| Master-Anime |
12-07-2010 07:42 PM |
حل مشكلة lfd on xxxxxx: Suspicious process running under user nobody
السلام عليكم ورحمة الله وبركاته
انا عندي سيرفر vps
وعندما وعليه موقع واحد
وعندما ادخل على ftp بحساب الخاص للموقع
ارفع عده ملفات مثلا اعادة الرفع لملفات موجوده سابقا بعد فتره من الرفع يتوقف السيرفر عن العمل
وهذه الرسالة التي ظهرت بالايميل
العنوان:
lfd on xxxxxx: Suspicious process running under user nobody
كود PHP:
Time: Thu Jul 8 22:57:11 2010 -0400
PID: 24141
Account: nobody
Uptime: 165 seconds
Executable:
(deleted) /usr/local/apache/bin/httpd
The file system shows this process is running an executable file that has been deleted. This typically happens when the original file has been replaced by a new file when the application is updated. To prevent this being reported again, restart the process that runs this excecutable file. See csf.conf and the PT_DELETED text for more information about the security implications of processes running deleted executable files.
Command Line (often faked in exploits):
/usr/local/apache/bin/httpd -k start -DSSL
Network connections by the process (if any):
tcp: 0.0.0.0:80 -> 0.0.0.0:0
tcp: 0.0.0.0:443 -> 0.0.0.0:0
Files open by the process (if any):
/dev/null
/dev/null
/usr/local/apache/logs/error_log
/usr/local/apache/logs/modsec_audit.log
/usr/local/apache/logs/modsec_debug_log
/usr/local/apache/logs/access_log
/usr/local/apache/domlogs/upload.master-anime.net
/usr/local/apache/domlogs/upload.master-anime.net-bytes_log
/usr/local/apache/domlogs/files.master-anime.net
/usr/local/apache/domlogs/files.master-anime.net-bytes_log
/usr/local/apache/domlogs/fcit-sa.master-anime.net
/usr/local/apache/domlogs/fcit-sa.master-anime.net-bytes_log
/usr/local/apache/domlogs/master-anime.net
/usr/local/apache/domlogs/master-anime.net-bytes_log
(deleted) /usr/local/apache/logs/ssl_mutex
/dev/urandom
eventpoll:[2836586845]
Memory maps by the process (if any):
08048000-08132000 r-xp 00000000 00:4b 8229042 (deleted) /usr/local/apache/bin/httpd
08132000-08136000 rwxp 000ea000 00:4b 8229042 (deleted) /usr/local/apache/bin/httpd
08136000-0813b000 rwxp 08136000 00:00 0
08656000-093a2000 rwxp 08656000 00:00 0 [heap]
b6b84000-b6b98000 rwxs 00000000 00:4f 2622160492
b6b98000-b6ba2000 r-xp 00000000 00:4b 8330659 /lib/libnss_files-2.5.so
b6ba2000-b6ba3000 r-xp 00009000 00:4b 8330659 /lib/libnss_files-2.5.so
b6ba3000-b6ba4000 rwxp 0000a000 00:4b 8330659 /lib/libnss_files-2.5.so
b6ba4000-b6bf0000 r-xp 00000000 00:4b 8227978 (deleted) /usr/local/apache/modules/mod_security2.so
b6bf0000-b6bf2000 rwxp 0004c000 00:4b 8227978 (deleted) /usr/local/apache/modules/mod_security2.so
b6bf2000-b6c15000 r-xp 00000000 00:4b 8421495 /opt/lua/lib/liblua-5.1.3.so
b6c15000-b6c16000 rwxp 00022000 00:4b 8421495 /opt/lua/lib/liblua-5.1.3.so
