Recently uploaded a Joomla site to a temporary folder. Now everytime I access /administrator I keep getting this email:
Code:
/usr/bin/php Command Line (often faked in exploits): /usr/bin/php /home/<user>/public_html/<temp_dir>/administrator/index.php Network connections by the process (if any): tcp: 192.190.84.47:57863 -> 72.21.81.253:80 Files open by the process (if any): Memory maps by the process (if any): 08048000-08774000 r-xp 00000000 00:41 60168225 /usr/bin/php 08774000-08783000 rw-p 0072b000 00:41 60168225 /usr/bin/php 08783000-087a1000 rw-p 00000000 00:00 0 09e9c000-0a6aa000 rw-p 00000000 00:00 0 [heap] b5800000-b5821000 rw-p 00000000 00:00 0 b5821000-b5900000 ---p 00000000 00:00 0 b594f000-b595b000 r-xp 00000000 00:41 59248281 /lib/libnss_files-2.12.so b595b000-b595c000 r--p 0000b000 00:41 59248281 /lib/libnss_files-2.12.so b595c000-b595d000 rw-p 0000c000 00:41 59248281 /lib/libnss_files-2.12.so b595d000-b597a000 r-xp 00000000 00:41 59248204 /lib/libgcc_s-4.4.7-20120601.so.1 b597a000-b597b000 rw-p 0001d000 00:41 59248204 /lib/libgcc_s-4.4.7-20120601.so.1 b597b000-b597c000 ---p 00000000 00:00 0 b597c000-b637c000 rwxp 00000000 00:00 0 b637c000-b6449000 r-xp 00000000 00:41 62261158 /usr/local/Zend/lib/Guard-5.5.0/php-5.3.x/ZendGuardLoader.so b6449000-b645b000 rw-p 000cd000 00:41 62261158 /usr/local/Zend/lib/Guard-5.5.0/php-5.3.x/ZendGuardLoader.so b645b000-b645e000 rw-p 00000000 00:00 0 b645e000-b6534000 r-xp 00000000 00:41 62261157 /usr/local/IonCube/ioncube_loader_lin_5.3.so b6534000-b6537000 rw-p 000d6000 00:41 62261157 /usr/local/IonCube/ioncube_loader_lin_5.3.so b6537000-b6561000 rw-p 00000000 00:00 0 b659b000-b65a0000 r-xp 00000000 00:41 59248279 /lib/libnss_dns-2.12.so b65a0000-b65a1000 r--p 00004000 00:41 59248279 /lib/libnss_dns-2.12.so b65a1000-b65a2000 rw-p 00005000 00:41 59248279 /lib/libnss_dns-2.12.so b65a2000-b65a6000 rw-p 00000000 00:00 0 b65a6000-b65c3000 r-xp 00000000 00:41 59248311 /lib/libselinux.so.1 b65c3000-b65c4000 r--p 0001c000 00:41 59248311 /lib/libselinux.so.1 b65c4000-b65c5000 rw-p 0001d000 00:41 59248311 /lib/libselinux.so.1 b65c5000-b65c6000 rw-p 00000000 00:00 0 b65c6000-b65c8000 r-xp 00000000 00:41 60692666 /usr/lib/libXau.so.6.0.0 b65c8000-b65c9000 rw-p 00001000 00:41 60692666 /usr/lib/libXau.so.6.0.0 b65c9000-b65e2000 r-xp 00000000 00:41 60693061 /usr/lib/libsasl2.so.2.0.23 b65e2000-b65e3000 r--p 00018000 00:41 60693061 /usr/lib/libsasl2.so.2.0.23 b65e3000-b65e4000 rw-p 00019000 00:41 60693061 /usr/lib/libsasl2.so.2.0.23 b65e4000-b661e000 r-xp 00000000 00:41 59248276 /lib/libnspr4.so b661e000-b661f000 r--p 00039000 00:41 59248276 /lib/libnspr4.so b661f000-b6620000 rw-p 0003a000 00:41 59248276 /lib/libnspr4.so b6620000-b6622000 rw-p 00000000 00:00 0 b6622000-b6626000 r-xp 00000000 00:41 59248297 /lib/libplc4.so b6626000-b6627000 r--p 00003000 00:41 59248297 /lib/libplc4.so b6627000-b6628000 rw-p 00004000 00:41 59248297 /lib/libplc4.so b6628000-b662b000 r-xp 00000000 00:41 59248298 /lib/libplds4.so b662b000-b662c000 r--p 00002000 00:41 59248298 /lib/libplds4.so b662c000-b662d000 rw-p 00003000 00:41 59248298 /lib/libplds4.so b662d000-b662e000 rw-p 00000000 00:00 0 b662e000-b664f000 r-xp 00000000 00:41 60692992 /usr/lib/libnssutil3.so b664f000-b6652000 r--p 00020000 00:41 60692992 /usr/lib/libnssutil3.so b6652000-b6653000 rw-p 00023000 00:41 60692992 /usr/lib/libnssutil3.so b6653000-b6789000 r-xp 00000000 00:41 60692980 /usr/lib/libnss3.so b6789000-b678c000 r--p 00135000 00:41 60692980 /usr/lib/libnss3.so b678c000-b678e000 rw-p 00138000 00:41 60692980 /usr/lib/libnss3.so b678e000-b67b6000 r-xp 00000000 00:41 60693066 /usr/lib/libsmime3.so b67b6000-b67b8000 r--p 00027000 00:41 60693066 /usr/lib/libsmime3.so b67b8000-b67b9000 rw-p 00029000 00:41 60693066 /usr/lib/libsmime3.so b67b9000-b67ed000 r-xp 00000000 00:41 60693076 /usr/lib/libssl3.so b67ed000-b67ee000 r--p 00034000 00:41 60693076 /usr/lib/libssl3.so b67ee000-b67ef000 rw-p 00035000 00:41 60693076 /usr/lib/libssl3.so b67ef000-b67fc000 r-xp 00000000 00:41 59248253 /lib/liblber-2.4.so.2.5.6 b67fc000-b67fd000 r--p 0000d000 00:41 59248253 /lib/liblber-2.4.so.2.5.6 b67fd000-b67fe000 rw-p 0000e000 00:41 59248253 /lib/liblber-2.4.so.2.5.6 b67fe000-b67ff000 rw-p 00000000 00:00 0 b67ff000-b6801000 r-xp 00000000 00:41 59248247 /lib/libkeyutils.so.1.3 b6801000-b6802000 r--p 00001000 00:41 59248247 /lib/libkeyutils.so.1.3 b6802000-b6803000 rw-p 00002000 00:41 59248247 /lib/libkeyutils.so.1.3 b6803000-b680d000 r-xp 00000000 00:41 59248251 /lib/libkrb5support.so.0.1 b680d000-b680e000 r--p 00009000 00:41 59248251 /lib/libkrb5support.so.0.1 b680e000-b680f000 rw-p 0000a000 00:41 59248251 /lib/libkrb5support.so.0.1 b680f000-b682e000 r-xp 00000000 00:41 60693188 /usr/lib/libxcb.so.1.1.0 b682e000-b682f000 rw-p 0001f000 00:41 60693188 /usr/lib/libxcb.so.1.1.0 b682f000-b6846000 r-xp 00000000 00:41 59248166 /lib/libaudit.so.1.0.0 b6846000-b6847000 r--p 00016000 00:41 59248166 /lib/libaudit.so.1.0.0 b6847000-b684c000 rw-p 00017000 00:41 59248166 /lib/libaudit.so.1.0.0 b684c000-b6863000 r-xp 00000000 00:41 59248303 /lib/libpthread-2.12.so b6863000-b6864000 r--p 00016000 00:41 59248303 /lib/libpthread-2.12.so b6864000-b6865000 rw-p 00017000 00:41 59248303 /lib/libpthread-2.12.so b6865000-b6868000 rw-p 00000000 00:00 0 b6868000-b68b7000 r-xp 00000000 00:41 59248203 /lib/libfreebl3.so b68b7000-b68b8000 r--p 0004e000 00:41 59248203 /lib/libfreebl3.so b68b8000-b68b9000 rw-p 0004f000 00:41 59248203 /lib/libfreebl3.so b68b9000-b68bd000 rw-p 00000000 00:00 0 b68bd000-b68d2000 r-xp 00000000 00:41 59248307 /lib/libresolv-2.12.so b68d2000-b68d3000 ---p 00015000 00:41 59248307 /lib/libresolv-2.12.so b68d3000-b68d4000 r--p 00015000 00:41 59248307 /lib/libresolv-2.12.so b68d4000-b68d5000 rw-p 00016000 00:41 59248307 /lib/libresolv-2.12.so b68d5000-b68d7000 rw-p 00000000 00:00 0 b68d7000-b6a67000 r-xp 00000000 00:41 59248173 /lib/libc-2.12.so b6a67000-b6a68000 ---p 00190000 00:41 59248173 /lib/libc-2.12.so b6a68000-b6a6a000 r--p 00190000 00:41 59248173 /lib/libc-2.12.so b6a6a000-b6a6b000 rw-p 00192000 00:41 59248173 /lib/libc-2.12.so b6a6b000-b6a6e000 rw-p 00000000 00:00 0 b6a6e000-b6bd6000 r-xp 00000000 00:41 59515562 /opt/xml2/lib/libxml2.so.2.9.0 b6bd6000-b6bdb000 rw-p 00168000 00:41 59515562 /opt/xml2/lib/libxml2.so.2.9.0 b6bdb000-b6bdc000 rw-p 00000000 00:00 0 b6bdc000-b6c1c000 r-xp 00000000 00:41 59515963 /opt/xslt/lib/libxslt.so.1.1.27 b6c1c000-b6c1d000 rw-p 00040000 00:41 59515963 /opt/xslt/lib/libxslt.so.1.1.27 b6c1d000-b6c69000 r-xp 00000000 00:41 59248255 /lib/libldap-2.4.so.2.5.6 b6c69000-b6c6a000 r--p 0004b000 00:41 59248255 /lib/libldap-2.4.so.2.5.6 b6c6a000-b6c6b000 rw-p 0004c000 00:41 59248255 /lib/libldap-2.4.so.2.5.6 b6c6b000-b6c6c000 rw-p 00000000 00:00 0 b6c6c000-b6c9d000 r-xp 00000000 00:41 59248227 /lib/libidn.so.11.6.1 b6c9d000-b6c9e000 rw-p 00030000 00:41 59248227 /lib/libidn.so.11.6.1 b6c9e000-b6cf1000 r-xp 00000000 00:41 59377620 /opt/curlssl/lib/libcurl.so.4.2.0 b6cf1000-b6cf3000 rw-p 00052000 00:41 59377620 /opt/curlssl/lib/libcurl.so.4.2.0 b6cf3000-b6cf6000 r-xp 00000000 00:41 59248182 /lib/libcom_err.so.2.1 b6cf6000-b6cf7000 r--p 00002000 00:41 59248182 /lib/libcom_err.so.2.1 b6cf7000-b6cf8000 rw-p 00003000 00:41 59248182 /lib/libcom_err.so.2.1 b6cf8000-b6d20000 r-xp 00000000 00:41 59248245 /lib/libk5crypto.so.3.1 b6d20000-b6d21000 r--p 00028000 00:41 59248245 /lib/libk5crypto.so.3.1 b6d21000-b6d22000 rw-p 00029000 00:41 59248245 /lib/libk5crypto.so.3.1 b6d22000-b6d23000 rw-p 00000000 00:00 0 b6d23000-b6df9000 r-xp 00000000 00:41 59248249 /lib/libkrb5.so.3.3 b6df9000-b6dff000 r--p 000d5000 00:41 59248249 /lib/libkrb5.so.3.3 b6dff000-b6e00000 rw-p 000db000 00:41 59248249 /lib/libkrb5.so.3.3 b6e00000-b6e01000 rw-p 00000000 00:00 0 b6e01000-b6e3f000 r-xp 00000000 00:41 59248219 /lib/libgssapi_krb5.so.2.2 b6e3f000-b6e40000 r--p 0003e000 00:41 59248219 /lib/libgssapi_krb5.so.2.2 b6e40000-b6e41000 rw-p 0003f000 00:41 59248219 /lib/libgssapi_krb5.so.2.2 b6e41000-b6e58000 r-xp 00000000 00:41 59248274 /lib/libnsl-2.12.so b6e58000-b6e59000 r--p 00016000 00:41 59248274 /lib/libnsl-2.12.so b6e59000-b6e5a000 rw-p 00017000 00:41 59248274 /lib/libnsl-2.12.so b6e5a000-b6e5c000 rw-p 00000000 00:00 0 b6e5c000-b6ea0000 r-xp 00000000 00:41 59377729 /opt/pcre/lib/libpcre.so.0.0.1 b6ea0000-b6ea1000 rw-p 00043000 00:41 59377729 /opt/pcre/lib/libpcre.so.0.0.1 b6ea1000-b6ee7000 r-xp 00000000 00:41 60692912 /usr/lib/libjpeg.so.62.0.0 b6ee7000-b6ee8000 rw-p 00046000 00:41 60692912 /usr/lib/libjpeg.so.62.0.0 b6ee8000-b6ef8000 rw-p 00000000 00:00 0 b6ef8000-b6f1f000 r-xp 00000000 00:41 60693034 /usr/lib/libpng12.so.0.49.0 b6f1f000-b6f20000 rw-p 00026000 00:41 60693034 /usr/lib/libpng12.so.0.49.0 b6f20000-b6f30000 r-xp 00000000 00:41 60692690 /usr/lib/libXpm.so.4.11.0 b6f30000-b6f31000 rw-p 00010000 00:41 60692690 /usr/lib/libXpm.so.4.11.0 b6f31000-b6f32000 rw-p 00000000 00:00 0 b6f32000-b7067000 r-xp 00000000 00:41 60692663 /usr/lib/libX11.so.6.3.0 b7067000-b706b000 rw-p 00134000 00:41 60692663 /usr/lib/libX11.so.6.3.0 b706b000-b70ff000 r-xp 00000000 00:41 60692827 /usr/lib/libfreetype.so.6.3.22 b70ff000-b7103000 rw-p 00094000 00:41 60692827 /usr/lib/libfreetype.so.6.3.22 b7103000-b710f000 r-xp 00000000 00:41 59248290 /lib/libpam.so.0.82.2 b710f000-b7110000 r--p 0000b000 00:41 59248290 /lib/libpam.so.0.82.2 b7110000-b7111000 rw-p 0000c000 00:41 59248290 /lib/libpam.so.0.82.2 b7111000-b7165000 r-xp 00000000 00:41 60693074 /usr/lib/libssl.so.1.0.0 b7165000-b7167000 r--p 00054000 00:41 60693074 /usr/lib/libssl.so.1.0.0 b7167000-b716a000 rw-p 00056000 00:41 60693074 /usr/lib/libssl.so.1.0.0 b716a000-b72df000 r-xp 00000000 00:41 60692759 /usr/lib/libcrypto.so.1.0.0 b72df000-b72e0000 ---p 00175000 00:41 60692759 /usr/lib/libcrypto.so.1.0.0 b72e0000-b72ee000 r--p 00175000 00:41 60692759 /usr/lib/libcrypto.so.1.0.0 b72ee000-b72f4000 rw-p 00183000 00:41 60692759 /usr/lib/libcrypto.so.1.0.0 b72f4000-b72f8000 rw-p 00000000 00:00 0 b72f8000-b7301000 r-xp 00000000 00:41 60692941 /usr/lib/libltdl.so.7.2.1 b7301000-b7302000 rw-p 00008000 00:41 60692941 /usr/lib/libltdl.so.7.2.1 b7302000-b732f000 r-xp 00000000 00:41 59377684 /opt/libmcrypt/lib/libmcrypt.so.4.4.8 b732f000-b7332000 rw-p 0002c000 00:41 59377684 /opt/libmcrypt/lib/libmcrypt.so.4.4.8 b7332000-b7338000 rw-p 00000000 00:00 0 b7338000-b75ee000 r-xp 00000000 00:41 60692968 /usr/lib/libmysqlclient.so.18.0.0 b75ee000-b7667000 rw-p 002b5000 00:41 60692968 /usr/lib/libmysqlclient.so.18.0.0 b7667000-b766a000 rw-p 00000000 00:00 0 b766a000-b7671000 r-xp 00000000 00:41 59248309 /lib/librt-2.12.so b7671000-b7672000 r--p 00006000 00:41 59248309 /lib/librt-2.12.so b7672000-b7673000 rw-p 00007000 00:41 59248309 /lib/librt-2.12.so b7673000-b7676000 r-xp 00000000 00:41 59248192 /lib/libdl-2.12.so b7676000-b7677000 r--p 00002000 00:41 59248192 /lib/libdl-2.12.so b7677000-b7678000 rw-p 00003000 00:41 59248192 /lib/libdl-2.12.so b7678000-b76a0000 r-xp 00000000 00:41 59248260 /lib/libm-2.12.so b76a0000-b76a1000 r--p 00027000 00:41 59248260 /lib/libm-2.12.so b76a1000-b76a2000 rw-p 00028000 00:41 59248260 /lib/libm-2.12.so b76a2000-b76a3000 rw-p 00000000 00:00 0 b76a3000-b76b6000 r-xp 00000000 00:41 59515958 /opt/xslt/lib/libexslt.so.0.8.16 b76b6000-b76b7000 rw-p 00012000 00:41 59515958 /opt/xslt/lib/libexslt.so.0.8.16 b76b7000-b76c9000 r-xp 00000000 00:41 59248334 /lib/libz.so.1.2.3 b76c9000-b76ca000 r--p 00011000 00:41 59248334 /lib/libz.so.1.2.3 b76ca000-b76cb000 rw-p 00012000 00:41 59248334 /lib/libz.so.1.2.3 b76cb000-b76d2000 r-xp 00000000 00:41 59248183 /lib/libcrypt-2.12.so b76d2000-b76d3000 r--p 00007000 00:41 59248183 /lib/libcrypt-2.12.so b76d3000-b76d4000 rw-p 00008000 00:41 59248183 /lib/libcrypt-2.12.so b76d4000-b76fb000 rw-p 00000000 00:00 0 b7703000-b7704000 rw-p 00000000 00:00 0 b7704000-b7705000 r-xp 00000000 00:00 0 [vdso] b7705000-b7723000 r-xp 00000000 00:41 59248149 /lib/ld-2.12.so b7723000-b7724000 r--p 0001d000 00:41 59248149 /lib/ld-2.12.so b7724000-b7725000 rw-p 0001e000 00:41 59248149 /lib/ld-2.12.so bf9cc000-bf9e0000 rwxp 00000000 00:00 0 [stack] bf9e0000-bf9e1000 rw-p 00000000 00:00 0
This is because some php script running on your server connect to port 80 of a remote server. You can ignore this message. If you don’t want to get more messages like this, edit
Code:
/etc/csf/csf.pignore
Add
Code:
exe:/usr/bin/php
restart csf