Search found 3 matches
- 12 Mar 2013, 21:56
- Forum: General Discussion (csf)
- Topic: Suspicious process running under user sshd
- Replies: 3
- Views: 5198
Re: Suspicious process running under user sshd
thanks for the reply, I have checked the cpanel update log, and ssh have been udpated. I have then restarted it through whm, and also have gone into shell and run service sshd restart. Even though it is saying it is restarting successfully, the message is still appearing, and it doesn't seem to end ...
- 12 Mar 2013, 01:29
- Forum: General Discussion (csf)
- Topic: Suspicious process running under user sshd
- Replies: 3
- Views: 5198
Re: Suspicious process running under user sshd
I would like to that this seems to happen every hour, i get 5 emails noting the suspicious activity.
It happens a couple of minutes past the hour, so for instance if i look at this morning:
8:02 AM
9:03 AM
10:03 AM
11:04 AM
It happens a couple of minutes past the hour, so for instance if i look at this morning:
8:02 AM
9:03 AM
10:03 AM
11:04 AM
- 11 Mar 2013, 06:44
- Forum: General Discussion (csf)
- Topic: Suspicious process running under user sshd
- Replies: 3
- Views: 5198
Suspicious process running under user sshd
Hi Guys, (and girls) I am having this message emailed to me: Suspicious process running under user sshd /usr/sbin/sshd (deleted) Command Line (often faked in exploits): sshd: root [net] it also has a TCP connection to some ip address. I am a bit concerned what this is or how to go about troubleshoot...