Hi,
ich habe einen Webserver von 1und1 und (aufgrund der vielen Spams, die ich erhalte) vermute, dass ich ggf. ein unerwünschtes Script auf dem Server habe.
Kann mal bitte jemand so nett sein und meine Anzeige, die ich bei 'ps -aux' bekomme, auf ein unerwünschtes Tool etc. checken ? (Ihr seit da erfahrener, als ich...) :
Falls ihr meint, dass ich besser noch einen Log-Auszug nachreichen soll, dann teilt mir das bitte mit ...
ich habe einen Webserver von 1und1 und (aufgrund der vielen Spams, die ich erhalte) vermute, dass ich ggf. ein unerwünschtes Script auf dem Server habe.
Kann mal bitte jemand so nett sein und meine Anzeige, die ich bei 'ps -aux' bekomme, auf ein unerwünschtes Tool etc. checken ? (Ihr seit da erfahrener, als ich...) :
Code:
# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 728 260 ? S 04:39 0:01 init [3]
root 2 0.0 0.0 0 0 ? S 04:39 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SN 04:39 0:00 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S 04:39 0:00 [watchdog/0]
root 5 0.0 0.0 0 0 ? S< 04:39 0:00 [events/0]
root 6 0.0 0.0 0 0 ? S< 04:39 0:00 [khelper]
root 7 0.0 0.0 0 0 ? S< 04:39 0:00 [kthread]
root 10 0.0 0.0 0 0 ? S< 04:39 0:00 [kblockd/0]
root 11 0.0 0.0 0 0 ? S< 04:39 0:00 [kacpid]
root 228 0.0 0.0 0 0 ? S 04:39 0:00 [pdflush]
root 229 0.0 0.0 0 0 ? S 04:39 0:00 [pdflush]
root 231 0.0 0.0 0 0 ? S< 04:39 0:00 [aio/0]
root 230 0.0 0.0 0 0 ? S 04:39 0:00 [kswapd0]
root 234 0.0 0.0 0 0 ? S< 04:39 0:00 [xfslogd/0]
root 232 0.0 0.0 0 0 ? S 04:39 0:00 [cifsoplockd]
root 233 0.0 0.0 0 0 ? S 04:39 0:00 [cifsdnotifyd]
root 235 0.0 0.0 0 0 ? S< 04:39 0:00 [xfsdatad/0]
root 822 0.0 0.0 0 0 ? S< 04:39 0:00 [kseriod]
root 891 0.0 0.0 0 0 ? S< 04:40 0:00 [ata/0]
root 895 0.0 0.0 0 0 ? S< 04:40 0:00 [scsi_eh_0]
root 896 0.0 0.0 0 0 ? S< 04:40 0:00 [scsi_eh_1]
root 940 0.0 0.0 0 0 ? S< 04:40 0:00 [kcryptd/0]
root 941 0.0 0.0 0 0 ? S< 04:40 0:00 [kmirrord]
root 952 0.0 0.0 0 0 ? S< 04:40 0:00 [md8_raid1]
root 956 0.0 0.0 0 0 ? S< 04:40 0:00 [md7_raid1]
root 960 0.0 0.0 0 0 ? S< 04:40 0:00 [md6_raid1]
root 964 0.0 0.0 0 0 ? S< 04:40 0:00 [md5_raid1]
root 968 0.0 0.0 0 0 ? S< 04:40 0:00 [md1_raid1]
root 969 0.0 0.0 0 0 ? S 04:40 0:00 [kjournald]
root 1066 0.0 0.0 0 0 ? S< 04:40 0:00 [xfsbufd]
root 1067 0.0 0.0 0 0 ? S< 04:40 0:00 [xfssyncd]
root 1069 0.0 0.0 0 0 ? S< 04:40 0:00 [xfsbufd]
root 1070 0.0 0.0 0 0 ? S< 04:40 0:00 [xfssyncd]
root 1072 0.0 0.0 0 0 ? S< 04:40 0:00 [xfsbufd]
root 1073 0.0 0.0 0 0 ? S< 04:40 0:00 [xfssyncd]
root 1075 0.0 0.0 0 0 ? S< 04:40 0:00 [xfsbufd]
root 1076 0.0 0.0 0 0 ? S< 04:40 0:00 [xfssyncd]
root 1248 0.0 0.0 2680 688 ? S<s 04:40 0:00 udevd
root 1654 0.0 0.0 2576 232 ? Ss 04:40 0:00 /sbin/dhcpcd -C -D -K -N -t 999999 -h s15224684 eth0
root 1829 0.0 0.0 10668 920 ? Ss 04:40 0:00 /usr/sbin/xinetd
