[BlueOnyx:12309] Server hacked?
Will Nordmeyer
will at wnahosting.com
Wed Feb 27 08:23:08 -05 2013
I noticed my server having a fair amount of cpu load problems
recently.
I've been monitoring the ssh vulnerability and don't see
anything there, but I did notice that I have multiple processes when I
do a PS looking like this:
root 7499 24331 0 14:13 ? 00:00:00
sendmail: server [201.238.254.243] cmd read
root 7550 24331 0 14:13 ?
00:00:00 sendmail: server [201.238.254.243] cmd read
root 8127 24331 0
14:13 ? 00:00:00 sendmail: server [201.238.254.243] cmd read
root 8523
24331 0 14:13 ? 00:00:00 sendmail: server [201.238.254.243] cmd
read
root 9165 24331 0 14:13 ? 00:00:00 sendmail: server
[201.238.254.243] cmd read
root 10050 24331 0 14:13 ? 00:00:00 sendmail:
server [201.238.254.243] cmd read
root 10562 24331 0 14:13 ? 00:00:00
sendmail: server [201.238.254.243] cmd read
root 10706 24331 0 14:13 ?
00:00:00 sendmail: server [201.238.254.243] cmd read
root 11208 24331 0
14:13 ? 00:00:00 sendmail: server [201.238.254.243] startup
I don't
know who 201.238.254.243 is - and I'm not sure where that server startup
is coming from. Any advice? Quick? help? :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20130227/75b6dd0d/attachment.html>
More information about the Blueonyx
mailing list