On my Linux server, i am getting a suspicious perl process, which is trying to send spam from my server, using a perl script. Here is the ps -aux output.
apache 10078 0.0 0.0 4028 705 pts/1 S+ 15:50 0:00 [perl]
apache 10079 0.0 0.0 4023 433 pts/1 S+ 15:50 0:00 [perl]
apache 10080 0.0 0.0 4024 432 pts/1 S+ 15:50 0:00 [perl]
.
.
.
There are more than 20 of such processes running and each one of them is consuming a lot of Sockets.
unable to find the script's location, path and detail as its just "perl" written there. I tried to use lsof to see its opened files, it shows a big number of sockets and files opened by one website hosted on my server. but i cannot get a clue from there that which script is this, so that i can track and remove it.
Thanks
lsof -pagainst the relevant process ID's will tell you where to look...For instance,
lsof -p 10078will give you a listing of all the open files associated with that process. Take a look at the output and work back to see which files are in use.I found a solution using which you can know the Exact path of the system/kernel perocess, enclosed in brackets , like [perl]