Vincent Bergeron
New Member
I receive this about 40 times a day. And i have looked this up and it is some kind of exploit. i have deleted every one of these files (wp-conf.php) and now the file doesn't appear to be on the server, but i still get these messages. I have also deleted everything from the public_html folder and restore the site form the original build, and i still get this message. Below is the message s that i recieve.
Time: Wed Jul 31 11:02:34 2013 -0400
PID: 23592 (Parent PID:21968)
Account: bobby
Uptime: 644067 seconds
Executable:
/usr/bin/php
Command Line (often faked in exploits):
/usr/bin/php /home/bobby/public_html/wp-conf.php
Network connections by the process (if any):
tcp: 192.190.82.114:50599 -> 90.156.201.105:80
tcp: 192.190.82.114:50704 -> 90.156.201.63:80
tcp: 192.190.82.114:38140 -> 90.156.201.47:80
tcp: 192.190.82.114:53778 -> 90.156.201.78:80
tcp: 192.190.82.114:50618 -> 90.156.201.105:80
tcp: 192.190.82.114:50736 -> 90.156.201.63:80
tcp: 192.190.82.114:38172 -> 90.156.201.47:80
tcp: 192.190.82.114:53811 -> 90.156.201.78:80
tcp: 192.190.82.114:50653 -> 90.156.201.105:80
tcp: 192.190.82.114:50772 -> 90.156.201.63:80
tcp: 192.190.82.114:38214 -> 90.156.201.47:80
tcp: 192.190.82.114:53864 -> 90.156.201.78:80
tcp: 192.190.82.114:50719 -> 90.156.201.105:80
tcp: 192.190.82.114:50831 -> 90.156.201.63:80
tcp: 192.190.82.114:38267 -> 90.156.201.47:80
tcp: 192.190.82.114:53906 -> 90.156.201.78:80
tcp: 192.190.82.114:50744 -> 90.156.201.105:80
tcp: 192.190.82.114:50859 -> 90.156.201.63:80
tcp: 192.190.82.114:38295 -> 90.156.201.47:80
tcp: 192.190.82.114:53940 -> 90.156.201.78:80
tcp: 192.190.82.114:50780 -> 90.156.201.105:80
tcp: 192.190.82.114:50889 -> 90.156.201.63:80
Second Message i get.
Time: Wed Jul 31 15:02:55 2013 -0400
Account: bobby
Resource: Process Time
Exceeded: 580214 > 1800 (seconds)
Executable: /usr/bin/php
Command Line: /usr/bin/php /home/bobby/public_html/wp-conf.php
PID: 4328 (Parent PID:4235)
Killed: No
Time: Wed Jul 31 11:02:34 2013 -0400
PID: 23592 (Parent PID:21968)
Account: bobby
Uptime: 644067 seconds
Executable:
/usr/bin/php
Command Line (often faked in exploits):
/usr/bin/php /home/bobby/public_html/wp-conf.php
Network connections by the process (if any):
tcp: 192.190.82.114:50599 -> 90.156.201.105:80
tcp: 192.190.82.114:50704 -> 90.156.201.63:80
tcp: 192.190.82.114:38140 -> 90.156.201.47:80
tcp: 192.190.82.114:53778 -> 90.156.201.78:80
tcp: 192.190.82.114:50618 -> 90.156.201.105:80
tcp: 192.190.82.114:50736 -> 90.156.201.63:80
tcp: 192.190.82.114:38172 -> 90.156.201.47:80
tcp: 192.190.82.114:53811 -> 90.156.201.78:80
tcp: 192.190.82.114:50653 -> 90.156.201.105:80
tcp: 192.190.82.114:50772 -> 90.156.201.63:80
tcp: 192.190.82.114:38214 -> 90.156.201.47:80
tcp: 192.190.82.114:53864 -> 90.156.201.78:80
tcp: 192.190.82.114:50719 -> 90.156.201.105:80
tcp: 192.190.82.114:50831 -> 90.156.201.63:80
tcp: 192.190.82.114:38267 -> 90.156.201.47:80
tcp: 192.190.82.114:53906 -> 90.156.201.78:80
tcp: 192.190.82.114:50744 -> 90.156.201.105:80
tcp: 192.190.82.114:50859 -> 90.156.201.63:80
tcp: 192.190.82.114:38295 -> 90.156.201.47:80
tcp: 192.190.82.114:53940 -> 90.156.201.78:80
tcp: 192.190.82.114:50780 -> 90.156.201.105:80
tcp: 192.190.82.114:50889 -> 90.156.201.63:80
Second Message i get.
Time: Wed Jul 31 15:02:55 2013 -0400
Account: bobby
Resource: Process Time
Exceeded: 580214 > 1800 (seconds)
Executable: /usr/bin/php
Command Line: /usr/bin/php /home/bobby/public_html/wp-conf.php
PID: 4328 (Parent PID:4235)
Killed: No