Problem with intruder. Outgoing bandwidth on port 8 too high

endritshehu · Post by **endritshehu** » 2015/11/28 01:04:06

Hello
I have a problem. My outgoing bandwidth on 80 port is too high last month. I had an intruder.
What to do?
I have attached the proccess tree.
Thank you

Whoever · Post by **Whoever** » 2015/11/28 04:38:01

endritshehu wrote:Hello
I have a problem. My outgoing bandwidth on 80 port is too high last month. I had an intruder.
What to do?
I have attached the proccess tree.
Thank you

If you really believe that you had an intruder in your system, then you need to wipe it and reinstall from scratch.

Post by **TrevorH** » 2015/11/28 11:15:45

In addition you have processes running there called cwpsrv and these sound like they probably belong to something called CentOS Web Panel which has nothing whatsoever to do with the CentOS project apart from having hijacked its name without authorisation. You need to seek support from CWP if so.

aks · Post by **aks** » 2015/11/28 18:25:46

Instead of listing processes using CPU memory, etc. how about what is using port 80 (probably httpd process) and having a look in it's logs.
BTW, mysql should be using a "big" (resource-wise) consumer. The maldet process is (apparently) a malware detector (see https://www.rfxn.com/projects/linux-malware-detect/) - so if you installed it, it's probably doing what it should be doing.
You havemn't posted anything to do with the reported problem (bandwidth) and if you are using cpanel, ask them.

CentOS

Problem with intruder. Outgoing bandwidth on port 8 too high

Problem with intruder. Outgoing bandwidth on port 8 too high

Re: Problem with intruder. Outgoing bandwidth on port 8 too

Re: Problem with intruder. Outgoing bandwidth on port 8 too

Re: Problem with intruder. Outgoing bandwidth on port 8 too