Hello,
i received in some times emails from lfd:
could you please help me?
i received in some times emails from lfd:
could you please help me?
PHP:
Time: Sat Jun 4 15:55:15 2011 +0430
PID: 5463
Account: billing
Uptime: 75 seconds
Executable:
/usr/local/lsws/fcgi-bin/lsphp-5.2.17
Command Line (often faked in exploits):
lsphp5:/billing/public_html/admin/clientshosting.php
Network connections by the process (if any):
tcp: 85.10.211.***:55178 -> 85.10.211.***:2086
Files open by the process (if any):
/tmp/session_mm_litespeed503.sem (deleted)
/var/cpanel/locale/en.cdb
/tmp/eaccelerator.litespeed5463.sem.MRopAm (deleted)
/tmp/ZCUD27BPYf (deleted)
/tmp/sess_aff996ad53f70b11938beedf8ead5f58
Memory maps by the process (if any):
00400000-00a73000 r-xp 00000000 09:02 17668 /usr/local/lsws/fcgi-bin/lsphp-5.2.17
00c72000-00cda000 rw-p 00672000 09:02 17668 /usr/local/lsws/fcgi-bin/lsphp-5.2.17
00cda000-00ce8000 rw-p 00cda000 00:00 0
06547000-0723e000 rw-p 06547000 00:00 0 [heap]
36ff200000-36ff21c000 r-xp 00000000 09:02 24968067 /lib64/ld-2.5.so
36ff41b000-36ff41c000 r--p 0001b000 09:02 24968067 /lib64/ld-2.5.so
36ff41c000-36ff41d000 rw-p 0001c000 09:02 24968067 /lib64/ld-2.5.so
36ff600000-36ff74e000 r-xp 00000000 09:02 24968069 /lib64/libc-2.5.so
36ff74e000-36ff94e000 ---p 0014e000 09:02 24968069 /lib64/libc-2.5.so
36ff94e000-36ff952000 r--p 0014e000 09:02 24968069 /lib64/libc-2.5.so
36ff952000-36ff953000 rw-p 00152000 09:02 24968069 /lib64/libc-2.5.so
36ff953000-36ff958000 rw-p 36ff953000 00:00 0
36ffa00000-36ffa02000 r-xp 00000000 09:02 24968232 /lib64/libdl-2.5.so
36ffa02000-36ffc02000 ---p 00002000 09:02 24968232 /lib64/libdl-2.5.so
36ffc02000-36ffc03000 r--p 00002000 09:02 24968232 /lib64/libdl-2.5.so
36ffc03000-36ffc04000 rw-p 00003000 09:02 24968232 /lib64/libdl-2.5.so
7fff952d2000-7fff952fd000 rwxp 7ffffffd2000 00:00 0 [stack]
7fff952fe000-7fff952fe000 rw-p 7fffffffe000 00:00 0
ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0 [vdso]