/usr/local/bin/perl
Command Line (often faked in exploits):
/usr/bin/perl /usr/local/cpanel/3rdparty/bin/awstats.pl -config=*** -LogFile=/usr/local/apache/domlogs/***.ir.bkup -update
Network connections by the process (if any):
udp: 178.63.103.45:36149 -> 213.133.99.99:53
Files open by the process (if any):
/usr/local/lib/perl5/site_perl/5.8.8/Geo/IPfree.pm
/var/cpanel/locale/en.gdbm
/usr/local/lib/perl5/site_perl/5.8.8/Geo/ipscountry.dat
/home/****i/tmp/awstats
/usr/local/apache/domlogs/****.ir.bkup
Memory maps by the process (if any):
08048000-0804a000 r-xp 00000000 fe:02 34923547 /usr/local/bin/perl
0804a000-0804b000 rwxp 00001000 fe:02 34923547 /usr/local/bin/perl
09ec2000-0a5fe000 rwxp 00000000 00:00 0 [heap]
b749b000-b74ab000 r-xp 00000000 fe:02 34881768 /lib/libresolv-2.5.so
b74ab000-b74ac000 r-xp 0000f000 fe:02 34881768 /lib/libresolv-2.5.so
b74ac000-b74ad000 rwxp 00010000 fe:02 34881768 /lib/libresolv-2.5.so
b74ad000-b74af000 rwxp 00000000 00:00 0
b74af000-b74b3000 r-xp 00000000 fe:02 34881853 /lib/libnss_dns-2.5.so
b74b3000-b74b4000 r-xp 00003000 fe:02 34881853 /lib/libnss_dns-2.5.so
b74b4000-b74b5000 rwxp 00004000 fe:02 34881853 /lib/libnss_dns-2.5.so
b74b5000-b74bf000 r-xp 00000000 fe:02 34881767 /lib/libnss_files-2.5.so
b74bf000-b74c0000 r-xp 00009000 fe:02 34881767 /lib/libnss_files-2.5.so
b74c0000-b74c1000 rwxp 0000a000 fe:02 34881767 /lib/libnss_files-2.5.so
b74c9000-b74cf000 r-xp 00000000 fe:02 35161117 /usr/local/lib/perl5/5.8.8/i686-linux/auto/Encode/Encode.so
b74cf000-b74d0000 rwxp 00005000 fe:02 35161117 /usr/local/lib/perl5/5.8.8/i686-linux/auto/Encode/Encode.so
b74d0000-b74d1000 rwxp 00000000 00:00 0
b74d1000-b7623000 r-xp 00000000 fe:02 34881783 /lib/libc-2.5.so
b7623000-b7625000 r-xp 00152000 fe:02 34881783 /lib/libc-2.5.so
b7625000-b7626000 rwxp 00154000 fe:02 34881783 /lib/libc-2.5.so
b7626000-b762a000 rwxp 00000000 00:00 0
b762a000-b762c000 r-xp 00000000 fe:02 34881858 /lib/libutil-2.5.so
b762c000-b762d000 r-xp 00001000 fe:02 34881858 /lib/libutil-2.5.so
b762d000-b762e000 rwxp 00002000 fe:02 34881858 /lib/libutil-2.5.so
b762e000-b7637000 r-xp 00000000 fe:02 34881848 /lib/libcrypt-2.5.so
b7637000-b7638000 r-xp 00008000 fe:02 34881848 /lib/libcrypt-2.5.so
b7638000-b7639000 rwxp 00009000 fe:02 34881848 /lib/libcrypt-2.5.so
b7639000-b7660000 rwxp 00000000 00:00 0
b7660000-b7687000 r-xp 00000000 fe:02 34881782 /lib/libm-2.5.so
b7687000-b7688000 r-xp 00026000 fe:02 34881782 /lib/libm-2.5.so
b7688000-b7689000 rwxp 00027000 fe:02 34881782 /lib/libm-2.5.so
b7689000-b768c000 r-xp 00000000 fe:02 34881875 /lib/libdl-2.5.so
b768c000-b768d000 r-xp 00002000 fe:02 34881875 /lib/libdl-2.5.so
b768d000-b768e000 rwxp 00003000 fe:02 34881875 /lib/libdl-2.5.so
b768e000-b76a3000 r-xp 00000000 fe:02 34881841 /lib/libnsl-2.5.so
b76a3000-b76a4000 r-xp 00014000 fe:02 34881841 /lib/libnsl-2.5.so
b76a4000-b76a5000 rwxp 00015000 fe:02 34881841 /lib/libnsl-2.5.so
b76a5000-b76a7000 rwxp 00000000 00:00 0
b76aa000-b76ae000 r-xp 00000000 fe:02 35161225 /usr/local/lib/perl5/5.8.8/i686-linux/auto/Socket/Socket.so
b76ae000-b76af000 rwxp 00003000 fe:02 35161225 /usr/local/lib/perl5/5.8.8/i686-linux/auto/Socket/Socket.so
b76af000-b7780000 r-xp 00000000 fe:02 35161582 /usr/local/lib/perl5/5.8.8/i686-linux/CORE/libperl.so
b7780000-b7785000 rwxp 000d0000 fe:02 35161582 /usr/local/lib/perl5/5.8.8/i686-linux/CORE/libperl.so
b7785000-b7789000 rwxp 00000000 00:00 0
b7789000-b77a4000 r-xp 00000000 fe:02 34881828 /lib/ld-2.5.so
b77a4000-b77a5000 r-xp 0001a000 fe:02 34881828 /lib/ld-2.5.so
b77a5000-b77a6000 rwxp 0001b000 fe:02 34881828 /lib/ld-2.5.so
bfc57000-bfc85000 rw-p 00000000 00:00 0 [stack]
پاسخ : راهنمايي در مورد Suspicious File Alert
پاسخ با نقل قول