Ns3.xxxxx.com
Jul 4, 2007
Recently i took a linux dedicated server from Layered Technologies. Here at my place one local company did migration & security audit for the site. After that i have changed the root password.
Today through Cpanel i clicked on the "Nameserver IP's"
I got the below results :
72.xxx.xxxx.2 ns1.mysite.org
72.xxx.xxxx.3 NS2.NBSDESIGNZ.COM
72.xxx.xxxx.6 ns2.mysite.org
I am confused with how "NS2.NBSDESIGNZ.COM" came into my server ? I have no relationship with that site or never heard about it.
I do not sell the space. I use server for only mysite. I am in a feeling that someone else using my server resources..
View 9 Replies
Dec 16, 2007
I`ve found some core.xxxxx files in some directories under some of our accounts.
I think those should be a trojan, Is it right?
* Many of those files are 0bytes, But some others are about 2-3M.
And how to remove those? What should to do to have those removed successfully.
This is a part from one of those files:
Code:
^?ELF^A^A^A^@^@^@^@^@^@^@^@^@^D^@^C^@^A^@^@^@^@^@^@^
@4^@^@^@^@^@^@^@^@^@^@^@4^@ ^@U^@^@^@^@^@^@^@^D^@^@^@Ô
^@^@^@^@^@^@^@^@^@^@ö^@^@^@^@^@^@^@^@^@^@^@^@^@^@^A^@^@^@^@ ^@^@^@^P^Q^@^@^@^@^@^@^@^@^@^@@^M^@^E^@^@^@^@^P^@^@^A^@^@^@^@ ^@^@^@P^^^@^@^@$
q^Y^@^@^@^@^@�����x^^^@^@^@^@^@^@^@^@^@^@^@^@^@��^]^@^@^@^@^@����Ðx^^^@^@^@^@^@^@^@^@^@^@^@^@^@Ç�^]^@^A^@^@^@^P^@^@^@^@y^^^@^B^@^@^@^@^@^@^@$
^@^@^@^@^@^@^@(^@^@^@#^L^^^@^A^@^@^@^P^@^@^@`z^^^@^E^@^@^@^@^@^@^@^T^@^@^@^V�^]^@^A^@^@^@^P^@^@^@Üz^^^@^C^@^@^@|�^]^@^P^@^@^@+�^]^@^A^@^@^@^$
)^@^@^@^@^@^@^@^@^@^@^@^@^@^@^P^@^@^@^Ø^@^^^@^E^@^@^@P(^@^@^@^@^@^@^@^@^@^@^@^@^@^@^P^@^@^@�^@^^^@^E^@^@^@^V=^
@^@^@^@^@^@^@^@^@^@^@^@^@^@^P^$
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^H^^^@^@^@^@^@^B
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@t^K^^^@^A^@^@^@^P
^@^@^@�|^^^@^C^@^@^@^@^@^@^@^L$
^@^@^@Ê^�^X^@ ^�^X^@^@^@^@^@H^P^@^@��^X^@a�^X^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@!^@^@^@^H^@^@^@^X^@^@^@^H^@^@^@^A^@^@
^@�^�^X^@^D^�^X^$
^@^@^@^Z�^X^@p^X^@^@^@^@^@^Ä^@^@^@��^X^@a�^X^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^
@^@^@^C^@^@^@^G^@^@^@^P^@^@^@^@^@^@^@^�^X^@��^X^@�^X^@^@$
^@^@^@ð�^@^@^K^@^@^@^P^@^@^@^C^@^@^@�^Ö^^^@^B^@^@^@^È^B^@^@^T^@^@^@^Q^@^@^@^W^@^@^@á�^S^@^Q^@^@^@TÑ^R^@^R^@^@^@^ÐÞ^@^@^S^@^@^@^H^@^@^@���oÔ^$
�^S^@^Z�^S^@*�^S^@:�^S^@J�^S^@Z�^S^@j�^S^@z�^S^@^�^S^@^�
^S^@��^S^@��^S^@Ê�^S^@Û�^S^@í�^S^@��^S^@
�^S^@^Z�^S^@*�^S^@:�^S^@J�^S^@Z�^S^@j�^S^@z�^S^@^�^S^@^�
^S^@��^S^@��^S^@Ê�^S^@Û�^S^@í�^S^@��^S^@
�^S^@^Z�^S^@*�^S^@:�^S^@J�^S^@Z�^S^@j�^S^@z�^S^@^�^S^@^�
^S^@��^S^@��^S^@Ê�^S^@Û�^S^@í�^S^@��^S^@
�^S^@^Z�^S^@*�^S^@:�^S^@J�^S^@Z�^S^@j�^S^@z�^S^@^�^S^@^�
^S^@��^S^@��^S^@Ê�^S^@Û�^S^@í�^S^@��^S^@.
