[ikey07]

Suspicious process running under user User:

Код:

Executable:

/home/user/.gameservers/samp_0/samp-npc


Command Line (often faked in exploits):

/home/user/.gameservers/samp_0/samp-npc -h 127.0.0.1 -p 7777 -n Cocaine_Dealer -m npcidle -z fdsfds345df


Network connections by the process (if any):

udp: 0.0.0.0:7777 -> 0.0.0.0:0
udp: 0.0.0.0:58132 -> 0.0.0.0:0
tcp: 0.0.0.0:7777 -> 0.0.0.0:0
tcp: 127.0.0.1:52574 -> 127.0.0.1:3306


Files open by the process (if any):

/dev/null
/dev/pts/1
/dev/pts/1
/dev/pts/1
/home/user/.gameservers/samp_0/mysql_log.txt
/dev/pts/1

My eyes cought the last parameter of that command line fdsfds345df


and yes, I already use R2 server.

[BJIADOKC]

Quote:

Originally Posted by ikey07 Suspicious process running under user User: Код: Executable: /home/user/.gameservers/samp_0/samp-npc Command Line (often faked in exploits): /home/user/.gameservers/samp_0/samp-npc -h 127.0.0.1 -p 7777 -n Cocaine_Dealer -m npcidle -z fdsfds345df Network connections by the process (if any): udp: 0.0.0.0:7777 -> 0.0.0.0:0 udp: 0.0.0.0:58132 -> 0.0.0.0:0 tcp: 0.0.0.0:7777 -> 0.0.0.0:0 tcp: 127.0.0.1:52574 -> 127.0.0.1:3306 Files open by the process (if any): /dev/null /dev/pts/1 /dev/pts/1 /dev/pts/1 /home/user/.gameservers/samp_0/mysql_log.txt /dev/pts/1 My eyes cought the last parameter of that command line fdsfds345df and yes, I already use R2 server.

This is a server password, your captain.

[ikey07]

what password if I havent set any

[BJIADOKC]

Quote:

Originally Posted by ikey07 what password if I havent set any

Those params used in samp.exe (client) to connect to server. Param "-z" sets server password (that you type in box before connect)
I think samp-npc doing the same, but it gets password from server.cfg

[linuxthefish]

cPanel is going to report that as suspicious, It's expecting that people won't be running a gameserver on the same server they host websites on!

http://forum.configserver.com/viewtopic.php?f=6&t=2059