Can you translate csf log please?

ozgurerdogan · Nov 27, 2014

Can you translate csf log please?

I started to get lots of similar csf logs:

Code:

Time:    Thu Nov 27 20:51:35 2014 +0200
PID:     25708 (Parent PID:25708)
Account: sym
Uptime:  72390 seconds


Executable:

/usr/bin/perl


Command Line (often faked in exploits):

/usr/sbin/httpd


Network connections by the process (if any):

udp: 0.0.0.0:45144 -> 0.0.0.0:0
udp: 0.0.0.0:52131 -> 0.0.0.0:0
udp: 0.0.0.0:47499 -> 0.0.0.0:0
udp: 0.0.0.0:44253 -> 0.0.0.0:0
udp: 0.0.0.0:51333 -> 0.0.0.0:0
tcp: 93.186.125.56:56942 -> 213.205.33.61:25
udp: 0.0.0.0:58651 -> 0.0.0.0:0
udp: 0.0.0.0:59630 -> 0.0.0.0:0
udp: 0.0.0.0:42212 -> 0.0.0.0:0
udp: 0.0.0.0:50768 -> 0.0.0.0:0
tcp: 93.186.125.56:56945 -> 213.205.33.61:25
tcp: 93.186.125.56:56947 -> 213.205.33.61:25


Files open by the process (if any):

/dev/null
/dev/null
/dev/null


Memory maps by the process (if any):

001fb000-00326000 r-xp 00000000 03:03 360694     /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
00326000-0032b000 rwxp 0012a000 03:03 360694     /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
0032b000-0032d000 rwxp 0032b000 00:00 0 
003fd000-00402000 r-xp 00000000 03:03 358748     /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/File/Glob/Glob.so
00402000-00403000 rwxp 00004000 03:03 358748     /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/File/Glob/Glob.so
00457000-0045c000 r-xp 00000000 03:03 358936     /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Socket/Socket.so
0045c000-0045d000 rwxp 00004000 03:03 358936     /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Socket/Socket.so
005c6000-005e1000 r-xp 00000000 03:07 204774     /lib/ld-2.5.so
005e1000-005e2000 r-xp 0001a000 03:07 204774     /lib/ld-2.5.so
005e2000-005e3000 rwxp 0001b000 03:07 204774     /lib/ld-2.5.so
005e5000-0073b000 r-xp 00000000 03:07 204776     /lib/libc-2.5.so
0073b000-0073d000 r-xp 00156000 03:07 204776     /lib/libc-2.5.so
0073d000-0073e000 rwxp 00158000 03:07 204776     /lib/libc-2.5.so
0073e000-00741000 rwxp 0073e000 00:00 0 
00743000-00746000 r-xp 00000000 03:07 204815     /lib/libdl-2.5.so
00746000-00747000 r-xp 00002000 03:07 204815     /lib/libdl-2.5.so
00747000-00748000 rwxp 00003000 03:07 204815     /lib/libdl-2.5.so
0074a000-00760000 r-xp 00000000 03:07 204993     /lib/libpthread-2.5.so
00760000-00761000 r-xp 00015000 03:07 204993     /lib/libpthread-2.5.so
00761000-00762000 rwxp 00016000 03:07 204993     /lib/libpthread-2.5.so
00762000-00764000 rwxp 00762000 00:00 0 
00766000-0078d000 r-xp 00000000 03:07 204988     /lib/libm-2.5.so
0078d000-0078e000 r-xp 00026000 03:07 204988     /lib/libm-2.5.so
0078e000-0078f000 rwxp 00027000 03:07 204988     /lib/libm-2.5.so
00814000-0081d000 r-xp 00000000 03:07 204999     /lib/libcrypt-2.5.so
0081d000-0081e000 r-xp 00008000 03:07 204999     /lib/libcrypt-2.5.so
0081e000-0081f000 rwxp 00009000 03:07 204999     /lib/libcrypt-2.5.so
0081f000-00846000 rwxp 0081f000 00:00 0 
00848000-0085d000 r-xp 00000000 03:07 205018     /lib/libnsl-2.5.so
0085d000-0085e000 r-xp 00014000 03:07 205018     /lib/libnsl-2.5.so
0085e000-0085f000 rwxp 00015000 03:07 205018     /lib/libnsl-2.5.so
0085f000-00861000 rwxp 0085f000 00:00 0 
008e0000-008e1000 r-xp 008e0000 00:00 0          [vdso]
00963000-0097f000 r-xp 00000000 03:03 358774     /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/POSIX/POSIX.so
0097f000-00980000 rwxp 0001b000 03:03 358774     /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/POSIX/POSIX.so
00b43000-00b54000 r-xp 00000000 03:07 204935     /lib/libresolv-2.5.so
00b54000-00b55000 r-xp 00010000 03:07 204935     /lib/libresolv-2.5.so
00b55000-00b56000 rwxp 00011000 03:07 204935     /lib/libresolv-2.5.so
00b56000-00b58000 rwxp 00b56000 00:00 0 
00bf5000-00bf9000 r-xp 00000000 03:03 358761     /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so
00bf9000-00bfa000 rwxp 00003000 03:03 358761     /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so
00dc7000-00dc9000 r-xp 00000000 03:07 204957     /lib/libutil-2.5.so
00dc9000-00dca000 r-xp 00001000 03:07 204957     /lib/libutil-2.5.so
00dca000-00dcb000 rwxp 00002000 03:07 204957     /lib/libutil-2.5.so
00e12000-00e1c000 r-xp 00000000 03:07 206865     /lib/libnss_files-2.5.so
00e1c000-00e1d000 r-xp 00009000 03:07 206865     /lib/libnss_files-2.5.so
00e1d000-00e1e000 rwxp 0000a000 03:07 206865     /lib/libnss_files-2.5.so
08048000-0804b000 r-xp 00000000 03:03 4628662    /usr/bin/perl
0804b000-0804c000 rw-p 00002000 03:03 4628662    /usr/bin/perl
0966d000-09aa6000 rw-p 0966d000 00:00 0          [heap]
b7f1d000-b7f41000 rw-p b7f1d000 00:00 0 
b7f49000-b7f4a000 rw-p b7f49000 00:00 0 
bfde3000-bfdf8000 rw-p bffe9000 00:00 0          [stack]

danrussell · Dec 12, 2014

Error logs path?

Hi,

Where do you get these logs ? Error file path?
Also have you tried disabling the csf ?

zEitEr · Dec 18, 2014

Hello,

It seems somebody was running a copy of a webserver started with perl.

Can you translate csf log please?

ozgurerdogan

Verified User

danrussell

New member

zEitEr

Super Moderator