Malam tuan"
Saya dapat email notifikasi tentang salah satu akun di vps saja
Isinya..
*** ENVELOPE RECORDS maildrop/3B688600BD ***
message_arrival_time: Mon Aug 10 07
17 2015
named_attribute: rewrite_context=local
sender_fullname: root
sender: root
*** MESSAGE CONTENTS maildrop/3B688600BD ***
regular_text: From: root
regular_text: To: root
regular_text: Subject: lfd on {MY HOSTNAME}: Suspicious process running under user {USER}
regular_text:
regular_text: Time: {DATETIME}
regular_text: PID: 27074 (Parent PID:21396)
regular_text: Account: {USER}
regular_text: Uptime: 81 seconds
regular_text:
regular_text:
regular_text: Executable:
regular_text:
regular_text: /usr/local/bin/php-cgi
regular_text:
regular_text:
regular_text: Command Line (often faked in exploits):
regular_text:
regular_text: /usr/local/bin/php-cgi
regular_text:
regular_text:
regular_text: Network connections by the process (if any):
regular_text:
regular_text: tcp: {MY HOST IP}:46357 -> {UNKNOWN IP}:443
regular_text:
regular_text:
regular_text: Files open by the process (if any):
regular_text:
regular_text:
regular_text:
regular_text: Memory maps by the process (if any):
regular_text:
regular_text: 00400000-00dd3000 r-xp 00000000 b6:834c1 15356 /usr/local/bin/php-cgi
regular_text: 00fd3000-00fe2000 rw-p 009d3000 b6:834c1 15356 /usr/local/bin/php-cgi
regular_text: 00fe2000-01006000 rw-p 00000000 00:00 0
regular_text: 02c59000-04cfe000 rw-p 00000000 00:00 0 [heap]
regular_text: 7f5998d6a000-7f5998d6f000 r-xp 00000000 b6:834c1 524318 /lib64/libnss_dns-2.12.so
regular_text: 7f5998d6f000-7f5998f6e000 ---p 00005000 b6:834c1 524318 /lib64/libnss_dns-2.12.so
regular_text: 7f5998f6e000-7f5998f6f000 r--p 00004000 b6:834c1 524318 /lib64/libnss_dns-2.12.so
regular_text: 7f5998f6f000-7f5998f70000 rw-p 00005000 b6:834c1 524318 /lib64/libnss_dns-2.12.so
regular_text: 7f5998f70000-7f5998f7c000 r-xp 00000000 b6:834c1 524320 /lib64/libnss_files-2.12.so
regular_text: 7f5998f7c000-7f599917c000 ---p 0000c000 b6:834c1 524320 /lib64/libnss_files-2.12.so
regular_text: 7f599917c000-7f599917d000 r--p 0000c000 b6:834c1 524320 /lib64/libnss_files-2.12.so
regular_text: 7f599917d000-7f599917e000 rw-p 0000d000 b6:834c1 524320 /lib64/libnss_files-2.12.so
regular_text: 7f599917e000-7f599923f000 rw-p 00000000 00:00 0
regular_text: 7f59992c0000-7f5999301000 rw-p 00000000 00:00 0
regular_text: 7f5999342000-7f59997d4000 rw-p 00000000 00:00 0
regular_text: 7f59997e0000-7f59998e4000 rw-p 00000000 00:00 0
regular_text: 7f5999914000-7f5999c82000 rw-p 00000000 00:00 0
regular_text: 7f5999ca7000-7f5999eaf000 rw-p 00000000 00:00 0
regular_text: 7f5999ed4000-7f5999f15000 rw-p 00000000 00:00 0
regular_text: 7f5999f15000-7f599a05e000 r-xp 00000000 b6:834c1 272252 /usr/local/ioncube/ioncube_loader_lin_5.4.so
regular_text: 7f599a05e000-7f599a15d000 ---p 00149000 b6:834c1 272252 /usr/local/ioncube/ioncube_loader_lin_5.4.so
regular_text: 7f599a15d000-7f599a16d000 rw-p 00148000 b6:834c1 272252 /usr/local/ioncube/ioncube_loader_lin_5.4.so
regular_text: 7f599a16d000-7f599a170000 rw-p 00000000 00:00 0
regular_text: 7f599a170000-7f599a18d000 r-xp 00000000 b6:834c1 524805 /lib64/libselinux.so.1
regular_text: 7f599a18d000-7f599a38c000 ---p 0001d000 b6:834c1 524805 /lib64/libselinux.so.1
regular_text: 7f599a38c000-7f599a38d000 r--p 0001c000 b6:834c1 524805 /lib64/libselinux.so.1
regular_text: 7f599a38d000-7f599a38e000 rw-p 0001d000 b6:834c1 524805 /lib64/libselinux.so.1
regular_text:
*** HEADER EXTRACTED maildrop/3B688600BD ***
recipient: root
*** MESSAGE FILE END maildrop/3B688600BD ***
What should i do, tuan"?