We are using cPanel on CentOS 4.5, And have clamav installed on the server.
View 14 Replies
View Related
Jun 25, 2007
I ran ls -la / and I saw something new that I haven't seen before, look at this result :
-rw------- 1 root root 9375744 Jun 2 14:10 core.21044
-rw------- 1 root root 9375744 Jun 2 14:11 core.21056
-rw------- 1 root root 9379840 Jun 2 14:44 core.22839
-rw------- 1 root root 9379840 Jun 2 14:56 core.22973
-rw------- 1 root root 9371648 Jun 2 14:59 core.22997
-rw------- 1 root root 9371648 Jun 2 15:02 core.23182
-rw------- 1 root root 9506816 Jun 22 05:26 core.26811
-rw------- 1 root root 9367552 Jun 18 04:20 core.27185
-rw------- 1 root root 9371648 Jun 18 04:22 core.27245
-rw------- 1 root root 9371648 Jun 18 04:23 core.27289
-rw------- 1 root root 9367552 Jun 18 04:24 core.27306
-rw------- 1 root root 9297920 Jun 15 06:39 core.420
-rw------- 1 root root 9367552 Jun 18 04:28 core.7092
I did cat one of them and I saw there's something about kernel and the rest of the file has been filled by meaningless characters
They also filled up a huge space, what are these files for?
View 3 Replies
View Related
Jul 13, 2008
I found this files inside /home/user/public_html/forums
It's owner and group is nobody
When I try to cat and pico, all the weird thing came out
What is this files anyway? anybody can tell?
-rw------- 1 nobody nobody 25808896 Jul 9 00:06 core.9703
-rw------- 1 nobody nobody 25694208 Jul 11 11:56 core.9716
-rw------- 1 nobody nobody 25694208 Jul 11 11:56 core.9737
-rw------- 1 nobody nobody 25636864 Jul 10 01:34 core.975
-rw------- 1 nobody nobody 25870336 Jul 11 06:48 core.9758
-rw------- 1 nobody nobody 25694208 Jul 11 14:27 core.9763
-rw------- 1 nobody nobody 25632768 Jul 9 22:50 core.9786
-rw------- 1 nobody nobody 25944064 Jul 8 18:39 core.9799
-rw------- 1 nobody nobody 25870336 Jul 13 10:00 core.9802
-rw------- 1 nobody nobody 25632768 Jul 9 15:12 core.9806
-rw------- 1 nobody nobody 25694208 Jul 12 23:32 core.9809
-rw------- 1 nobody nobody 25870336 Jul 12 05:09 core.9815
-rw------- 1 nobody nobody 26005504 Jul 11 23:36 core.9816
-rw------- 1 nobody nobody 26005504 Jul 12 02:08 core.9826
-rw------- 1 nobody nobody 26005504 Jul 10 13:58 core.9833
-rw------- 1 nobody nobody 25632768 Jul 8 18:39 core.9854
-rw------- 1 nobody nobody 25632768 Jul 8 14:06 core.9865
-rw------- 1 nobody nobody 25694208 Jul 11 11:57 core.9881
-rw------- 1 nobody nobody 25870336 Jul 10 10:21 core.9901
-rw------- 1 nobody nobody 25694208 Jul 10 16:22 core.9903
-rw------- 1 nobody nobody 25694208 Jul 11 09:08 core.9913
-rw------- 1 nobody nobody 26005504 Jul 11 06:48 core.9922
-rw------- 1 nobody nobody 25632768 Jul 8 18:40 core.9927
-rw------- 1 nobody nobody 25870336 Jul 11 15:51 core.9942
-rw------- 1 nobody nobody 25694208 Jul 11 06:48 core.9946
-rw------- 1 nobody nobody 26005504 Jul 11 13:18 core.9983
-rw------- 1 nobody nobody 25944064 Jul 7 20:53 core.9989
View 5 Replies
View Related