nobody 1892 0.0 0.1 7272 1116 ? Ss 04:40 0:00 /usr/sbin/mdnsd -f /etc/rendezvous.conf -b
root 1999 0.0 0.0 3604 292 ? Ss 04:40 0:00 /sbin/resmgrd
root 2161 0.0 0.0 10268 952 ? Sl 04:40 0:00 /usr/sbin/3dm2
root 2162 0.0 0.0 2584 504 ? Ss 04:40 0:00 /sbin/startpar -f -- tdm2
root 2169 0.0 0.1 28628 1328 ? Ss 04:40 0:00 /usr/sbin/sshd -o PidFile=/var/run/sshd.init.pid
root 2174 0.0 0.0 9128 644 ? Ss 04:40 0:00 /sbin/syslog-ng
root 2177 0.0 0.0 2588 432 ? Ss 04:40 0:00 /sbin/klogd -c 1 -x -x
root 2203 0.0 0.0 10000 748 ? Ss 04:40 0:00 /usr/sbin/cron
root 2234 0.0 0.0 9224 832 ? S 04:40 0:00 /usr/lib/courier-imap/couriertcpd -address=0 -stderrlogger=/usr/sbin/courierlogger -stderrloggername=imapd -maxpr
root 2236 0.0 0.1 7072 1036 ? S 04:40 0:00 /usr/sbin/courierlogger imapd
root 2253 0.0 0.0 9224 836 ? S 04:40 0:00 /usr/lib/courier-imap/couriertcpd -address=0 -stderrlogger=/usr/sbin/courierlogger -stderrloggername=imapd-ssl -m
root 2255 0.0 0.1 7072 1040 ? S 04:40 0:00 /usr/sbin/courierlogger imapd-ssl
root 2262 0.0 0.0 9220 832 ? S 04:40 0:00 /usr/lib/courier-imap/couriertcpd -address=0 -stderrlogger=/usr/sbin/courierlogger -stderrloggername=pop3d -maxpr
root 2274 0.0 0.3 48064 3116 ? Ss 04:40 0:00 sshd: root@pts/0,pts/2
root 2309 0.0 0.1 7072 1032 ? S 04:40 0:00 /usr/sbin/courierlogger pop3d
root 2320 0.0 0.0 9220 828 ? S 04:40 0:00 /usr/lib/courier-imap/couriertcpd -address=0 -stderrlogger=/usr/sbin/courierlogger -stderrloggername=pop3d-ssl -m
root 2327 0.0 0.1 7072 1036 ? S 04:40 0:00 /usr/sbin/courierlogger pop3d-ssl
root 2330 0.0 0.1 24172 1088 ? Ssl 04:40 0:00 /usr/sbin/nscd
named 2366 0.0 0.4 48520 4164 ? Ssl 04:40 0:00 /usr/sbin/named -t /var/lib/named -u named
root 2398 0.0 0.1 7880 1400 ? S 04:40 0:00 /bin/sh /usr/bin/mysqld_safe --user=mysql --pid-file=/var/lib/mysql/mysqld.pid --socket=/var/lib/mysql/mysql.sock
mysql 2432 0.1 3.0 119480 30708 ? Sl 04:40 0:05 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/lib/mysql/mysqld.pid --skip
mailman 2461 0.0 0.6 44104 6004 ? Ss 04:40 0:00 /usr/bin/python /usr/lib/mailman/bin/mailmanctl --quiet --stale-lock-cleanup start
mailman 2478 0.0 0.7 38180 7716 ? S 04:40 0:00 /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
mailman 2479 0.0 0.7 38144 7736 ? S 04:40 0:00 /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
mailman 2480 0.0 0.7 38128 7716 ? S 04:40 0:00 /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
mailman 2481 0.0 0.7 38164 7720 ? S 04:40 0:00 /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
mailman 2482 0.0 0.7 38412 7776 ? S 04:40 0:00 /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
mailman 2483 0.0 0.7 38424 7836 ? S 04:40 0:00 /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
mailman 2484 0.0 0.7 38188 7720 ? S 04:40 0:00 /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
mailman 2485 0.0 0.7 38060 7716 ? S 04:40 0:00 /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
postgres 2495 0.0 0.4 38200 4176 ? S 04:40 0:00 /usr/bin/postmaster -D /var/lib/pgsql/data
postgres 2615 0.0 0.1 38324 1396 ? S 04:40 0:00 postgres: writer process
postgres 2616 0.0 0.1 28468 1184 ? S 04:40 0:00 postgres: stats buffer process
postgres 2617 0.0 0.1 27660 1284 ? S 04:40 0:00 postgres: stats collector process
root 2672 0.0 3.8 67352 38368 ? Ss 04:40 0:00 /usr/sbin/spamd --username=popuser --daemonize --nouser-config --helper-home-dir=/var/qmail --max-children 5 --cr
popuser 2675 0.6 4.3 72084 43108 ? S 04:40 0:25 spamd child
popuser 2676 0.1 4.1 70704 41652 ? S 04:40 0:05 spamd child
root 2723 0.0 0.2 8748 2124 pts/2 Ss 04:40 0:00 -bash
root 2815 0.0 2.0 126180 19956 ? Ss 04:40 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
root 2896 0.0 0.5 71100 5944 ? Ss 04:40 0:00 /usr/local/psa/admin/bin/httpsd
psaadm 2902 1.0 3.8 85520 37964 ? S 04:40 0:38 /usr/local/psa/admin/bin/httpsd
root 2947 0.0 0.0 2996 684 tty1 Ss+ 04:40 0:00 /sbin/mingetty --noclear tty1
root 2948 0.0 0.0 2996 684 tty2 Ss+ 04:40 0:00 /sbin/mingetty tty2
root 2949 0.0 0.0 2996 684 tty3 Ss+ 04:40 0:00 /sbin/mingetty tty3
root 2950 0.0 0.0 2992 684 tty4 Ss+ 04:40 0:00 /sbin/mingetty tty4
root 2951 0.0 0.0 2992 684 tty5 Ss+ 04:40 0:00 /sbin/mingetty tty5
root 2952 0.0 0.0 2992 680 tty6 Ss+ 04:40 0:00 /sbin/mingetty tty6
root 2953 0.0 0.0 2556 536 ttyS0 Ss+ 04:40 0:00 /sbin/agetty -L ttyS0 57600 vt100
root 2955 0.0 0.2 20868 2468 ? Ssl 04:40 0:00 /usr/local/psa/admin/bin/modules/watchdog/monit -Ic /usr/local/psa/etc/modules/watchdog/monitrc
root 3024 0.1 0.1 4420 1260 pts/2 S+ 04:40 0:04 top
psaadm 3093 1.0 4.8 94704 48588 ? S 04:40 0:38 /usr/local/psa/admin/bin/httpsd
root 2954 0.0 0.7 32440 7404 ? Ss 04:40 0:00 /usr/local/psa/admin/bin/php /usr/local/psa/admin/bin/modules/watchdog/wdcollect -c /usr/local/psa/etc/modules/wa
cstrike 5613 0.0 0.1 18688 1836 ? S 04:59 0:00 /usr/local/psa/admin/bin/modules/cs-gs/cs-gs-mng --start-game --cs-dir=/hlds_l/cssource --sys-user=cstrike --game
cstrike 5620 0.0 0.0 0 0 ? Z 04:59 0:00 [cs-gs-mng] <defunct>
cstrike 6046 0.0 0.1 18688 1836 ? S 05:07 0:00 /usr/local/psa/admin/bin/modules/cs-gs/cs-gs-mng --start-game --cs-dir=/hlds_l/cssource --sys-user=cstrike --game
cstrike 6053 0.0 0.0 0 0 ? Z 05:07 0:00 [cs-gs-mng] <defunct>
cstrike 6100 0.0 0.1 18692 1868 ? S 05:09 0:00 /usr/local/psa/admin/bin/modules/cs-gs/cs-gs-mng --update-games --cs-dir=/hlds_l --games=cssource --sys-user=cstr
cstrike 6109 0.0 0.0 0 0 ? Z 05:09 0:00 [cs-gs-mng] <defunct>
