lfd on server.XXXXXX.com: Suspicious process running under user dovecot
lfd on server.XXXXXX.com: Suspicious process running under user nobody
lfd on server.XXXXXX.com: Suspicious process running under user haldaemon
Sunucudan sürekli bu tarz hata mailleri alıyorum sebebini veya çözümünü bilen arkadaşlar varsa yardımcı olabilirmi bi kaç kaynak buldum ama yabancı sitelerde pek birşey anlamadım. Ayrıntılar aşağıdadır.
İlginize şimdiden teşekkür ederim..
lfd on server.XXXXXX.com: Suspicious process running under user dovecot
Time: Tue Sep 7 16:01:28 2010 +0300 PID: 15177 Account: dovecot Uptime: 1851804 seconds Executable: /usr/libexec/dovecot/pop3-login\00\00\00\00\00\00'\00\00\00\90\c9\11 \00\00\00 (deleted) The file system shows this process is running an executable file that has been deleted. This typically happens when the original file has been replaced by a new file when the application is updated. To prevent this being reported again, restart the process that runs this excecutable file. See csf.conf and the PT_DELETED text for more information about the security implications of processes running deleted executable files. Command Line (often faked in exploits): pop3-login Network connections by the process (if any): tcp: 0.0.0.0:110 -> 0.0.0.0:0 tcp: 0.0.0.0:995 -> 0.0.0.0:0 Files open by the process (if any): /dev/null /dev/urandom eventpoll:[88943] .....
lfd on server.XXXXXX.com: Suspicious process running under user nobody
Time: Tue Sep 7 16:01:28 2010 +0300 PID: 23649 Account: nobody Uptime: 1642831 seconds Executable: /opt/adobe/fms/fmscore Command Line (often faked in exploits): /opt/adobe/fms/fmscore -adaptor _defaultRoot_ -vhost _defaultVHost_ -app registry -inst registry -tag -conf /opt/adobe/fms/conf/Server.xml -name _defaultRoot_:_defaultVHost_:registry:registry: Network connections by the process (if any): tcp: 127.0.0.1:49577 -> 127.0.0.1:19350 ....lfd on server.XXXXXX.com: Suspicious process running under user haldaemon
Time: Tue Sep 7 16:01:28 2010 +0300 PID: 2639 Account: haldaemon Uptime: 1864298 seconds Executable: /usr/sbin/hald\00\00\00\00\00\00\00\00 \00\02tty11\00 (deleted) The file system shows this process is running an executable file that has been deleted. This typically happens when the original file has been replaced by a new file when the application is updated. To prevent this being reported again, restart the process that runs this excecutable file. See csf.conf and the PT_DELETED text for more information about the security implications of processes running deleted executable files. Command Line (often faked in exploits): hald Network connections by the process (if any):
