There is a bunch of php scripts on the server. Not sure how to inspect and find out the hijacked piece. I would appreciate any suggestion(s)
On Sun, Nov 10, 2013 at 6:55 PM, Nick Kew <[email protected]> wrote: > > On 11 Nov 2013, at 00:15, Rizwan Raza wrote: > > > Notice the last two listings. What does that mean? Is my Apache instance > hacked? > > Maybe. > > The most likely origin of a shell from apache is from a script. > That could be a vulnerable script that's got hijacked, or a script > that intentionally runs a shell. Processes hanging around > could mean a script that didn't run&exit cleanly (and should > be fixed). > > Take a long hard look at your scripts, and look for any clues > in your error log. > > -- > Nick Kew > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
