Welcome! Log In Create A New Profile

Advanced

several alert messages

Posted by nuno 
several alert messages
July 29, 2014 02:47AM
Hi,
This is my first ticket. Hope posting at the right place.
After purchasing an optimization service plan from a company to my VPS I start receiving several alert messages.
Can you please have a look and tell me what's wrong with my service?
Thanks in advance.
Francisco
-----

lfd on vps57452.ovh.net: Suspicious File Alert

Time: Tue Jul 29 00:05:03 2014 +0200
File: /tmp/magento/var/cache/megamenupro/1/83/navigation_1_83_0.php
Reason: Script, file extension
Owner: nobody:nobody (99:99)
Action: No action taken

-----

lfd on vps57452.ovh.net: Suspicious process running under user nobody

Time: Tue Jul 29 01:00:03 2014 +0200
PID: 32386 (Parent PID:32385)
Account: nobody
Uptime: 24175 seconds


Executable:

/usr/local/sbin/nginx


Command Line (often faked in exploits):

nginx: worker process


Network connections by the process (if any):

tcp: 37.187.55.171:80 -> 0.0.0.0:0
tcp: 37.187.83.128:80 -> 0.0.0.0:0
tcp6: 0.0.0.0:80 -> 0.0.0.0:0


Files open by the process (if any):

/dev/null
/dev/null
/var/log/nginx/error.log
/var/log/nginx/error.log
/var/log/nginx/vhost-error_log
/usr/local/apache/domlogs/XXXXXXX-bytes_log
/usr/local/apache/domlogs/XXXXXXX
/var/log/nginx/microcache.log
/usr/local/apache/domlogs/XXXXXXX-bytes_log
/usr/local/apache/domlogs/XXXXXXX
/usr/local/apache/domlogs/XXXXXXX-bytes_log
/usr/local/apache/domlogs/XXXXXXX
/usr/local/apache/domlogs/XXXXXXX-bytes_log
/usr/local/apache/domlogs/XXXXXXX
/usr/local/apache/domlogs/dev.XXXXXXX-bytes_log
/usr/local/apache/domlogs/dev.XXXXXXX
/usr/local/apache/domlogs/dev2.XXXXXXX-bytes_log
/usr/local/apache/domlogs/dev2.XXXXXXX
/usr/local/apache/domlogs/developper.XXXXXXX-bytes_log
/usr/local/apache/domlogs/developper.XXXXXXX
/usr/local/apache/domlogs/ensaio.XXXXXXX-bytes_log
/usr/local/apache/domlogs/ensaio.XXXXXXX
/usr/local/apache/domlogs/fresh.XXXXXXX-bytes_log
/usr/local/apache/domlogs/fresh.XXXXXXX
/usr/local/apache/domlogs/XXXXXXX.be-bytes_log
/usr/local/apache/domlogs/XXXXXXX.be
/usr/local/apache/domlogs/XXXXXXX.com-bytes_log
/usr/local/apache/domlogs/XXXXXXX.com
/usr/local/apache/domlogs/imagens.XXXXXXX-bytes_log
/usr/local/apache/domlogs/imagens.XXXXXXX
/usr/local/apache/domlogs/img.XXXXXXX-bytes_log
/usr/local/apache/domlogs/img.XXXXXXX
/usr/local/apache/domlogs/img.XXXXXXX-bytes_log
/usr/local/apache/domlogs/img.XXXXXXX
/usr/local/apache/domlogs/immo.XXXXXXX-bytes_log
/usr/local/apache/domlogs/immo.XXXXXXX
/usr/local/apache/domlogs/immobXXXXXXX-bytes_log
/usr/local/apache/domlogs/immobXXXXXXX
/usr/local/apache/domlogs/XXXXXXX-bytes_log
/usr/local/apache/domlogs/XXXXXXX
/usr/local/apache/domlogs/XXXXXXX-bytes_log
/usr/local/apache/domlogs/XXXXXXX
/usr/local/apache/domlogs/m.XXXXXXX-bytes_log
/usr/local/apache/domlogs/m.XXXXXXX
/usr/local/apache/domlogs/mlm.XXXXXXX-bytes_log
/usr/local/apache/domlogs/mlm.XXXXXXX
/usr/local/apache/domlogs/polo.XXXXXXX-bytes_log
/usr/local/apache/domlogs/polo.XXXXXXX
/usr/local/apache/domlogs/projet.XXXXXXX-bytes_log
/usr/local/apache/domlogs/projet.XXXXXXX
/usr/local/apache/domlogs/realestate.XXXXXXX-bytes_log
/usr/local/apache/domlogs/realestate.XXXXXXX
/usr/local/apache/domlogs/rs.XXXXXXX-bytes_log
/usr/local/apache/domlogs/rs.XXXXXXX
/usr/local/apache/domlogs/sav.XXXXXXX-bytes_log
/usr/local/apache/domlogs/sav.XXXXXXX
/usr/local/apache/domlogs/support.XXXXXXX-bytes_log
/usr/local/apache/domlogs/support.XXXXXXX
/usr/local/apache/domlogs/vania.XXXXXXX-bytes_log
/usr/local/apache/domlogs/vania.XXXXXXX
/usr/local/apache/domlogs/XXXXXXX-bytes_log
/usr/local/apache/domlogs/XXXXXXX
/usr/local/apache/domlogs/XXXXXXX-bytes_log
/usr/local/apache/domlogs/XXXXXXX
anon_inode:[eventpoll]


