Sub Menu
Links Menu
Online Users

In total there are 308 users online :: 2 registered, 0 hidden and 306 guests

Most users ever online was 1091 on Wed Aug 16, 2023 5:27 pm

Registered users: Bing [Bot], Google [Bot] based on users active over the past 60 minutes

Can anyone explain this: ./pscan2 62.193 22

General discussion of anything. Discuss a topic in and out of IntegraMOD

Moderator: Integra Moderator

Can anyone explain this: ./pscan2 62.193 22

PostAuthor: ZacFields » Thu Feb 01, 2007 9:33 am

Hey Guys,

I am very new to the virtual server world, and being able to check all this information and such.

Last night my site was running between 5-10 second page load times. I got on the admin panel and banned all the search engine spiders to see if that would help. I got it down to the point where I was the only person on the forums. (It was so late at night everyone was asleep.)

So this morning I checked in my hosting panel to see what it was that was abusing my system. I found this entry in my CPU usage that was using about 72% of my CPU:

./pscan2 62.193 22

I did a google on it and got somewhat of an answer. Does anyone know if this is somebody trying to exploit the site?

Zac
Last edited by ZacFields on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

ZacFields
Sr Integra Member
Sr Integra Member
 
Posts: 426
Likes: 0 post
Liked in: 0 post
Joined: Wed May 24, 2006 10:14 pm
Cash on hand: 0.00

PostAuthor: ZacFields » Thu Feb 01, 2007 10:42 am

i'm also getting a lot of ./ssh-scan 200 in my active processes.

I've killed them off but if anyone can help me to figure out how I can fix this?

Zac
Last edited by ZacFields on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

ZacFields
Sr Integra Member
Sr Integra Member
 
Posts: 426
Likes: 0 post
Liked in: 0 post
Joined: Wed May 24, 2006 10:14 pm
Cash on hand: 0.00

PostAuthor: ZacFields » Thu Feb 01, 2007 12:14 pm

Problem has been solved.

A hacker got into my server either through a brute force attack or through a .script in IM. I doubt it's an IM thing though since I've not heard anything about it thus far. My passwords werent really that hard to guess. So hopefully the problem is fixed now as my host and I have removed all the bad files and I've changed my password.

I will keep you all updated on the situation.

Zac
Last edited by ZacFields on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

ZacFields
Sr Integra Member
Sr Integra Member
 
Posts: 426
Likes: 0 post
Liked in: 0 post
Joined: Wed May 24, 2006 10:14 pm
Cash on hand: 0.00

PostAuthor: ZacFields » Thu Feb 01, 2007 3:50 pm

Problem solved. I can't really explain everything that was done to fix this problem but if anyone has this problem they can contact me and I will point you in the right direction.

In short, a hacker got into my server using a brute force attack. This had nothing to do with the integramod code, but was rather a problem with the simplicity of my root password ::blushes::

We have fixed the problem though.

Zac
Last edited by ZacFields on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

ZacFields
Sr Integra Member
Sr Integra Member
 
Posts: 426
Likes: 0 post
Liked in: 0 post
Joined: Wed May 24, 2006 10:14 pm
Cash on hand: 0.00


Return to General Discussion

Who is online

Registered users: Bing [Bot], Google [Bot]

cron