b6c16000-b6c2e000 r-xp 00000000 00:4b 7742834 /usr/lib/libsasl2.so.2.0.22
b6c2e000-b6c2f000 rwxp 00017000 00:4b 7742834 /usr/lib/libsasl2.so.2.0.22
b6c2f000-b6c3c000 r-xp 00000000 00:4b 7738640 /usr/lib/liblber-2.3.so.0.2.31
b6c3c000-b6c3d000 rwxp 0000c000 00:4b 7738640 /usr/lib/liblber-2.3.so.0.2.31
b6c3d000-b6c42000 r-xp 00000000 00:4b 7738452 /usr/lib/libXdmcp.so.6.0.0
b6c42000-b6c43000 rwxp 00004000 00:4b 7738452 /usr/lib/libXdmcp.so.6.0.0
b6c43000-b6c45000 r-xp 00000000 00:4b 7742767 /usr/lib/libXau.so.6.0.0
b6c45000-b6c46000 rwxp 00001000 00:4b 7742767 /usr/lib/libXau.so.6.0.0
b6c46000-b6c5d000 r-xp 00000000 00:4b 8330503 /lib/libaudit.so.0.0.0
b6c5d000-b6c5f000 rwxp 00016000 00:4b 8330503 /lib/libaudit.so.0.0.0
b6c5f000-b6c6a000 r-xp 00000000 00:4b 8330506 /lib/libgcc_s-4.1.2-20080825.so.1
b6c6a000-b6c6b000 rwxp 0000a000 00:4b 8330506 /lib/libgcc_s-4.1.2-20080825.so.1
b6c6b000-b6dd0000 r-xp 00000000 00:4b 8421387 /opt/xml2/lib/libxml2.so.2.7.6
b6dd0000-b6dd5000 rwxp 00165000 00:4b 8421387 /opt/xml2/lib/libxml2.so.2.7.6
b6dd5000-b6dd6000 rwxp b6dd5000 00:00 0
b6dd6000-b6f02000 r-xp 00000000 00:4b 7733269 (deleted) /usr/lib/libmysqlclient.so.15.0.0
b6f02000-b6f31000 rwxp 0012c000 00:4b 7733269 (deleted) /usr/lib/libmysqlclient.so.15.0.0
b6f31000-b6f32000 rwxp b6f31000 00:00 0
b6f32000-b6f6b000 r-xp 00000000 00:4b 7733259 /usr/lib/libldap-2.3.so.0.2.31
b6f6b000-b6f6c000 rwxp 00039000 00:4b 7733259 /usr/lib/libldap-2.3.so.0.2.31
b6f6c000-b6f9c000 r-xp 00000000 00:4b 7738259 /usr/lib/libidn.so.11.5.19
b6f9c000-b6f9d000 rwxp 0002f000 00:4b 7738259 /usr/lib/libidn.so.11.5.19
b6f9d000-b6fe3000 r-xp 00000000 00:4b 8421474 (deleted) /opt/curlssl/lib/libcurl.so.4.2.0
b6fe3000-b6fe5000 rwxp 00045000 00:4b 8421474 (deleted) /opt/curlssl/lib/libcurl.so.4.2.0
b6fe5000-b6ffa000 r-xp 00000000 00:4b 8330655 /lib/libnsl-2.5.so
b6ffa000-b6ffb000 r-xp 00014000 00:4b 8330655 /lib/libnsl-2.5.so
b6ffb000-b6ffc000 rwxp 00015000 00:4b 8330655 /lib/libnsl-2.5.so
b6ffc000-b6ffe000 rwxp b6ffc000 00:00 0
b6ffe000-b701f000 r-xp 00000000 00:4b 7735002 /usr/lib/libjpeg.so.62.0.0
b701f000-b7020000 rwxp 00020000 00:4b 7735002 /usr/lib/libjpeg.so.62.0.0
b7020000-b7045000 r-xp 00000000 00:4b 7738077 /usr/lib/libpng12.so.0.10.0
b7045000-b7046000 rwxp 00024000 00:4b 7738077 /usr/lib/libpng12.so.0.10.0
b7046000-b7056000 r-xp 00000000 00:4b 7742729 /usr/lib/libXpm.so.4.11.0
b7056000-b7057000 rwxp 00010000 00:4b 7742729 /usr/lib/libXpm.so.4.11.0
b7057000-b7156000 r-xp 00000000 00:4b 7735169 /usr/lib/libX11.so.6.2.0
b7156000-b715a000 rwxp 000ff000 00:4b 7735169 /usr/lib/libX11.so.6.2.0
b715a000-b71d7000 r-xp 00000000 00:4b 7735222 /usr/lib/libfreetype.so.6.3.10
b71d7000-b71da000 rwxp 0007d000 00:4b 7735222 /usr/lib/libfreetype.so.6.3.10
