پاسخ : درخواست کمک فوری فوری
سلام دوست عزیز من هم همین فکر رو می کردم اما
این ایمیل دیگه ای که برام اومده:
هم چنین دامینم هم بالا نمیادکد:lfd on vps.hazratabbas.net: Suspicious process running under user rpcTime: Mon Apr 15 22:06:38 2013 -0400 PID: 1242 (Parent PID:1242) Account: rpc Uptime: 2526905 seconds Executable: /sbin/rpcbind Command Line (often faked in exploits): rpcbind Network connections by the process (if any): udp: 0.0.0.0:111 -> 0.0.0.0:0 udp: 0.0.0.0:993 -> 0.0.0.0:0 tcp: 0.0.0.0:111 -> 0.0.0.0:0 udp6: 0.0.0.0:111 -> 0.0.0.0:0 udp6: 0.0.0.0:993 -> 0.0.0.0:0 tcp6: 0.0.0.0:111 -> 0.0.0.0:0 Files open by the process (if any): /dev/null /dev/null /dev/null /var/run/rpcbind.lock Memory maps by the process (if any): 7f1665541000-7f166554d000 r-xp 00000000 fd:00 261150 /lib64/libnss_files-2.12.so 7f166554d000-7f166574d000 ---p 0000c000 fd:00 261150 /lib64/libnss_files-2.12.so 7f166574d000-7f166574e000 r--p 0000c000 fd:00 261150 /lib64/libnss_files-2.12.so 7f166574e000-7f166574f000 rw-p 0000d000 fd:00 261150 /lib64/libnss_files-2.12.so 7f166574f000-7f16658d9000 r-xp 00000000 fd:00 261278 /lib64/libc-2.12.so 7f16658d9000-7f1665ad8000 ---p 0018a000 fd:00 261278 /lib64/libc-2.12.so 7f1665ad8000-7f1665adc000 r--p 00189000 fd:00 261278 /lib64/libc-2.12.so 7f1665adc000-7f1665add000 rw-p 0018d000 fd:00 261278 /lib64/libc-2.12.so 7f1665add000-7f1665ae2000 rw-p 00000000 00:00 0 7f1665ae2000-7f1665af9000 r-xp 00000000 fd:00 261279 /lib64/libpthread-2.12.so 7f1665af9000-7f1665cf9000 ---p 00017000 fd:00 261279 /lib64/libpthread-2.12.so 7f1665cf9000-7f1665cfa000 r--p 00017000 fd:00 261279 /lib64/libpthread-2.12.so 7f1665cfa000-7f1665cfb000 rw-p 00018000 fd:00 261279 /lib64/libpthread-2.12.so 7f1665cfb000-7f1665cff000 rw-p 00000000 00:00 0 7f1665cff000-7f1665d01000 r-xp 00000000 fd:00 261283 /lib64/libdl-2.12.so 7f1665d01000-7f1665f01000 ---p 00002000 fd:00 261283 /lib64/libdl-2.12.so 7f1665f01000-7f1665f02000 r--p 00002000 fd:00 261283 /lib64/libdl-2.12.so 7f1665f02000-7f1665f03000 rw-p 00003000 fd:00 261283 /lib64/libdl-2.12.so 7f1665f03000-7f1665f0c000 r-xp 00000000 fd:00 261256 /lib64/libgssglue.so.1.0.0 7f1665f0c000-7f166610b000 ---p 00009000 fd:00 261256 /lib64/libgssglue.so.1.0.0 7f166610b000-7f166610c000 rw-p 00008000 fd:00 261256 /lib64/libgssglue.so.1.0.0 7f166610c000-7f1666122000 r-xp 00000000 fd:00 261286 /lib64/libnsl-2.12.so 7f1666122000-7f1666321000 ---p 00016000 fd:00 261286 /lib64/libnsl-2.12.so 7f1666321000-7f1666322000 r--p 00015000 fd:00 261286 /lib64/libnsl-2.12.so 7f1666322000-7f1666323000 rw-p 00016000 fd:00 261286 /lib64/libnsl-2.12.so 7f1666323000-7f1666325000 rw-p 00000000 00:00 0 7f1666325000-7f166634b000 r-xp 00000000 fd:00 261264 /lib64/libtirpc.so.1.0.10 7f166634b000-7f166654b000 ---p 00026000 fd:00 261264 /lib64/libtirpc.so.1.0.10 7f166654b000-7f166654d000 rw-p 00026000 fd:00 261264 /lib64/libtirpc.so.1.0.10 7f166654d000-7f1666555000 r-xp 00000000 fd:00 261338 /lib64/libwrap.so.0.7.6 7f1666555000-7f1666755000 ---p 00008000 fd:00 261338 /lib64/libwrap.so.0.7.6 7f1666755000-7f1666756000 r--p 00008000 fd:00 261338 /lib64/libwrap.so.0.7.6 7f1666756000-7f1666757000 rw-p 00009000 fd:00 261338 /lib64/libwrap.so.0.7.6 7f1666757000-7f1666758000 rw-p 00000000 00:00 0 7f1666758000-7f1666778000 r-xp 00000000 fd:00 261277 /lib64/ld-2.12.so 7f1666965000-7f166696a000 rw-p 00000000 00:00 0 7f1666976000-7f1666977000 rw-p 00000000 00:00 0 7f1666977000-7f1666978000 r--p 0001f000 fd:00 261277 /lib64/ld-2.12.so 7f1666978000-7f1666979000 rw-p 00020000 fd:00 261277 /lib64/ld-2.12.so 7f1666979000-7f166697a000 rw-p 00000000 00:00 0 7f166697a000-7f1666987000 r-xp 00000000 fd:00 268 /sbin/rpcbind 7f1666b86000-7f1666b87000 rw-p 0000c000 fd:00 268 /sbin/rpcbind 7f1666b87000-7f1666b88000 rw-p 00000000 00:00 0 7f1667722000-7f1667743000 rw-p 00000000 00:00 0 [heap] 7fffebe1a000-7fffebe2f000 rw-p 00000000 00:00 0 [stack] 7fffebf99000-7fffebf9a000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
پاسخ با نقل قول
