Re: Strange Port tracked - António P. P. Almeida - ru.sysoev.nginx

3 messages in ru.sysoev.nginxRe: Strange Port tracked

From	Sent On	Attachments
timknip	Feb 19, 2011 7:45 am
Jim Ohlstein	Feb 19, 2011 7:56 am
António P. P. Almeida	Feb 19, 2011 8:04 am

Subject:	Re: Strange Port tracked
From:	António P. P. Almeida (ap...@perusio.net)
Date:	Feb 19, 2011 8:04:13 am
List:	ru.sysoev.nginx

On 19 Fev 2011 15h45 WET, ngin...@nginx.us wrote:

hi,

It's quite new for me to use nginx as the webserver, nginx 0.7.65 + php /fpm on freebsd, which was installed on Apr 28th, 2010. I configured the server to listen on Port 80 as seen below.

server { listen 80;

My php script will create a folder by domain name each time it detect a different domain. I saw a strange xxxxx:4511 folder created on Jan 13th, 2011. Also owner of all php files and folders are changed to 1005 . I double checked /etc/passwd and the max user id there is 1003.

Is it possible that my nginx/phpfpm server is hacked? Please advice!

Yes it is. It depends on a lot of stuff: 1. Your app and how PHP is configured 2. Your server setup (SSH and such)

You should consider running an IDS and also a log checking tool.

--- appa

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets