-p 00009000 00:b6 221283230 /lib/libcrypt-2.5.so
b7dd8000-b7dff000 rw-p b7dd8000 00:00 0
b7dff000-b7e26000 r-xp 00000000 00:b6 221283258 /lib/libm-2.5.so
b7e26000-b7e27000 r--p 00026000 00:b6 221283258 /lib/libm-2.5.so
b7e27000-b7e28000 rw-p 00027000 00:b6 221283258 /lib/libm-2.5.so
b7e28000-b7e2b000 r-xp 00000000 00:b6 221283239 /lib/libdl-2.5.so
b7e2b000-b7e2c000 r--p 00002000 00:b6 221283239 /lib/libdl-2.5.so
b7e2c000-b7e2d000 rw-p 00003000 00:b6 221283239 /lib/libdl-2.5.so
b7e2d000-b7e42000 r-xp 00000000 00:b6 221283259 /lib/libnsl-2.5.so
b7e42000-b7e43000 r--p 00014000 00:b6 221283259 /lib/libnsl-2.5.so
b7e43000-b7e44000 rw-p 00015000 00:b6 221283259 /lib/libnsl-2.5.so
b7e44000-b7e46000 rw-p b7e44000 00:00 0
b7e46000-b7e56000 r-xp 00000000 00:b6 221283274 /lib/libresolv-2.5.so
b7e56000-b7e57000 r--p 0000f000 00:b6 221283274 /lib/libresolv-2.5.so
b7e57000-b7e58000 rw-p 00010000 00:b6 221283274 /lib/libresolv-2.5.so
b7e58000-b7e5a000 rw-p b7e58000 00:00 0
b7e5e000-b7e62000 r-xp 00000000 00:b6 232815947 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so
b7e62000-b7e63000 rw-p 00003000 00:b6 232815947 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so
b7e63000-b7f8e000 r-xp 00000000 00:b6 232815803 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
b7f8e000-b7f93000 rw-p 0012a000 00:b6 232815803 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
b7f93000-b7f96000 rw-p b7f93000 00:00 0
b7f96000-b7fb1000 r-xp 00000000 00:b6 221283218 /lib/ld-2.5.so
b7fb1000-b7fb2000 r--p 0001a000 00:b6 221283218 /lib/ld-2.5.so
b7fb2000-b7fb3000 rw-p 0001b000 00:b6 221283218 /lib/ld-2.5.so
bf8e3000-bf8f8000 rw-p 7ffffffe9000 00:00 0 [stack]
