ایمیل از سرور با موضوع lfd on server.******.net: Suspicious process running under user username
اینا یعنی چی؟
Executable:
/usr/bin/php
Command Line (often faked in exploits):
/usr/bin/php /home/*******/public_html/forum/vbseo.php
Network connections by the process (if any):
tcp: ***.***.***.***:56996 -> 74.125.53.95:80
Files open by the process (if any):
Memory maps by the process (if any):
00110000-0018d000 r-xp 00000000 fd:00 14198266 /usr/lib/libfreetype.so.6.3.10
0018d000-00190000 rwxp 0007d000 fd:00 14198266 /usr/lib/libfreetype.so.6.3.10
00190000-001a7000 r-xp 00000000 fd:00 8716476 /lib/libaudit.so.0.0.0
001a7000-001a9000 rwxp 00016000 fd:00 8716476 /lib/libaudit.so.0.0.0
001ae000-001be000 r-xp 00000000 fd:00 8717455 /lib/libresolv-2.5.so
001be000-001bf000 r-xp 0000f000 fd:00 8717455 /lib/libresolv-2.5.so
001bf000-001c0000 rwxp 00010000 fd:00 8717455 /lib/libresolv-2.5.so
001c0000-001c2000 rwxp 001c0000 00:00 0
001c2000-001ca000 r-xp 00000000 fd:00 14197485 /usr/lib/libkrb5support.so.0.1
001ca000-001cb000 rwxp 00007000 fd:00 14197485 /usr/lib/libkrb5support.so.0.1
001cb000-001cd000 r-xp 00000000 fd:00 8717454 /lib/libkeyutils-1.2.so
001cd000-001ce000 rwxp 00001000 fd:00 8717454 /lib/libkeyutils-1.2.so
001d0000-002fa000 r-xp 00000000 fd:00 8717459 /lib/libcrypto.so.0.9.8e
002fa000-0030d000 rwxp 00129000 fd:00 8717459 /lib/libcrypto.so.0.9.8e
0030d000-00311000 rwxp 0030d000 00:00 0
00313000-00315000 r-xp 00000000 fd:00 8717458 /lib/libcom_err.so.2.1
00315000-00316000 rwxp 00001000 fd:00 8717458 /lib/libcom_err.so.2.1
00316000-00346000 r-xp 00000000 fd:00 14200870 /usr/lib/libidn.so.11.5.19
00346000-00347000 rwxp 0002f000 fd:00 14200870 /usr/lib/libidn.so.11.5.19
00347000-00351000 r-xp 00000000 fd:00 8716327 /lib/libnss_files-2.5.so
00351000-00352000 r-xp 00009000 fd:00 8716327 /lib/libnss_files-2.5.so
00352000-00353000 rwxp 0000a000 fd:00 8716327 /lib/libnss_files-2.5.so
00354000-0036f000 r-xp 00000000 fd:00 8717437 /lib/ld-2.5.so
0036f000-00370000 r-xp 0001a000 fd:00 8717437 /lib/ld-2.5.so
00370000-00371000 rwxp 0001b000 fd:00 8717437 /lib/ld-2.5.so
00373000-00375000 r-xp 00000000 fd:00 14197331 /usr/lib/libXau.so.6.0.0
00375000-00376000 rwxp 00001000 fd:00 14197331 /usr/lib/libXau.so.6.0.0
00376000-003b1000 r-xp 00000000 fd:00 8717456 /lib/libsepol.so.1
003b1000-003b2000 rwxp 0003b000 fd:00 8717456 /lib/libsepol.so.1
003b2000-003bc000 rwxp 003b2000 00:00 0
003bc000-003db000 r-xp 00000000 fd:00 15109053 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/suhosin.so
003db000-003df000 rwxp 0001f000 fd:00 15109053 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/suhosin.so
003df000-003e2000 rwxp 003df000 00:00 0
003e2000-003f6000 r-xp 00000000 fd:00 15107702 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo.so
003f6000-003f8000 rwxp 00014000 fd:00 15107702 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo.so
003f8000-00409000 r-xp 00000000 fd:00 15109010 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ixed.5.2.lin
00409000-0040a000 rwxp 00011000 fd:00 15109010 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ixed.5.2.lin
0040a000-0040e000 r-xp 00000000 fd:00 8716325 /lib/libnss_dns-2.5.so
