[wp-hackers] wp-cron.php

Jose Alfredo Andaluz Prado devilsoulblack at gmail.com
Thu Jun 14 17:01:54 GMT 2007


i am get this message in mi inbox all days

Time:    Thu Jun 14 11:41:46 2007
PID:     9156
Account: mvallem
Uptime:  48 seconds


Executable:

/usr/bin/php


Command Line (often faked in exploits):

/usr/bin/php wp-cron.php


Network connections by the process (if any):

tcp: 72.36.221.10:57303 -> 69.60.115.220:80


Files open by the process (if any):

/usr/local/apache/logs/error_log
/tmp/session_mm_cgi32005.sem (deleted)


Memory maps by the process (if any):

00111000-00154000 r-xp 00000000 08:03 6225963    /usr/lib/libmysqlclient.so.14.0.0
00154000-00246000 rwxp 00042000 08:03 6225963    /usr/lib/libmysqlclient.so.14.0.0
00246000-00248000 rwxp 00246000 00:00 0 
00248000-00251000 r-xp 00000000 08:03 8962077    /lib/libnss_files-2.3.4.so
00251000-00252000 r-xp 00008000 08:03 8962077    /lib/libnss_files-2.3.4.so
00252000-00253000 rwxp 00009000 08:03 8962077    /lib/libnss_files-2.3.4.so
00253000-00257000 r-xp 00000000 08:03 8962074    /lib/libnss_dns-2.3.4.so
00257000-00258000 r-xp 00003000 08:03 8962074    /lib/libnss_dns-2.3.4.so
00258000-00259000 rwxp 00004000 08:03 8962074    /lib/libnss_dns-2.3.4.so
0049f000-004ce000 r-xp 00000000 08:03 6239954    /usr/lib/libcurl.so.3.0.0
004ce000-004cf000 rwxp 0002f000 08:03 6239954    /usr/lib/libcurl.so.3.0.0
00593000-005f7000 r-xp 00000000 08:03 6239990    /usr/lib/libfreetype.so.6.3.7
005f7000-005fe000 rwxp 00064000 08:03 6239990    /usr/lib/libfreetype.so.6.3.7
00641000-00657000 r-xp 00000000 08:03 6324226    /lib/ld-2.3.4.so
00657000-00658000 r-xp 00015000 08:03 6324226    /lib/ld-2.3.4.so
00658000-00659000 rwxp 00016000 08:03 6324226    /lib/ld-2.3.4.so
0065b000-00781000 r-xp 00000000 08:03 6324252    /lib/tls/libc-2.3.4.so
00781000-00783000 r-xp 00125000 08:03 6324252    /lib/tls/libc-2.3.4.so
00783000-00785000 rwxp 00127000 08:03 6324252    /lib/tls/libc-2.3.4.so
00785000-00787000 rwxp 00785000 00:00 0 
00789000-0078b000 r-xp 00000000 08:03 6324305    /lib/libdl-2.3.4.so
0078b000-0078c000 r-xp 00001000 08:03 6324305    /lib/libdl-2.3.4.so
0078c000-0078d000 rwxp 00002000 08:03 6324305    /lib/libdl-2.3.4.so
0078f000-007b0000 r-xp 00000000 08:03 6324272    /lib/tls/libm-2.3.4.so
007b0000-007b1000 r-xp 00020000 08:03 6324272    /lib/tls/libm-2.3.4.so
007b1000-007b2000 rwxp 00021000 08:03 6324272    /lib/tls/libm-2.3.4.so
007b4000-007c2000 r-xp 00000000 08:03 6227502    /usr/X11R6/lib/libXpm.so.4.11
007c2000-007c3000 rwxp 0000e000 08:03 6227502    /usr/X11R6/lib/libXpm.so.4.11
007c8000-007d7000 r-xp 00000000 08:03 6226238    /usr/lib/libz.so.1.2.1.2
007d7000-007d8000 rwxp 0000e000 08:03 6226238    /usr/lib/libz.so.1.2.1.2
007da000-007df000 r-xp 00000000 08:03 6324312    /lib/libcrypt-2.3.4.so
007df000-007e0000 r-xp 00004000 08:03 6324312    /lib/libcrypt-2.3.4.so
007e0000-007e1000 rwxp 00005000 08:03 6324312    /lib/libcrypt-2.3.4.so
007e1000-00808000 rwxp 007e1000 00:00 0 
0080a000-0080c000 r-xp 00000000 08:03 8962111    /lib/libcom_err.so.2.1
0080c000-0080d000 rwxp 00001000 08:03 8962111    /lib/libcom_err.so.2.1
0080f000-00812000 r-xp 00000000 08:03 6237793    /usr/lib/libmm.so.13.0.21
00812000-00813000 rwxp 00002000 08:03 6237793    /usr/lib/libmm.so.13.0.21
0081a000-0082c000 r-xp 00000000 08:03 6324310    /lib/libnsl-2.3.4.so
0082c000-0082d000 r-xp 00011000 08:03 6324310    /lib/libnsl-2.3.4.so
0082d000-0082e000 rwxp 00012000 08:03 6324310    /lib/libnsl-2.3.4.so
0082e000-00830000 rwxp 0082e000 00:00 0 
