Find Jobs
Hire Freelancers

Detect and fix what is this weird PHP process: /usr/local/bin/php -d safe_mode=off -r eval(base54_decode

$10-30 USD

Закрито
Опублікований over 8 years ago

$10-30 USD

Оплачується при отриманні
Im checking my processes via htop and I noticed a weird process which consumes quite good % of the cpu: Seems to be /usr/local/bin/php -d safe_mode=off -r eval(base64_decode and a huge base64 code string I want to know: 1) What is it? If its a hack or what? 2) How to fix this? 3) How it got there
ID проекту: 8459440

Про проект

16 пропозицій(-ї)
Дистанційний проект
Активність 8 yrs ago

Хочете заробити?

Переваги подання заявок на Freelancer

Вкажіть свій бюджет та терміни
Отримайте гроші за свою роботу
Опишіть свою пропозицію
Реєстрація та подання заявок у проекти є безкоштовними
16 фрілансерів(-и) готові виконати цю роботу у середньому за $41 USD
Аватарка користувача
Hello. I would like to help you with php proc identified. I have a lot of experience with linux many years. Thank you.
$30 USD за 1 день
4,9 (737 відгуки(-ів))
7,3
7,3
Аватарка користувача
It's most likely virus/spamming code, where do you see this process running and can't you stop it? If you give me access to the server I'll try to find from where it gets started
$30 USD за 1 день
5,0 (81 відгуки(-ів))
7,0
7,0
Аватарка користувача
I can help you. Do you have root access to your server?. I'm looking forwards to your response. Thank you.
$30 USD за 1 день
5,0 (184 відгуки(-ів))
6,5
6,5
Аватарка користувача
1) What is it? If its a hack or what? Yes 2) How to fix this? Order me 3) How it got there Your server is unsecured ***************************************************************************
$150 USD за 5 дні(-в)
4,8 (252 відгуки(-ів))
7,0
7,0
Аватарка користувача
Nie złożono jeszcze oferty.
$55 USD за 3 дні(-в)
5,0 (70 відгуки(-ів))
5,2
5,2
Аватарка користувача
I will have to look into the server. Can fix in few hours time. Again you will have to provide ssh access to your server for me to be able to finish this job
$55 USD за 1 день
4,9 (6 відгуки(-ів))
4,8
4,8
Аватарка користувача
Hi, I am expert in PHP. Seems you have been hacked. Can you give me base64 code string? Regards, Andrew .
$25 USD за 0 день
4,8 (29 відгуки(-ів))
4,9
4,9
Аватарка користувача
Dear sir, As a pentester and security researcher, I think this is a hack. We can cleary see PHP is started without safe_mode with enables dangerous functions such as shell_exec. The only reason behind encoding with base64 and eval the function is to obfuscate what's running. Can you paste the full base64 string so I reverse it and see what code is beinng eval'ed ? As this is showing in htop, it seem to be a really low skilled hacker as someone skilled would have hidden this from the process list. But maybe he's working on making it stealth right now so you should really not wait and speed up before something bad happens. It might be a cryptoPHP infection. Please paste me the base64 string this is the most important and it's missing from your description, but this is is clearly a hack. You should kill this process and make a crontab if it runs automatically again. Please PM, I would really like to find out what it is and identify what strain of malware lies behind this base64 string. You might be part of a DDOS or spam botnet. I hope for you it's not some kind of crypotPHP infection. Make sure you have backups of all your files and DONT delete them, it surely started to infect other scripts and a backdoor might have already been put on your server in case you find out this (which you did). You must find out what was done ASAP. Regards,
$30 USD за 3 дні(-в)
5,0 (39 відгуки(-ів))
4,5
4,5
Аватарка користувача
From how you've described it, this is potentially malicious code that has made its way onto your server via yourself or some outside party. I can figure out exactly what this code is doing and take the proper direction from there on what to do.
$25 USD за 1 день
4,9 (23 відгуки(-ів))
4,1
4,1
Аватарка користувача
A proposal has not yet been provided
$35 USD за 1 день
5,0 (9 відгуки(-ів))
3,7
3,7
Аватарка користувача
I can find the base64 that is being executed in PHP and decode it to find exactly what is happening. I am free to start immediately.
$25 USD за 0 день
5,0 (18 відгуки(-ів))
3,4
3,4
Аватарка користувача
It's certainly a hacked process. It is running some php commands which is encoded in base64 so that you don't know what task is done by it. But i think you understand what it means? (illegal)
$55 USD за 1 день
4,9 (14 відгуки(-ів))
3,3
3,3
Аватарка користувача
Dear Sir/Madam, please let me introduce myself briefly. Fifteen years dealing with information technology, I am mostly familiar with fields of web development and system and network operations. Based on your description this is definitely a hack. I work with PHP and webservers on a daily basis, so I can easily check your server for security issues. I can change your settings so no more harmful code will be executed. As I'm new here, please give me a chance to get some good ratings, it'd really help me get other jobs. :) Having any questions please don't hesitate to contact me, I'll be glad to answer them. I'm looking forward to work with you. Kind regards, Robert.
$10 USD за 1 день
4,0 (1 відгук)
1,5
1,5
Аватарка користувача
It's looks like your site/server is infected by malware. Does your site based on Wordpress?
$30 USD за 3 дні(-в)
0,0 (0 відгуки(-ів))
0,0
0,0

Про клієнта

Прапор MEXICO
DURANGO, Mexico
5,0
115
Спосіб оплати верифіковано
На сайті з серп. 14, 2009

Верифікація клієнта

Дякуємо! Ми надіслали на вашу електронну пошту посилання для отримання безкоштовного кредиту.
Під час надсилання електронного листа сталася помилка. Будь ласка, спробуйте ще раз.
Зареєстрованих користувачів Загальна кількість опублікованих робіт
Freelancer ® is a registered Trademark of Freelancer Technology Pty Limited (ACN 142 189 759)
Copyright © 2024 Freelancer Technology Pty Limited (ACN 142 189 759)
Завантажуємо для перегляду
Дозвіл на визначення геолокації надано.
Ваш сеанс входу закінчився, і сеанс було закрито. Будь ласка, увійдіть знову.