b71da000-b71e4000 r-xp 00000000 00:4b 8330673 /lib/libpam.so.0.81.5
b71e4000-b71e5000 rwxp 0000a000 00:4b 8330673 /lib/libpam.so.0.81.5
b71ee000-b7215000 r-xp 00000000 00:4b 8421613 /opt/libmcrypt/lib/libmcrypt.so.4.4.8
b7215000-b7218000 rwxp 00027000 00:4b 8421613 /opt/libmcrypt/lib/libmcrypt.so.4.4.8
b7218000-b721d000 rwxp b7218000 00:00 0
b721d000-b7262000 r-xp 00000000 00:4b 8421519 /opt/mhash/lib/libmhash.so.2.0.1
b7262000-b7263000 rwxp 00044000 00:4b 8421519 /opt/mhash/lib/libmhash.so.2.0.1
b7263000-b7341000 r-xp 00000000 00:4b 7742819 /usr/lib/libstdc++.so.6.0.8
b7341000-b7344000 r-xp 000dd000 00:4b 7742819 /usr/lib/libstdc++.so.6.0.8
b7344000-b7346000 rwxp 000e0000 00:4b 7742819 /usr/lib/libstdc++.so.6.0.8
b7346000-b734c000 rwxp b7346000 00:00 0
b734c000-b7a13000 r-xp 00000000 00:4b 8227981 (deleted) /usr/local/apache/modules/libphp5.so
b7a13000-b7a3e000 rwxp 006c7000 00:4b 8227981 (deleted) /usr/local/apache/modules/libphp5.so
b7a3e000-b7a4a000 rwxp b7a3e000 00:00 0
b7a4a000-b7a85000 r-xp 00000000 00:4b 8330473 /lib/libsepol.so.1
b7a85000-b7a86000 rwxp 0003b000 00:4b 8330473 /lib/libsepol.so.1
b7a86000-b7a90000 rwxp b7a86000 00:00 0
b7a90000-b7aa6000 r-xp 00000000 00:4b 8330438 /lib/libselinux.so.1
b7aa6000-b7aa8000 rwxp 00015000 00:4b 8330438 /lib/libselinux.so.1
b7aa8000-b7aaa000 r-xp 00000000 00:4b 8330437 /lib/libkeyutils-1.2.so
b7aaa000-b7aab000 rwxp 00001000 00:4b 8330437 /lib/libkeyutils-1.2.so
b7aab000-b7ab3000 r-xp 00000000 00:4b 7734874 /usr/lib/libkrb5support.so.0.1
b7ab3000-b7ab4000 rwxp 00007000 00:4b 7734874 /usr/lib/libkrb5support.so.0.1
b7ab4000-b7ab5000 rwxp b7ab4000 00:00 0
b7ab5000-b7ac5000 r-xp 00000000 00:4b 8330656 /lib/libresolv-2.5.so
b7ac5000-b7ac6000 r-xp 0000f000 00:4b 8330656 /lib/libresolv-2.5.so
b7ac6000-b7ac7000 rwxp 00010000 00:4b 8330656 /lib/libresolv-2.5.so
b7ac7000-b7ac9000 rwxp b7ac7000 00:00 0
b7ac9000-b7aee000 r-xp 00000000 00:4b 7734985 /usr/lib/libk5crypto.so.3.1
b7aee000-b7aef000 rwxp 00025000 00:4b 7734985 /usr/lib/libk5crypto.so.3.1
b7aef000-b7af1000 r-xp 00000000 00:4b 8330654 /lib/libcom_err.so.2.1
b7af1000-b7af2000 rwxp 00001000 00:4b 8330654 /lib/libcom_err.so.2.1
b7af2000-b7b85000 r-xp 00000000 00:4b 7734933 /usr/lib/libkrb5.so.3.3
b7b85000-b7b88000 rwxp 00092000 00:4b 7734933 /usr/lib/libkrb5.so.3.3
b7b88000-b7bb4000 r-xp 00000000 00:4b 7735005 /usr/lib/libgssapi_krb5.so.2.2
b7bb4000-b7bb5000 rwxp 0002c000 00:4b 7735005 /usr/lib/libgssapi_krb5.so.2.2
b7bb5000-b7d07000 r-xp 00000000 00:4b 8330714 /lib/libc-2.5.so
b7d07000-b7d09000 r-xp 00152000 00:4b 8330714 /lib/libc-2.5.so
b7d09000-b7d0a000 rwxp 00154000 00:4b 8330714 /lib/libc-2.5.so
b7d0a000-b7d0e000 rwxp b7d0a000 00:00 0
b7d0e000-b7d11000 r-xp 00000000 00:4b 8330683 /lib/libdl-2.5.so
