Suspicious process running under user nobody

S

shortfragments

New member
Joined
Mar 26, 2010
Messages
1
Hi i need some help with a problem in my VPS Server

I get an email every 5 minutes with the following subject and body

Subject
Code: 
84  Subject: lfd on vps.myhosting.company: Suspicious process running under user nobody

And Body

Code: 
1Nw0iD-0006NP-Ei-D
Time:    Mon Mar 29 02:12:05 2010 +0400
PID:     24465
Account: nobody
Uptime:  81 seconds


Executable:

/usr/local/directadmin/directadmin


Command Line (often faked in exploits):

/usr/local/directadmin/directadmin d


Network connections by the process (if any):

tcp: 0.0.0.0:2222 -> 0.0.0.0:0


Files open by the process (if any):



Memory maps by the process (if any):

08048000-08394000 r-xp 00000000 fd:00 290162738                          /usr/local/directadmin/directadmin
08394000-084b0000 rw-p 0034b000 fd:00 290162738                          /usr/local/directadmin/directadmin
084b0000-084e2000 rw-p 084b0000 00:00 0 
09266000-092a9000 rw-p 09266000 00:00 0                                  [heap]
b7c86000-b7c8f000 r-xp 00000000 fd:00 290162811                          /lib/libnss_files-2.7.so
b7c8f000-b7c91000 rw-p 00008000 fd:00 290162811                          /lib/libnss_files-2.7.so
b7c91000-b7c99000 r-xp 00000000 fd:00 290162800                          /lib/libnss_nis-2.7.so
b7c99000-b7c9b000 rw-p 00007000 fd:00 290162800                          /lib/libnss_nis-2.7.so
b7c9b000-b7d9b000 rw-p b7c9b000 00:00 0 
b7d9b000-b7db5000 r-xp 00000000 fd:00 290162794                          /lib/ld-2.7.so
b7db5000-b7db7000 rw-p 0001a000 fd:00 290162794                          /lib/ld-2.7.so
b7db7000-b7eef000 r-xp 00000000 fd:00 290162806                          /lib/libc-2.7.so
b7eef000-b7ef0000 r--p 00138000 fd:00 290162806                          /lib/libc-2.7.so
b7ef0000-b7ef2000 rw-p 00139000 fd:00 290162806                          /lib/libc-2.7.so
b7ef2000-b7ef5000 rw-p b7ef2000 00:00 0 
b7ef5000-b7f08000 r-xp 00000000 fd:00 290162801                          /lib/libnsl-2.7.so
b7f08000-b7f0a000 rw-p 00012000 fd:00 290162801                          /lib/libnsl-2.7.so
b7f0a000-b7f0c000 rw-p b7f0a000 00:00 0 
b7f0c000-b7f13000 r-xp 00000000 fd:00 290162804                          /lib/libnss_compat-2.7.so
b7f13000-b7f15000 rw-p 00006000 fd:00 290162804                          /lib/libnss_compat-2.7.so
bfcb5000-bfcca000 rw-p 7ffffffea000 00:00 0                              [stack]

Can someone explain me what is this?

Thanks in advance friends
 
You must log in or register to reply here.
Back
Top