0040e000-0040f000 r-xp 00003000 fd:00 8716325 /lib/libnss_dns-2.5.so
0040f000-00410000 rwxp 00004000 fd:00 8716325 /lib/libnss_dns-2.5.so
00445000-00446000 r-xp 00445000 00:00 0 [vdso]
00446000-004aa000 r-xp 00000000 fd:00 15109059 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_sqlite.so
004aa000-004ab000 rwxp 00063000 fd:00 15109059 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_sqlite.so
004d3000-004fa000 r-xp 00000000 fd:00 8717445 /lib/libm-2.5.so
004fa000-004fb000 r-xp 00026000 fd:00 8717445 /lib/libm-2.5.so
004fb000-004fc000 rwxp 00027000 fd:00 8717445 /lib/libm-2.5.so
004fe000-00501000 r-xp 00000000 fd:00 8717439 /lib/libdl-2.5.so
00501000-00502000 r-xp 00002000 fd:00 8717439 /lib/libdl-2.5.so
00502000-00503000 rwxp 00003000 fd:00 8717439 /lib/libdl-2.5.so
00505000-0051a000 r-xp 00000000 fd:00 8717440 /lib/libpthread-2.5.so
0051a000-0051b000 r-xp 00015000 fd:00 8717440 /lib/libpthread-2.5.so
0051b000-0051c000 rwxp 00016000 fd:00 8717440 /lib/libpthread-2.5.so
0051c000-0051e000 rwxp 0051c000 00:00 0
00520000-00532000 r-xp 00000000 fd:00 8717446 /lib/libz.so.1.2.3
00532000-00533000 rwxp 00011000 fd:00 8717446 /lib/libz.so.1.2.3
00535000-0053c000 r-xp 00000000 fd:00 8717441 /lib/librt-2.5.so
0053c000-0053d000 r-xp 00007000 fd:00 8717441 /lib/librt-2.5.so
0053d000-0053e000 rwxp 00008000 fd:00 8717441 /lib/librt-2.5.so
00540000-00715000 r-xp 00000000 fd:00 14197713 /usr/lib/libmysqlclient.so.16.0.0
00715000-0075e000 rwxp 001d4000 fd:00 14197713 /usr/lib/libmysqlclient.so.16.0.0
0075e000-0075f000 rwxp 0075e000 00:00 0
0075f000-007b4000 r-xp 00000000 fd:00 15109060 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/sqlite.so
007b4000-007b6000 rwxp 00055000 fd:00 15109060 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/sqlite.so
0081b000-00840000 r-xp 00000000 fd:00 14198271 /usr/lib/libpng12.so.0.10.0
00840000-00841000 rwxp 00024000 fd:00 14198271 /usr/lib/libpng12.so.0.10.0
00843000-00848000 r-xp 00000000 fd:00 14197513 /usr/lib/libXdmcp.so.6.0.0
00848000-00849000 rwxp 00004000 fd:00 14197513 /usr/lib/libXdmcp.so.6.0.0
0088f000-0089f000 r-xp 00000000 fd:00 14197590 /usr/lib/libXpm.so.4.11.0
0089f000-008a0000 rwxp 00010000 fd:00 14197590 /usr/lib/libXpm.so.4.11.0
008a2000-009a1000 r-xp 00000000 fd:00 14197514 /usr/lib/libX11.so.6.2.0
009a1000-009a5000 rwxp 000ff000 fd:00 14197514 /usr/lib/libX11.so.6.2.0
009a7000-009c8000 r-xp 00000000 fd:00 14197611 /usr/lib/libjpeg.so.62.0.0
009c8000-009c9000 rwxp 00020000 fd:00 14197611 /usr/lib/libjpeg.so.62.0.0
009c9000-00a83000 r-xp 00000000 fd:00 14648157 /usr/local/IonCube/ioncube_loader_lin_5.2.so
00a83000-00a88000 rwxp 000b9000 fd:00 14648157 /usr/local/IonCube/ioncube_loader_lin_5.2.so
00a88000-00a89000 rwxp 00a88000 00:00 0
00a8b000-00a91000 r-xp 00000000 fd:00 15109058 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_mysql.so
00a91000-00a92000 rwxp 00005000 fd:00 15109058 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_mysql.so
00a95000-00ae1000 r-xp 00000000 fd:00 10911881 /opt/curlssl/lib/libcurl.so.4.2.0
00ae1000-00ae3000 rwxp 0004b000 fd:00 10911881 /opt/curlssl/lib/libcurl.so.4.2.0
00b7f000-00b83000 r-xp 00000000 fd:00 8716291 /lib/libsafe.so.2.0.16