b7d11000-b7d12000 r-xp 00002000 00:4b 8330683 /lib/libdl-2.5.so
b7d12000-b7d13000 rwxp 00003000 00:4b 8330683 /lib/libdl-2.5.so
b7d13000-b7d28000 r-xp 00000000 00:4b 8330704 /lib/libpthread-2.5.so
b7d28000-b7d29000 r-xp 00015000 00:4b 8330704 /lib/libpthread-2.5.so
b7d29000-b7d2a000 rwxp 00016000 00:4b 8330704 /lib/libpthread-2.5.so
b7d2a000-b7d2c000 rwxp b7d2a000 00:00 0
b7d2c000-b7d35000 r-xp 00000000 00:4b 8330568 /lib/libcrypt-2.5.so
b7d35000-b7d36000 r-xp 00008000 00:4b 8330568 /lib/libcrypt-2.5.so
b7d36000-b7d37000 rwxp 00009000 00:4b 8330568 /lib/libcrypt-2.5.so
b7d37000-b7d5e000 rwxp b7d37000 00:00 0
b7d5e000-b7d65000 r-xp 00000000 00:4b 8330470 /lib/librt-2.5.so
b7d65000-b7d66000 r-xp 00007000 00:4b 8330470 /lib/librt-2.5.so
b7d66000-b7d67000 rwxp 00008000 00:4b 8330470 /lib/librt-2.5.so
b7d67000-b7d6a000 r-xp 00000000 00:4b 8330472 /lib/libuuid.so.1.2
b7d6a000-b7d6b000 rwxp 00003000 00:4b 8330472 /lib/libuuid.so.1.2
b7d6b000-b7d96000 r-xp 00000000 00:4b 8228053 (deleted) /usr/local/apache/lib/libapr-1.so.0.4.2
b7d96000-b7d97000 rwxp 0002b000 00:4b 8228053 (deleted) /usr/local/apache/lib/libapr-1.so.0.4.2
b7d97000-b7d98000 rwxp b7d97000 00:00 0
b7d98000-b7db7000 r-xp 00000000 00:4b 8330725 /lib/libexpat.so.0.5.0
b7db7000-b7db9000 rwxp 0001e000 00:4b 8330725 /lib/libexpat.so.0.5.0
b7db9000-b7dda000 r-xp 00000000 00:4b 8228068 (deleted) /usr/local/apache/lib/libaprutil-1.so.0.3.9
b7dda000-b7ddb000 rwxp 00021000 00:4b 8228068 (deleted) /usr/local/apache/lib/libaprutil-1.so.0.3.9
b7ddb000-b7e02000 r-xp 00000000 00:4b 8330566 /lib/libm-2.5.so
b7e02000-b7e03000 r-xp 00026000 00:4b 8330566 /lib/libm-2.5.so
b7e03000-b7e04000 rwxp 00027000 00:4b 8330566 /lib/libm-2.5.so
b7e04000-b7e16000 r-xp 00000000 00:4b 7735058 /usr/lib/libz.so.1.2.3
b7e16000-b7e17000 rwxp 00011000 00:4b 7735058 /usr/lib/libz.so.1.2.3
b7e17000-b7f41000 r-xp 00000000 00:4b 8330640 /lib/libcrypto.so.0.9.8e
b7f41000-b7f54000 rwxp 00129000 00:4b 8330640 /lib/libcrypto.so.0.9.8e
b7f54000-b7f58000 rwxp b7f54000 00:00 0
b7f58000-b7f9c000 r-xp 00000000 00:4b 8330717 /lib/libssl.so.0.9.8e
b7f9c000-b7fa0000 rwxp 00043000 00:4b 8330717 /lib/libssl.so.0.9.8e
b7fa0000-b7fa1000 rwxp b7fa0000 00:00 0
b7fa1000-b7fa7000 r-xp 00000000 00:4b 7738480 /usr/lib/libltdl.so.3.1.4
b7fa7000-b7fa8000 rwxp 00005000 00:4b 7738480 /usr/lib/libltdl.so.3.1.4
b7fa8000-b7fa9000 r-xp 00000000 00:4b 8227983 (deleted) /usr/local/apache/modules/mod_bwlimited.so
b7fa9000-b7faa000 rwxp 00000000 00:4b 8227983 (deleted) /usr/local/apache/modules/mod_bwlimited.so
b7faa000-b7fc5000 r-xp 00000000 00:4b 8330424 /lib/ld-2.5.so
b7fc5000-b7fc6000 r-xp 0001a000 00:4b 8330424 /lib/ld-2.5.so
b7fc6000-b7fc7000 rwxp 0001b000 00:4b 8330424 /lib/ld-2.5.so
bfa3c000-bfa51000 rwxp 7ffffffea000 00:00 0 [stack]
|