root 7306 0.0 1.2 125840 12760 ? S 05:20 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 7307 0.0 1.3 126180 13096 ? S 05:20 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 7308 0.0 2.6 135616 26324 ? S 05:20 0:01 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 7309 0.0 2.3 133188 23740 ? S 05:20 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 7310 0.0 2.1 130760 21380 ? S 05:20 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 7311 0.0 2.4 133884 24524 ? S 05:20 0:01 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 7312 0.0 2.4 133304 24012 ? S 05:20 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 7413 0.0 2.8 137680 28336 ? S 05:20 0:01 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
qmailr 7420 0.0 0.0 2592 464 ? S 05:20 0:00 qmail-rspawn
wwwrun 7518 0.0 2.1 130164 20876 ? S 05:20 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
qmailr 7934 0.0 0.1 9492 1076 ? S 05:22 0:00 qmail-remote ezgo.cc jwnbini@ezgo.cc
qmailr 7935 0.0 0.1 8224 1092 ? S 05:22 0:00 /var/qmail/bin/qmail-remote.moved ezgo.cc jwnbini@ezgo.cc
qmaild 7969 0.0 0.0 8132 932 ? Ss 05:22 0:00 /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin
qmailr 8461 0.0 0.1 9484 1072 ? S 05:26 0:00 qmail-remote yahoo.com tequilian_gold@yahoo.com
qmailr 8462 0.0 0.1 8228 1104 ? S 05:26 0:00 /var/qmail/bin/qmail-remote.moved yahoo.com tequilian_gold@yahoo.com
qmailr 8537 0.0 0.1 9496 1076 ? S 05:26 0:00 qmail-remote check1check.com parks@check1check.com
qmailr 8538 0.0 0.1 8224 1092 ? S 05:26 0:00 /var/qmail/bin/qmail-remote.moved check1check.com parks@check1check.com
qmailr 8539 0.0 0.1 9496 1080 ? S 05:26 0:00 qmail-remote check1check.com parks@check1check.com
qmailr 8540 0.0 0.1 8228 1096 ? S 05:26 0:00 /var/qmail/bin/qmail-remote.moved check1check.com parks@check1check.com
wwwrun 8620 0.0 2.5 134976 25660 ? S 05:27 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
qmails 9526 0.0 0.0 2612 524 ? S 05:34 0:00 qmail-send
qmaill 9527 0.0 0.0 2556 500 ? S 05:34 0:00 splogger qmail
root 9528 0.0 0.0 2596 420 ? S 05:34 0:00 qmail-lspawn ./Maildir/
qmailr 9530 0.0 0.0 2596 436 ? S 05:34 0:00 qmail-rspawn
qmailq 9531 0.0 0.0 2552 388 ? S 05:34 0:00 qmail-clean
root 9957 0.0 0.2 8752 2132 pts/0 Ss 05:36 0:00 -bash
qmaild 10210 0.0 0.1 8264 1172 ? Ss 05:37 0:00 /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin
root 10237 0.0 0.1 9492 1060 ? S 05:37 0:00 bin/qmail-queue
qmaild 10722 0.0 0.1 8260 1132 ? Ss 05:41 0:00 /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin
qmailr 10743 0.0 0.1 9484 1072 ? S 05:42 0:00 qmail-remote bta.net.cn hiavhu@bta.net.cn
qmailr 10744 0.0 0.1 8224 1092 ? S 05:42 0:00 /var/qmail/bin/qmail-remote.moved bta.net.cn hiavhu@bta.net.cn
root 10758 0.0 0.0 3820 900 pts/0 R+ 05:42 0:00 ps auxFalls ihr meint, dass ich besser noch einen Log-Auszug nachreichen soll, dann teilt mir das bitte mit ...