ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://forum.configserver.com/

Suspicious process running under user

https://forum.configserver.com/viewtopic.php?t=9404

Page 1 of 1

Suspicious process running under user

Posted: 31 Mar 2016, 15:22
by leonep
what can i do ? i have changed all account passwords but somwthing continue to create this process.
This is a joomla website (updated) . I need exploit scanner?


Time: Thu Mar 31 16:03:56 2016 +0200
PID: 11550 (Parent PID:9249)
Account: archeage
Uptime: 97 seconds


Executable:

/opt/cpanel/ea-php55/root/usr/bin/php-cgi


Command Line (often faked in exploits):

/opt/cpanel/ea-php55/root/usr/bin/php-cgi /home/archeage/public_html/DePTBdwoNkmI/se0qPW54B.php


Network connections by the process (if any):

tcp: 188.165.218.157:60788 -> 195.128.125.248:80


Files open by the process (if any):



Memory maps by the process (if any):

00400000-00746000 r-xp 00000000 09:02 1144572 /opt/cpanel/ea-php55/root/usr/bin/php-cgi
00945000-009d0000 rw-p 00345000 09:02 1144572 /opt/cpanel/ea-php55/root/usr/bin/php-cgi

Re: Suspicious process running under user

Posted: 06 Apr 2016, 11:11
by leonep
i am always running this problem , someone can help me investigating? i don't know what do
i have joomla website updated , all plugin updated , i have changed all password from cpanel and from joomla users..thanks

Re: Suspicious process running under user

Posted: 22 Mar 2017, 15:08
by bizzgang
I have the same, here is the code from the configserver, any idea ????

EXE:/opt/cpanel/ea-php56/root/usr/bin/php-cgi CMD:/opt/cpanel/ea-php56/root/usr/bin/php-cgi
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited