Werm_Rolent
Сообщений: 280
Оценки: 0
Присоединился: 2004-08-02 22:39:27
|
Запустел на сервере Backdoor
Выдал запрос по открытым портам и юзерам
tcp4 0 0 *.21 *.* LISTEN
tcp4 0 0 *.80 *.* LISTEN
tcp4 0 0 *.443 *.* LISTEN
tcp4 0 0 127.0.0.1.8005 *.* LISTEN
tcp4 0 0 *.9080 *.* LISTEN
tcp4 0 0 *.9008 *.* LISTEN
tcp4 0 0 *.995 *.* LISTEN
tcp4 0 0 *.110 *.* LISTEN
tcp4 0 0 *.993 *.* LISTEN
tcp4 0 0 *.143 *.* LISTEN
tcp4 0 0 *.8443 *.* LISTEN
tcp4 0 0 *.3306 *.* LISTEN
tcp4 0 0 127.0.0.1.953 *.* LISTEN
tcp4 0 0 127.0.0.1.53 *.* LISTEN
tcp4 0 0 xxx.xxx.57.32.53 *.* LISTEN
tcp4 0 0 xxx.xxx.56.32.53 *.* LISTEN
tcp4 0 0 *.22 *.* LISTEN
tcp4 0 0 *.465 *.* LISTEN
tcp4 0 0 *.25 *.* LISTEN
tcp4 0 0 *.106 *.* LISTEN
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
mysql 170 3.3 4.5 443196 93244 con- S Fri04PM 168:37.96 /usr/local/psa/mysql/libexec/mysqld –basedir=/usr/local/psa/mysql
apache 4682 1.1 1.1 27280 22032 ?? S 12:07PM 0:01.65 /usr/local/psa/apache/bin/httpd -DFRONTPAGE -DHAVE_SSL
root 2 0.0 0.0 0 0 ?? DL Fri07PM 0:00.00 (taskqueue)
root 3 0.0 0.0 0 0 ?? DL Fri07PM 0:00.20 (pagedaemon)
root 4 0.0 0.0 0 0 ?? DL Fri07PM 0:00.00 (vmdaemon)
root 5 0.0 0.0 0 0 ?? DL Fri07PM 0:00.98 (bufdaemon)
root 6 0.0 0.0 0 0 ?? DL Fri07PM 0:00.90 (vnlru)
root 7 0.0 0.0 0 0 ?? DL Fri07PM 3:38.70 (syncer)
root 25 0.0 0.0 212 96 ?? Is Fri07PM 0:00.00 adjkerntz -i
root 89 0.0 0.0 984 712 ?? Ss Fri04PM 0:03.95 /usr/sbin/syslogd -s
root 97 0.0 0.0 1096 836 ?? Ss Fri04PM 0:01.53 /usr/sbin/inetd -wW
root 99 0.0 0.0 1024 780 ?? Ss Fri04PM 0:00.86 /usr/sbin/cron
root 101 0.0 0.1 3008 2208 ?? Is Fri04PM 0:05.32 /usr/sbin/sshd
named 136 0.0 0.1 3112 2808 ?? Ss Fri04PM 0:05.04 /usr/local/psa/named/sbin/named -c /etc/named.conf -u named -t /usr
root 143 0.0 0.0 652 464 con- I Fri04PM 0:00.00 /bin/sh /usr/local/psa/mysql/bin/mysqld_safe –datadir=/usr/local/p
root 181 0.0 0.3 12880 6452 ?? Ss Fri04PM 0:03.31 /usr/local/psa/admin/bin/httpsd
qmails 200 0.0 0.0 1008 644 con- S Fri04PM 0:19.40 qmail-send
qmaill 202 0.0 0.0 896 524 con- S Fri04PM 0:05.54 splogger qmail
root 203 0.0 0.0 928 524 con- S Fri04PM 0:01.06 qmail-lspawn ./Maildir/
qmailr 204 0.0 0.0 972 624 con- S Fri04PM 0:04.20 qmail-rspawn
qmailq 205 0.0 0.0 892 460 con- S Fri04PM 0:00.41 qmail-clean
root 227 0.0 0.0 940 648 ?? I Fri04PM 0:00.03 (couriertcpd)
root 231 0.0 0.0 892 512 ?? I Fri04PM 0:00.02 /usr/local/psa/courier-imap/sbin/courierlogger imapd
root 242 0.0 0.0 940 648 ?? I Fri04PM 0:00.00 (couriertcpd)
root 245 0.0 0.0 892 512 ?? I Fri04PM 0:00.00 /usr/local/psa/courier-imap/sbin/courierlogger imapd-ssl
root 258 0.0 0.0 940 648 ?? I Fri04PM 0:00.87 (couriertcpd)
root 261 0.0 0.0 892 512 ?? I Fri04PM 0:00.67 /usr/local/psa/courier-imap/sbin/courierlogger pop3d
root 265 0.0 0.0 940 648 ?? I Fri04PM 0:00.00 (couriertcpd)
root 268 0.0 0.0 892 512 ?? I Fri04PM 0:00.00 /usr/local/psa/courier-imap/sbin/courierlogger pop3d-ssl
postgres 296 0.0 0.1 14020 2348 con- I Fri04PM 0:00.25 /usr/local/psa/postgresql/bin/postmaster (postgres)
postgres 331 0.0 0.1 5768 2224 con- I Fri04PM 0:00.00 postmaster: stats buffer process (postgres)
postgres 332 0.0 0.1 4808 2248 con- I Fri04PM 0:00.00 postmaster: stats collector process (postgres)
tomcat4 468 0.0 1.1 227624 23472 ?? I Fri04PM 0:01.10 (java)
tomcat4 478 0.0 1.1 227624 23472 ?? S Fri04PM 0:00.85 (java)
tomcat4 479 0.0 1.1 227624 23472 ?? S Fri04PM 0:04.00 (java)
tomcat4 480 0.0 1.1 227624 23472 ?? I Fri04PM 0:00.01 (java)
tomcat4 481 0.0 1.1 227624 23472 ?? I Fri04PM 0:00.01 (java)
tomcat4 482 0.0 1.1 227624 23472 ?? I Fri04PM 0:00.00 (java)
tomcat4 483 0.0 1.1 227624 23472 ?? I Fri04PM 0:00.00 (java)
tomcat4 484 0.0 1.1 227624 23472 ?? I Fri04PM 0:00.20 (java)
tomcat4 485 0.0 1.1 227624 23472 ?? S Fri04PM 1:16.19 (java)
tomcat4 488 0.0 1.1 227624 23472 ?? I Fri04PM 0:00.01 (java)
tomcat4 489 0.0 1.1 227624 23472 ?? I Fri04PM 0:00.00 (java)
tomcat4 490 0.0 1.1 227624 23472 ?? I Fri04PM 0:00.00 (java)
tomcat4 491 0.0 1.1 227624 23472 ?? I Fri04PM 0:00.00 (java)
tomcat4 492 0.0 1.1 227624 23472 ?? I Fri04PM 0:00.13 (java)
tomcat4 493 0.0 1.1 227624 23472 ?? I Fri04PM 0:00.12 (java)
root 499 0.0 0.9 24060 18504 ?? Ss Fri04PM 0:45.88 /usr/local/psa/apache/bin/httpd -DFRONTPAGE -DHAVE_SSL
popuser 567 0.0 0.9 18372 18004 ?? Is Fri04PM 0:04.56 (perl5.00503)
popuser 575 0.0 0.9 18372 18000 ?? Is Fri04PM 0:00.45 (perl5.00503)
root 594 0.0 0.0 952 664 v0 Is+ Fri04PM 0:00.00 /usr/libexec/getty Pc ttyv0
root 595 0.0 0.0 952 664 v1 Is+ Fri04PM 0:00.00 /usr/libexec/getty Pc ttyv1
root 596 0.0 0.0 952 664 v2 Is+ Fri04PM 0:00.00 /usr/libexec/getty Pc ttyv2
root 597 0.0 0.0 952 664 v3 Is+ Fri04PM 0:00.00 /usr/libexec/getty Pc ttyv3
root 598 0.0 0.0 952 664 v4 Is+ Fri04PM 0:00.00 /usr/libexec/getty Pc ttyv4
root 599 0.0 0.0 952 664 v5 Is+ Fri04PM 0:00.00 /usr/libexec/getty Pc ttyv5
root 600 0.0 0.0 952 664 v6 Is+ Fri04PM 0:00.00 /usr/libexec/getty Pc ttyv6
root 601 0.0 0.0 952 664 v7 Is+ Fri04PM 0:00.00 /usr/libexec/getty Pc ttyv7
psaadm 68010 0.0 0.9 23536 17936 ?? I 7:10PM 0:00.47 /usr/local/psa/admin/bin/httpsd
psaadm 68011 0.0 0.7 20832 14880 ?? I 7:10PM 0:00.28 /usr/local/psa/admin/bin/httpsd
psaadm 68012 0.0 0.9 23536 17940 ?? I 7:10PM 0:00.53 /usr/local/psa/admin/bin/httpsd
psaadm 68013 0.0 0.6 17792 11776 ?? I 7:10PM 0:00.13 /usr/local/psa/admin/bin/httpsd
psaadm 68014 0.0 0.4 15216 9208 ?? I 7:10PM 0:00.07 /usr/local/psa/admin/bin/httpsd
psaadm 68015 0.0 0.5 16264 10268 ?? I 7:10PM 0:00.21 /usr/local/psa/admin/bin/httpsd
psaadm 68016 0.0 0.3 12928 6524 ?? I 7:10PM 0:00.00 /usr/local/psa/admin/bin/httpsd
apache 4117 0.0 1.1 27436 22276 ?? S 11:50AM 0:02.29 /usr/local/psa/apache/bin/httpd -DFRONTPAGE -DHAVE_SSL
apache 4183 0.0 1.1 27336 22136 ?? S 11:53AM 0:09.00 /usr/local/psa/apache/bin/httpd -DFRONTPAGE -DHAVE_SSL
apache 4201 0.0 1.1 27472 22272 ?? S 11:53
|
Что мне с этим сделать... - 
