1Mizban
January 26th, 2010, 11:46
سلام
یه مدت csf برام ایمل می فرسته که یعضی هاش رو نمیدونم چیه
مثلا
Time: Tue Jan 26 01:29:01 2010 -0500
PID: 4309
Account: nobody
Uptime: 602 seconds
Executable:
/usr/local/apache/bin/httpd (deleted)
The file system shows this process is running an executable file that has been deleted. This typically happens when the original file has been replaced by a new file when the application is updated. To prevent this being reported again, restart the process that runs this excecutable file. See csf.conf and the PT_DELETED text for more information about the security implications of processes running deleted executable files.
Command Line (often faked in exploits):
/usr/local/apache/bin/httpd -k start -DSSL
Network connections by the process (if any):
tcp: 0.0.0.0:80 -> 0.0.0.0:0
tcp: 0.0.0.0:443 -> 0.0.0.0:0
tcp: 74.81.165.134:80 -> 85.236.147.6:58075
Files open by the process (if any):
2 )
The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:
/usr/bin/php: FAILED
/usr/bin/php5: FAILED
/usr/bin/php5-cgi: FAILED
/usr/bin/php5-cli: FAILED
/usr/bin/php-cgi: FAILED
/usr/bin/php-cli: FAILED
/usr/local/bin/php: FAILED
3 )
IP: 218.75.79.18 (CN/China/-)
Failures: 5 (sshd)
Interval: 300 seconds
Blocked: Permanent Block
Log entries:
Jan 26 22:19:08 74-81-165-134 sshd[10953]: Failed password for root from 218.75.79.18 port 32881 ssh2
Jan 26 22:19:09 74-81-165-134 sshd[10955]: Failed password for root from 218.75.79.18 port 60265 ssh2
Jan 26 22:19:13 74-81-165-134 sshd[10966]: Failed password for root from 218.75.79.18 port 33084 ssh2
Jan 26 22:19:14 74-81-165-134 sshd[10970]: Failed password for root from 218.75.79.18 port 60490 ssh2
Jan 26 22:19:18 74-81-165-134 sshd[10984]: Failed password for root from 218.75.79.18 port 60732 ssh2
این رو فکر کنم بدونم ، ولی پورت SSH عوض نمیشه.
فعلا همینا
علتش چیه ؟ برای رفعش باید چی کار کرد ؟
یه مدت csf برام ایمل می فرسته که یعضی هاش رو نمیدونم چیه
مثلا
Time: Tue Jan 26 01:29:01 2010 -0500
PID: 4309
Account: nobody
Uptime: 602 seconds
Executable:
/usr/local/apache/bin/httpd (deleted)
The file system shows this process is running an executable file that has been deleted. This typically happens when the original file has been replaced by a new file when the application is updated. To prevent this being reported again, restart the process that runs this excecutable file. See csf.conf and the PT_DELETED text for more information about the security implications of processes running deleted executable files.
Command Line (often faked in exploits):
/usr/local/apache/bin/httpd -k start -DSSL
Network connections by the process (if any):
tcp: 0.0.0.0:80 -> 0.0.0.0:0
tcp: 0.0.0.0:443 -> 0.0.0.0:0
tcp: 74.81.165.134:80 -> 85.236.147.6:58075
Files open by the process (if any):
2 )
The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:
/usr/bin/php: FAILED
/usr/bin/php5: FAILED
/usr/bin/php5-cgi: FAILED
/usr/bin/php5-cli: FAILED
/usr/bin/php-cgi: FAILED
/usr/bin/php-cli: FAILED
/usr/local/bin/php: FAILED
3 )
IP: 218.75.79.18 (CN/China/-)
Failures: 5 (sshd)
Interval: 300 seconds
Blocked: Permanent Block
Log entries:
Jan 26 22:19:08 74-81-165-134 sshd[10953]: Failed password for root from 218.75.79.18 port 32881 ssh2
Jan 26 22:19:09 74-81-165-134 sshd[10955]: Failed password for root from 218.75.79.18 port 60265 ssh2
Jan 26 22:19:13 74-81-165-134 sshd[10966]: Failed password for root from 218.75.79.18 port 33084 ssh2
Jan 26 22:19:14 74-81-165-134 sshd[10970]: Failed password for root from 218.75.79.18 port 60490 ssh2
Jan 26 22:19:18 74-81-165-134 sshd[10984]: Failed password for root from 218.75.79.18 port 60732 ssh2
این رو فکر کنم بدونم ، ولی پورت SSH عوض نمیشه.
فعلا همینا
علتش چیه ؟ برای رفعش باید چی کار کرد ؟