00832000-0090d000 r-xp 00000000 08:03 6227430    /usr/X11R6/lib/libX11.so.6.2
0090d000-00911000 rwxp 000db000 08:03 6227430    /usr/X11R6/lib/libX11.so.6.2
0091d000-0092c000 r-xp 00000000 08:03 8962107    /lib/libresolv-2.3.4.so
0092c000-0092d000 r-xp 0000f000 08:03 8962107    /lib/libresolv-2.3.4.so
0092d000-0092e000 rwxp 00010000 08:03 8962107    /lib/libresolv-2.3.4.so
0092e000-00930000 rwxp 0092e000 00:00 0 
00932000-00a06000 r-xp 00000000 08:03 8962112    /lib/libcrypto.so.0.9.7a
00a06000-00a18000 rwxp 000d4000 08:03 8962112    /lib/libcrypto.so.0.9.7a
00a18000-00a1b000 rwxp 00a18000 00:00 0 
00a1d000-00a3d000 r-xp 00000000 08:03 6236953    /usr/lib/libk5crypto.so.3.0
00a3d000-00a3e000 rwxp 00020000 08:03 6236953    /usr/lib/libk5crypto.so.3.0
00a40000-00aa3000 r-xp 00000000 08:03 6232564    /usr/lib/libkrb5.so.3.2
00aa3000-00aa5000 rwxp 00063000 08:03 6232564    /usr/lib/libkrb5.so.3.2
00aa7000-00aba000 r-xp 00000000 08:03 6239964    /usr/lib/libgssapi_krb5.so.2.2
00aba000-00abb000 rwxp 00013000 08:03 6239964    /usr/lib/libgssapi_krb5.so.2.2
00abd000-00ac6000 r-xp 00000000 08:03 6324308    /lib/libgcc_s-3.4.6-20060404.so.1
00ac6000-00ac7000 rwxp 00009000 08:03 6324308    /lib/libgcc_s-3.4.6-20060404.so.1
00ac9000-00ad6000 r-xp 00000000 08:03 6233228    /usr/X11R6/lib/libXext.so.6.4
00ad6000-00ad7000 rwxp 0000c000 08:03 6233228    /usr/X11R6/lib/libXext.so.6.4
00b0b000-00b39000 r-xp 00000000 08:03 6234406    /usr/lib/libidn.so.11.4.6
00b39000-00b3b000 rwxp 0002d000 08:03 6234406    /usr/lib/libidn.so.11.4.6
00b56000-00b64000 r-xp 00000000 08:03 6324315    /lib/libaudit.so.0.0.0
00b64000-00b66000 rwxp 0000d000 08:03 6324315    /lib/libaudit.so.0.0.0
00b68000-00b99000 r-xp 00000000 08:03 8962113    /lib/libssl.so.0.9.7a
00b99000-00b9c000 rwxp 00031000 08:03 8962113    /lib/libssl.so.0.9.7a
00b9e000-00ba5000 r-xp 00000000 08:03 6324316    /lib/libpam.so.0.77
00ba5000-00ba6000 rwxp 00007000 08:03 6324316    /lib/libpam.so.0.77
00bb4000-00c74000 r-xp 00000000 08:03 6229219    /usr/lib/libstdc++.so.6.0.3
00c74000-00c79000 rwxp 000bf000 08:03 6229219    /usr/lib/libstdc++.so.6.0.3
00c79000-00c7f000 rwxp 00c79000 00:00 0 
00c81000-00c9e000 r-xp 00000000 08:03 6233819    /usr/lib/libjpeg.so.62.0.0
00c9e000-00c9f000 rwxp 0001c000 08:03 6233819    /usr/lib/libjpeg.so.62.0.0
00d13000-00d2f000 r-xp 00000000 08:03 6239958    /usr/lib/libexpat.so.0.5.0
00d2f000-00d31000 rwxp 0001c000 08:03 6239958    /usr/lib/libexpat.so.0.5.0
00db5000-00dd8000 r-xp 00000000 08:03 6239707    /usr/lib/libpng12.so.0.1.2.7
00dd8000-00dd9000 rwxp 00022000 08:03 6239707    /usr/lib/libpng12.so.0.1.2.7
08048000-083c6000 r-xp 00000000 08:03 6237842    /usr/bin/php
083c6000-08404000 rwxp 0037e000 08:03 6237842    /usr/bin/php
08404000-08a44000 rwxp 08404000 00:00 0 
b5efa000-b5f0b000 rwxp b5efa000 00:00 0 
b5f37000-b5f47000 rwxp b5f37000 00:00 0 
b5f74000-b5f98000 rwxp b5f74000 00:00 0 
b5fb1000-b5fc6000 rwxp b5fb1000 00:00 0 
b5fee000-b7fee000 rwxs 00000000 00:06 209616897  /SYSV00000000 (deleted)
b7fee000-b7ff5000 rwxp b7fee000 00:00 0 
bffee000-c0000000 rwxp bffee000 00:00 0 
ffffe000-fffff000 ---p 00000000 00:00 0 

any idea ?



-- 
<b>® { No HopE & No FeaR } ® </b>
Be part of the change, because We are the change.. 

Contactos:
Email: ---> devilsoulblack at gmail.com
MSN: ---> i.am at devilsoulblack.com

Projects:
Orenses.org:  http://www.orenses.org
DeVilSoulBlacK WebLog: http://www.bitsofnews.net
Your Daily News On The Web: http://www.devilsoulblack.com
DeVilSoulBlacK Channel: #Siliconvalley *!*@DAL.net



More information about the wp-hackers mailing list