Strange Port tracked
António P. P. Almeida
appa at perusio.net
Sat Feb 19 19:04:36 MSK 2011
On 19 Fev 2011 15h45 WET, nginx-forum at nginx.us wrote:
> hi,
>
> It's quite new for me to use nginx as the webserver, nginx 0.7.65 +
> php /fpm on freebsd, which was installed on Apr 28th, 2010. I
> configured the server to listen on Port 80 as seen below.
>
> server {
> listen 80;
>
> My php script will create a folder by domain name each time it
> detect a different domain. I saw a strange xxxxx:4511 folder created
> on Jan 13th,
> 2011. Also owner of all php files and folders are changed to 1005 . I
> double checked /etc/passwd and the max user id there is 1003.
>
> Is it possible that my nginx/phpfpm server is hacked? Please
> advice!
Yes it is. It depends on a lot of stuff:
1. Your app and how PHP is configured
2. Your server setup (SSH and such)
You should consider running an IDS and also a log checking tool.
--- appa
More information about the nginx
mailing list