00b83000-00b84000 rwxp 00003000 fd:00 8716291 /lib/libsafe.so.2.0.16
00b84000-00c9d000 r-xp 00000000 fd:00 10912094 /opt/xml2/lib/libxml2.so.2.7.8
00c9d000-00ca2000 rwxp 00119000 fd:00 10912094 /opt/xml2/lib/libxml2.so.2.7.8
00ca2000-00ca3000 rwxp 00ca2000 00:00 0
00dc2000-00dd8000 r-xp 00000000 fd:00 8717457 /lib/libselinux.so.1
00dd8000-00dda000 rwxp 00015000 fd:00 8717457 /lib/libselinux.so.1
00ddc000-00df1000 r-xp 00000000 fd:00 8717453 /lib/libnsl-2.5.so
00df1000-00df2000 r-xp 00014000 fd:00 8717453 /lib/libnsl-2.5.so
00df2000-00df3000 rwxp 00015000 fd:00 8717453 /lib/libnsl-2.5.so
00df3000-00df5000 rwxp 00df3000 00:00 0
00df5000-00f48000 r-xp 00000000 fd:00 8717438 /lib/libc-2.5.so
00f48000-00f4a000 r-xp 00153000 fd:00 8717438 /lib/libc-2.5.so
00f4a000-00f4b000 rwxp 00155000 fd:00 8717438 /lib/libc-2.5.so
00f4b000-00f4e000 rwxp 00f4b000 00:00 0
00f5f000-00f9a000 r-xp 00000000 fd:00 10911748 /opt/pcre/lib/libpcre.so.0.0.1
00f9a000-00f9b000 rwxp 0003a000 fd:00 10911748 /opt/pcre/lib/libpcre.so.0.0.1
00f9b000-010e6000 r-xp 00000000 fd:00 14648154 /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so
010e6000-010f7000 rwxp 0014b000 fd:00 14648154 /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so
010f7000-010fc000 rwxp 010f7000 00:00 0
04537000-0455d000 r-xp 00000000 fd:00 14200338 /usr/lib/libk5crypto.so.3.1
0455d000-0455e000 rwxp 00025000 fd:00 14200338 /usr/lib/libk5crypto.so.3.1
04560000-045f4000 r-xp 00000000 fd:00 14200339 /usr/lib/libkrb5.so.3.3
045f4000-045f7000 rwxp 00093000 fd:00 14200339 /usr/lib/libkrb5.so.3.3
045f9000-04626000 r-xp 00000000 fd:00 14200340 /usr/lib/libgssapi_krb5.so.2.2
04626000-04627000 rwxp 0002d000 fd:00 14200340 /usr/lib/libgssapi_krb5.so.2.2
04649000-0468d000 r-xp 00000000 fd:00 8717460 /lib/libssl.so.0.9.8e
0468d000-04691000 rwxp 00043000 fd:00 8717460 /lib/libssl.so.0.9.8e
046ed000-046f7000 r-xp 00000000 fd:00 8717466 /lib/libpam.so.0.81.5
046f7000-046f8000 rwxp 0000a000 fd:00 8717466 /lib/libpam.so.0.81.5
047ce000-047d9000 r-xp 00000000 fd:00 8717448 /lib/libgcc_s-4.1.2-20080825.so.1
047d9000-047da000 rwxp 0000a000 fd:00 8717448 /lib/libgcc_s-4.1.2-20080825.so.1
04846000-0484f000 r-xp 00000000 fd:00 8717450 /lib/libcrypt-2.5.so
0484f000-04850000 r-xp 00008000 fd:00 8717450 /lib/libcrypt-2.5.so
04850000-04851000 rwxp 00009000 fd:00 8717450 /lib/libcrypt-2.5.so
04851000-04878000 rwxp 04851000 00:00 0
049b1000-04a91000 r-xp 00000000 fd:00 14199741 /usr/lib/libstdc++.so.6.0.8
04a91000-04a95000 r-xp 000df000 fd:00 14199741 /usr/lib/libstdc++.so.6.0.8
04a95000-04a96000 rwxp 000e3000 fd:00 14199741 /usr/lib/libstdc++.so.6.0.8
04a96000-04a9c000 rwxp 04a96000 00:00 0
08048000-08487000 r-xp 00000000 fd:00 14197332 /usr/bin/php
08487000-084b1000 rw-p 0043f000 fd:00 14197332 /usr/bin/php
084b1000-084bb000 rw-p 084b1000 00:00 0
08658000-096a7000 rw-p 08658000 00:00 0 [heap]
b7ac3000-b7be9000 rw-p b7ac3000 00:00 0
b7be9000-b7d2a000 rw-p b7d2a000 00:00 0
b7dab000-b7eec000 rw-p b7eec000 00:00 0
b7eec000-b7f76000 rw-p b7eec000 00:00 0
b7f82000-b7f83000 rw-p b7f82000 00:00 0
bfd58000-bfd73000 rwxp bffe2000 00:00 0 [stack]
bfd73000-bfd74000 rw-p bfffe000 00:00 0
پاسخ با نقل قول