Saya dapat email notifikasi tentang salah satu akun di vps saja
Isinya..
*** ENVELOPE RECORDS maildrop/3B688600BD ***
message_arrival_time: Mon Aug 10 07
17 2015named_attribute: rewrite_context=local
sender_fullname: root
sender: root
*** MESSAGE CONTENTS maildrop/3B688600BD ***
regular_text: From: root
regular_text: To: root
regular_text: Subject: lfd on {MY HOSTNAME}: Suspicious process running under user {USER}
regular_text:
regular_text: Time: {DATETIME}
regular_text: PID: 27074 (Parent PID:21396)
regular_text: Account: {USER}
regular_text: Uptime: 81 seconds
regular_text:
regular_text:
regular_text: Executable:
regular_text:
regular_text: /usr/local/bin/php-cgi
regular_text:
regular_text:
regular_text: Command Line (often faked in exploits):
regular_text:
regular_text: /usr/local/bin/php-cgi
regular_text:
regular_text:
regular_text: Network connections by the process (if any):
regular_text:
regular_text: tcp: {MY HOST IP}:46357 -> {UNKNOWN IP}:443
regular_text:
regular_text:
regular_text: Files open by the process (if any):
regular_text:
regular_text:
regular_text:
regular_text: Memory maps by the process (if any):
regular_text:
regular_text: 00400000-00dd3000 r-xp 00000000 b6:834c1 15356 /usr/local/bin/php-cgi
regular_text: 00fd3000-00fe2000 rw-p 009d3000 b6:834c1 15356 /usr/local/bin/php-cgi
regular_text: 00fe2000-01006000 rw-p 00000000 00:00 0
regular_text: 02c59000-04cfe000 rw-p 00000000 00:00 0 [heap]
regular_text: 7f5998d6a000-7f5998d6f000 r-xp 00000000 b6:834c1 524318 /lib64/libnss_dns-2.12.so
regular_text: 7f5998d6f000-7f5998f6e000 ---p 00005000 b6:834c1 524318 /lib64/libnss_dns-2.12.so
regular_text: 7f5998f6e000-7f5998f6f000 r--p 00004000 b6:834c1 524318 /lib64/libnss_dns-2.12.so
regular_text: 7f5998f6f000-7f5998f70000 rw-p 00005000 b6:834c1 524318 /lib64/libnss_dns-2.12.so
regular_text: 7f5998f70000-7f5998f7c000 r-xp 00000000 b6:834c1 524320 /lib64/libnss_files-2.12.so
regular_text: 7f5998f7c000-7f599917c000 ---p 0000c000 b6:834c1 524320 /lib64/libnss_files-2.12.so
regular_text: 7f599917c000-7f599917d000 r--p 0000c000 b6:834c1 524320 /lib64/libnss_files-2.12.so
regular_text: 7f599917d000-7f599917e000 rw-p 0000d000 b6:834c1 524320 /lib64/libnss_files-2.12.so
regular_text: 7f599917e000-7f599923f000 rw-p 00000000 00:00 0
regular_text: 7f59992c0000-7f5999301000 rw-p 00000000 00:00 0
regular_text: 7f5999342000-7f59997d4000 rw-p 00000000 00:00 0
regular_text: 7f59997e0000-7f59998e4000 rw-p 00000000 00:00 0
regular_text: 7f5999914000-7f5999c82000 rw-p 00000000 00:00 0
regular_text: 7f5999ca7000-7f5999eaf000 rw-p 00000000 00:00 0
regular_text: 7f5999ed4000-7f5999f15000 rw-p 00000000 00:00 0
regular_text: 7f5999f15000-7f599a05e000 r-xp 00000000 b6:834c1 272252 /usr/local/ioncube/ioncube_loader_lin_5.4.so
regular_text: 7f599a05e000-7f599a15d000 ---p 00149000 b6:834c1 272252 /usr/local/ioncube/ioncube_loader_lin_5.4.so
regular_text: 7f599a15d000-7f599a16d000 rw-p 00148000 b6:834c1 272252 /usr/local/ioncube/ioncube_loader_lin_5.4.so
regular_text: 7f599a16d000-7f599a170000 rw-p 00000000 00:00 0
regular_text: 7f599a170000-7f599a18d000 r-xp 00000000 b6:834c1 524805 /lib64/libselinux.so.1
regular_text: 7f599a18d000-7f599a38c000 ---p 0001d000 b6:834c1 524805 /lib64/libselinux.so.1
regular_text: 7f599a38c000-7f599a38d000 r--p 0001c000 b6:834c1 524805 /lib64/libselinux.so.1
regular_text: 7f599a38d000-7f599a38e000 rw-p 0001d000 b6:834c1 524805 /lib64/libselinux.so.1
regular_text:
*** HEADER EXTRACTED maildrop/3B688600BD ***
recipient: root
*** MESSAGE FILE END maildrop/3B688600BD ***
What should i do, tuan"?