Memory maps by the process (if any):

00400000-004a2000 r-xp 00000000 08:01 548232 /usr/local/sbin/nginx
006a2000-006b3000 rw-p 000a2000 08:01 548232 /usr/local/sbin/nginx
006b3000-00b2b000 rw-p 00000000 00:00 0 [heap]
00b2b000-00bcd000 rw-p 00000000 00:00 0 [heap]
7fc4d55b4000-7fc4d5ab4000 rw-s 00000000 00:04 47927860 /dev/zero (deleted)
7fc4d5ab4000-7fc4d5ac0000 r-xp 00000000 08:01 34956 /lib64/libnss_files-2.12.so
7fc4d5ac0000-7fc4d5cc0000 ---p 0000c000 08:01 34956 /lib64/libnss_files-2.12.so
7fc4d5cc0000-7fc4d5cc1000 r--p 0000c000 08:01 34956 /lib64/libnss_files-2.12.so
7fc4d5cc1000-7fc4d5cc2000 rw-p 0000d000 08:01 34956 /lib64/libnss_files-2.12.so
7fc4d5cc2000-7fc4d5cdf000 r-xp 00000000 08:01 32998 /lib64/libselinux.so.1
7fc4d5cdf000-7fc4d5ede000 ---p 0001d000 08:01 32998 /lib64/libselinux.so.1
7fc4d5ede000-7fc4d5edf000 r--p 0001c000 08:01 32998 /lib64/libselinux.so.1
7fc4d5edf000-7fc4d5ee0000 rw-p 0001d000 08:01 32998 /lib64/libselinux.so.1
7fc4d5ee0000-7fc4d5ee1000 rw-p 00000000 00:00 0
7fc4d5ee1000-7fc4d5ef7000 r-xp 00000000 08:01 34958 /lib64/libresolv-2.12.so
7fc4d5ef7000-7fc4d60f7000 ---p 00016000 08:01 34958 /lib64/libresolv-2.12.so
7fc4d60f7000-7fc4d60f8000 r--p 00016000 08:01 34958 /lib64/libresolv-2.12.so
7fc4d60f8000-7fc4d60f9000 rw-p 00017000 08:01 34958 /lib64/libresolv-2.12.so
7fc4d60f9000-7fc4d60fb000 rw-p 00000000 00:00 0
7fc4d60fb000-7fc4d60fd000 r-xp 00000000 08:01 32979 /lib64/libkeyutils.so.1.3
7fc4d60fd000-7fc4d62fc000 ---p 00002000 08:01 32979 /lib64/libkeyutils.so.1.3
7fc4d62fc000-7fc4d62fd000 r--p 00001000 08:01 32979 /lib64/libkeyutils.so.1.3
7fc4d62fd000-7fc4d62fe000 rw-p 00002000 08:01 32979 /lib64/libkeyutils.so.1.3
7fc4d62fe000-7fc4d6308000 r-xp 00000000 08:01 32697 /lib64/libkrb5support.so.0.1
7fc4d6308000-7fc4d6507000 ---p 0000a000 08:01 32697 /lib64/libkrb5support.so.0.1
7fc4d6507000-7fc4d6508000 r--p 00009000 08:01 32697 /lib64/libkrb5support.so.0.1
7fc4d6508000-7fc4d6509000 rw-p 0000a000 08:01 32697 /lib64/libkrb5support.so.0.1
7fc4d6509000-7fc4d6532000 r-xp 00000000 08:01 32694 /lib64/libk5crypto.so.3.1
7fc4d6532000-7fc4d6732000 ---p 00029000 08:01 32694 /lib64/libk5crypto.so.3.1
7fc4d6732000-7fc4d6733000 r--p 00029000 08:01 32694 /lib64/libk5crypto.so.3.1
7fc4d6733000-7fc4d6734000 rw-p 0002a000 08:01 32694 /lib64/libk5crypto.so.3.1
7fc4d6734000-7fc4d6735000 rw-p 00000000 00:00 0
7fc4d6735000-7fc4d6738000 r-xp 00000000 08:01 32775 /lib64/libcom_err.so.2.1
7fc4d6738000-7fc4d6937000 ---p 00003000 08:01 32775 /lib64/libcom_err.so.2.1
7fc4d6937000-7fc4d6938000 r--p 00002000 08:01 32775 /lib64/libcom_err.so.2.1
7fc4d6938000-7fc4d6939000 rw-p 00003000 08:01 32775 /lib64/libcom_err.so.2.1
7fc4d6939000-7fc4d6a14000 r-xp 00000000 08:01 32696 /lib64/libkrb5.so.3.3
7fc4d6a14000-7fc4d6c13000 ---p 000db000 08:01 32696 /lib64/libkrb5.so.3.3
7fc4d6c13000-7fc4d6c1d000 r--p 000da000 08:01 32696 /lib64/libkrb5.so.3.3
7fc4d6c1d000-7fc4d6c1f000 rw-p 000e4000 08:01 32696 /lib64/libkrb5.so.3.3
7fc4d6c1f000-7fc4d6c60000 r-xp 00000000 08:01 32678 /lib64/libgssapi_krb5.so.2.2
7fc4d6c60000-7fc4d6e60000 ---p 00041000 08:01 32678 /lib64/libgssapi_krb5.so.2.2
7fc4d6e60000-7fc4d6e61000 r--p 00041000 08:01 32678 /lib64/libgssapi_krb5.so.2.2
7fc4d6e61000-7fc4d6e63000 rw-p 00042000 08:01 32678 /lib64/libgssapi_krb5.so.2.2
7fc4d6e63000-7fc4d6ed4000 r-xp 00000000 08:01 32800 /lib64/libfreebl3.so
7fc4d6ed4000-7fc4d70d3000 ---p 00071000 08:01 32800 /lib64/libfreebl3.so
7fc4d70d3000-7fc4d70d5000 r--p 00070000 08:01 32800 /lib64/libfreebl3.so
7fc4d70d5000-7fc4d70d6000 rw-p 00072000 08:01 32800 /lib64/libfreebl3.so
7fc4d70d6000-7fc4d70da000 rw-p 00000000 00:00 0
7fc4d70da000-7fc4d7265000 r-xp 00000000 08:01 32929 /lib64/libc-2.12.so
7fc4d7265000-7fc4d7464000 ---p 0018b000 08:01 32929 /lib64/libc-2.12.so
7fc4d7464000-7fc4d7468000 r--p 0018a000 08:01 32929 /lib64/libc-2.12.so
7fc4d7468000-7fc4d7469000 rw-p 0018e000 08:01 32929 /lib64/libc-2.12.so
7fc4d7469000-7fc4d746e000 rw-p 00000000 00:00 0
7fc4d746e000-7fc4d7483000 r-xp 00000000 08:01 33030 /lib64/libz.so.1.2.3
7fc4d7483000-7fc4d7682000 ---p 00015000 08:01 33030 /lib64/libz.so.1.2.3
7fc4d7682000-7fc4d7683000 r--p 00014000 08:01 33030 /lib64/libz.so.1.2.3
7fc4d7683000-7fc4d7684000 rw-p 00015000 08:01 33030 /lib64/libz.so.1.2.3
7fc4d7684000-7fc4d7686000 r-xp 00000000 08:01 34952 /lib64/libdl-2.12.so
7fc4d7686000-7fc4d7886000 ---p 00002000 08:01 34952 /lib64/libdl-2.12.so
7fc4d7886000-7fc4d7887000 r--p 00002000 08:01 34952 /lib64/libdl-2.12.so
