From owner-freebsd-questions@FreeBSD.ORG Thu Oct 18 06:04:37 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DB57216A418 for ; Thu, 18 Oct 2007 06:04:37 +0000 (UTC) (envelope-from jrisom@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.176]) by mx1.freebsd.org (Postfix) with ESMTP id 8F77D13C45A for ; Thu, 18 Oct 2007 06:04:37 +0000 (UTC) (envelope-from jrisom@gmail.com) Received: by py-out-1112.google.com with SMTP id u77so138252pyb for ; Wed, 17 Oct 2007 23:04:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:in-reply-to:references:mime-version:content-type:message-id:content-transfer-encoding:cc:from:subject:date:to:x-mailer; bh=RDQgC2SqA8ku9/Ps0odCC+FuWwJMgjeJ1ikCVqcCyQ0=; b=uj1NugB6a0LTK+Pmr/9LnUMLTBZQeaa1beCJb3rSJj6zva30nibzdyWW3CLNTq1eSH3YYHPhJJdYtVdUuMoLz+OmkO1VOD1YvamWbgsSg5X8UjvqVhjHcRFX0RalHJ/2R+h/rBn2elbqF+5TwS3dwrv322kwrBjuHT6+6LNkPMM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:in-reply-to:references:mime-version:content-type:message-id:content-transfer-encoding:cc:from:subject:date:to:x-mailer; b=QNYAo99L9neBI/G5TRoyZmuPTSksLaRTbWwen0oDiEXXuWiRPRnRwnUmMHx5zCiZUIUnuhTslSvetWXHLKe8+YcBDxuqA35/77nj0iIdwW6f5Dy5aTe38Qt50927qe/qP5VjFlnUuAI3rKGf2YXClvryJ8iaB7/N9spIWJBNcpY= Received: by 10.35.91.10 with SMTP id t10mr228754pyl.1192687476526; Wed, 17 Oct 2007 23:04:36 -0700 (PDT) Received: from ?192.168.1.3? ( [74.134.230.123]) by mx.google.com with ESMTPS id v55sm670162pyh.2007.10.17.23.04.34 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 17 Oct 2007 23:04:35 -0700 (PDT) In-Reply-To: <002101c810f9$10379b80$0202fea9@jarasoft.net> References: <005801c8107c$8b7b93a0$0202fea9@jarasoft.net> <20071017151607.GB51123@gizmo.acns.msu.edu> <002101c810f9$10379b80$0202fea9@jarasoft.net> Mime-Version: 1.0 (Apple Message framework v624) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <2850867d4a18dfbe5eb8e9586c114af0@gmail.com> Content-Transfer-Encoding: 7bit From: Joshua Isom Date: Thu, 18 Oct 2007 01:04:38 -0500 To: Jack Raats X-Mailer: Apple Mail (2.624) Cc: freebsd-questions Questions Subject: Re: Strange perl script X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Oct 2007 06:04:37 -0000 If a simple 'locate sploger' shows nothing(run `periodic weekly` which will update your locate database assuming you're keeping things relatively stock), then in all likelihood you've got an intruder. If some of the other tips posted give no help, and you've got time on your hands, try `grep -l sploger /` and you'll find all files with sploger in it. If you've been broken into and they're being really tricky, it won't work but odds are they aren't that bright if the process is still in ps's output. On Oct 17, 2007, at 3:05 PM, Jack Raats wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > >>> HI >>> >>> Can anyone explain this after ps -ax | grep perl >>> >>> 21893 ?? I 1:02.37 sploger (perl5.8.8) >>> 29536 ?? R 184:14.94 sploger (perl5.8.8) >>> 29538 ?? R 184:36.44 sploger (perl5.8.8) >>> 30668 ?? R 168:56.54 sploger (perl5.8.8) >>> >>> What is sploger? >> >> Looks sort of like a Perl script running. >> That, of course, doesn't say what it is doing. > > The stangest thing is that I cann't find sploger on my system. After a > reboot sploger doesn't appear anymore, which makes it more stranger. > > Jack > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (MingW32) - GPGrelay v0.959 > > iD8DBQFHFmsIPh5RwW/NzC4RAurgAJ9m80yBkOqQSmGvG6y2lPDErml/XACeIm++ > xj50w4ABeltc1MaxQSW04Zw= > =LleI > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >