API tools faq
paste
Guest User

Untitled

a guest
Jan 24th, 2018
294
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.32 KB | None | 0 0
raw download clone embed print report
  1. U 17 root@mail.myappname.o Tue Aug 8 20:14 28/1278 lfd on myappname.org: blocked 104.168.235.239 (US/United States/client-104-168-245-239.hostwindsdns.com)
  2. U 18 root@mail.myappname.o Tue Aug 8 20:49 506/51125 lfd on myappname.org: Suspicious process running under user www-data
  3. U 19 root@mail.myappname.o Tue Aug 8 21:00 188/16048 lfd on myappname.org: Suspicious process running under user git-auto-deploy
  4. U 20 root@mail.myappname.o Tue Aug 8 21:48 521/51860 lfd on myappname.org: Suspicious process running under user www-data
  5. U 21 root@mail.myappname.o Tue Aug 8 21:49 511/51370 lfd on myappname.org: Suspicious process running under user www-data
  6. U 22 root@mail.myappname.o Tue Aug 8 22:00 188/16048 lfd on myappname.org: Suspicious process running under user git-auto-deploy
  7. U 23 root@mail.myappname.o Tue Aug 8 22:25 28/1213 lfd on myappname.org: blocked 176.10.171.216 (SE/Sweden/h-171-216.A173.priv.bahnhof.se)
  8. U 24 root@mail.myappname.o Tue Aug 8 22:37 512/51498 lfd on myappname.org: Suspicious process running under user www-data
  9.  
  10. From root@mail.myappname.org Thu Sep 7 11:58:17 2017
  11. Return-Path: <root@mail.myappname.org>
  12. X-Original-To: root
  13. Delivered-To: root@mail.myappname.org
  14. From: root@mail.myappname.org
  15. To: root@mail.myappname.org
  16. Subject: lfd on myappname.org: Suspicious process running under user www-data
  17. Date: Thu, 7 Sep 2017 11:58:17 -0500 (COT)
  18. Status: RO
  19.  
  20. Time: Thu Sep 7 11:58:17 2017 -0500
  21. PID: 16349 (Parent PID:28471)
  22. Account: www-data
  23. Uptime: 176473 seconds
  24.  
  25.  
  26. Executable:
  27.  
  28. /usr/sbin/php-fpm7.0
  29.  
  30.  
  31. Command Line (often faked in exploits):
  32.  
  33. php-fpm: pool www
  34.  
  35.  
  36. Network connections by the process (if any):
  37.  
  38. [I removed them, 2 tcp connections, 2 udp connections]
  39.  
  40.  
  41. Files open by the process (if any):
  42.  
  43. /dev/null
  44. /dev/null
  45. /tmp/.ZendSem.dAvy4O (deleted)
  46. /dev/urandom
  47. /var/www/blog.myappname.org/public_html/wp-content/plugins/tracking-code-manager/includes/classes/domain
  48.  
  49.  
  50. Memory maps by the process (if any):
  51.  
  52. 7f19b0000000-7f19b0021000 rw-p 00000000 00:00 0
  53. 7f19b0021000-7f19b4000000 ---p 00000000 00:00 0
  54. 7f19b4000000-7f19b4021000 rw-p 00000000 00:00 0
  55. 7f19b4021000-7f19b8000000 ---p 00000000 00:00 0
  56. 7f19b8000000-7f19b8021000 rw-p 00000000 00:00 0
  57. 7f19b8021000-7f19bc000000 ---p 00000000 00:00 0
  58. 7f19bc000000-7f19bc021000 rw-p 00000000 00:00 0
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!