7fc4d7887000-7fc4d7888000 rw-p 00003000 08:01 34952 /lib64/libdl-2.12.so
7fc4d7888000-7fc4d7a3d000 r-xp 00000000 08:01 925147 /usr/lib64/libcrypto.so.1.0.1e
7fc4d7a3d000-7fc4d7c3d000 ---p 001b5000 08:01 925147 /usr/lib64/libcrypto.so.1.0.1e
7fc4d7c3d000-7fc4d7c58000 r--p 001b5000 08:01 925147 /usr/lib64/libcrypto.so.1.0.1e
7fc4d7c58000-7fc4d7c64000 rw-p 001d0000 08:01 925147 /usr/lib64/libcrypto.so.1.0.1e
7fc4d7c64000-7fc4d7c68000 rw-p 00000000 00:00 0
7fc4d7c68000-7fc4d7cc9000 r-xp 00000000 08:01 971995 /usr/lib64/libssl.so.1.0.1e
7fc4d7cc9000-7fc4d7ec9000 ---p 00061000 08:01 971995 /usr/lib64/libssl.so.1.0.1e
7fc4d7ec9000-7fc4d7ecd000 r--p 00061000 08:01 971995 /usr/lib64/libssl.so.1.0.1e
7fc4d7ecd000-7fc4d7ed4000 rw-p 00065000 08:01 971995 /usr/lib64/libssl.so.1.0.1e
7fc4d7ed4000-7fc4d7edb000 r-xp 00000000 08:01 32654 /lib64/libcrypt-2.12.so
7fc4d7edb000-7fc4d80db000 ---p 00007000 08:01 32654 /lib64/libcrypt-2.12.so
7fc4d80db000-7fc4d80dc000 r--p 00007000 08:01 32654 /lib64/libcrypt-2.12.so
7fc4d80dc000-7fc4d80dd000 rw-p 00008000 08:01 32654 /lib64/libcrypt-2.12.so
7fc4d80dd000-7fc4d810b000 rw-p 00000000 00:00 0
7fc4d810b000-7fc4d8122000 r-xp 00000000 08:01 32714 /lib64/libpthread-2.12.so
7fc4d8122000-7fc4d8322000 ---p 00017000 08:01 32714 /lib64/libpthread-2.12.so
7fc4d8322000-7fc4d8323000 r--p 00017000 08:01 32714 /lib64/libpthread-2.12.so
7fc4d8323000-7fc4d8324000 rw-p 00018000 08:01 32714 /lib64/libpthread-2.12.so
7fc4d8324000-7fc4d8328000 rw-p 00000000 00:00 0
7fc4d8328000-7fc4d8348000 r-xp 00000000 08:01 35395 /lib64/ld-2.12.so
7fc4d83c0000-7fc4d8534000 rw-p 00000000 00:00 0
7fc4d8534000-7fc4d853d000 rw-p 00000000 00:00 0
7fc4d8545000-7fc4d8546000 rw-s 00000000 00:04 47927864 /dev/zero (deleted)
7fc4d8546000-7fc4d8547000 rw-p 00000000 00:00 0
7fc4d8547000-7fc4d8548000 r--p 0001f000 08:01 35395 /lib64/ld-2.12.so
7fc4d8548000-7fc4d8549000 rw-p 00020000 08:01 35395 /lib64/ld-2.12.so
7fc4d8549000-7fc4d854a000 rw-p 00000000 00:00 0
7fff749f9000-7fff74a1a000 rw-p 00000000 00:00 0 [stack]
7fff74bf8000-7fff74bfa000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r--p 00000000 00:00 0 [vsyscall]
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 91
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready