it takes ages before I get access to Config Server Security and Firewall settings.
My Mail Queue Administration remains flooded.
Finally after much searching, I had to suddenly enter an email address to LF_ALERT_FROM = mymail@new.us
Now I'm not getting emails in on Mail Queue Administration, but in my private mail box.
The information stated therein is the following;
Code: Select all
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
root@AHV-ID-2679.vps.awcloud.nl
Unrouteable address
Reporting-MTA: dns; AHV-ID-2679.vps.awcloud.nl
Action: failed
Final-Recipient: rfc822;root@AHV-ID-2679.vps.awcloud.nl
Status: 5.0.0
ForwardedMessage.eml
Subject:
lfd on AHV-ID-2679.vps.awcloud.nl: Suspicious process running under user avahi
From:
mymail@new.us
Date:
6-3-2017 15:07
To:
root@AHV-ID-2679.vps.awcloud.nl
Time: Mon Mar 6 14:07:02 2017 +0000
PID: 616 (Parent PID:616)
Account: avahi
Uptime: 66708 seconds
Executable:
/usr/sbin/avahi-daemon
Command Line (often faked in exploits):
avahi-daemon: running [AHV-ID-2679.local]
Network connections by the process (if any):
udp: 0.0.0.0:5353 -> 0.0.0.0:0
udp: 0.0.0.0:54413 -> 0.0.0.0:0
Files open by the process (if any):
/dev/null
anon_inode:inotify
Memory maps by the process (if any):
7f7f3c9f5000-7f7f3ca01000 r-xp 00000000 fd:01 134468983 /usr/lib64/libnss_files-2.17.so
7f7f3ca01000-7f7f3cc00000 ---p 0000c000 fd:01 134468983 /usr/lib64/libnss_files-2.17.so
7f7f3cc00000-7f7f3cc01000 r--p 0000b000 fd:01 134468983 /usr/lib64/libnss_files-2.17.so
7f7f3cc01000-7f7f3cc02000 rw-p 0000c000 fd:01 134468983 /usr/lib64/libnss_files-2.17.so
7f7f3cc02000-7f7f3cc08000 rw-p 00000000 00:00 0
7f7f3cc08000-7f7f3cc0f000 r-xp 00000000 fd:01 134616122 /usr/lib64/librt-2.17.so
7f7f3cc0f000-7f7f3ce0e000 ---p 00007000 fd:01 134616122 /usr/lib64/librt-2.17.so
7f7f3ce0e000-7f7f3ce0f000 r--p 00006000 fd:01 134616122 /usr/lib64/librt-2.17.so
7f7f3ce0f000-7f7f3ce10000 rw-p 00007000 fd:01 134616122 /usr/lib64/librt-2.17.so
7f7f3ce10000-7f7f3ce14000 r-xp 00000000 fd:01 134418622 /usr/lib64/libattr.so.1.1.0
7f7f3ce14000-7f7f3d013000 ---p 00004000 fd:01 134418622 /usr/lib64/libattr.so.1.1.0
7f7f3d013000-7f7f3d014000 r--p 00003000 fd:01 134418622 /usr/lib64/libattr.so.1.1.0
7f7f3d014000-7f7f3d015000 rw-p 00004000 fd:01 134418622 /usr/lib64/libattr.so.1.1.0
7f7f3d015000-7f7f3d1cb000 r-xp 00000000 fd:01 134361215 /usr/lib64/libc-2.17.so
7f7f3d1cb000-7f7f3d3cb000 ---p 001b6000 fd:01 134361215 /usr/lib64/libc-2.17.so
7f7f3d3cb000-7f7f3d3cf000 r--p 001b6000 fd:01 134361215 /usr/lib64/libc-2.17.so
7f7f3d3cf000-7f7f3d3d1000 rw-p 001ba000 fd:01 134361215 /usr/lib64/libc-2.17.so
7f7f3d3d1000-7f7f3d3d6000 rw-p 00000000 00:00 0
7f7f3d3d6000-7f7f3d3ed000 r-xp 00000000 fd:01 134603391 /usr/lib64/libpthread-2.17.so
7f7f3d3ed000-7f7f3d5ec000 ---p 00017000 fd:01 134603391 /usr/lib64/libpthread-2.17.so
7f7f3d5ec000-7f7f3d5ed000 r--p 00016000 fd:01 134603391 /usr/lib64/libpthread-2.17.so
7f7f3d5ed000-7f7f3d5ee000 rw-p 00017000 fd:01 134603391 /usr/lib64/libpthread-2.17.so
7f7f3d5ee000-7f7f3d5f2000 rw-p 00000000 00:00 0
7f7f3d5f2000-7f7f3d638000 r-xp 00000000 fd:01 134372538 /usr/lib64/libdbus-1.so.3.7.4
7f7f3d638000-7f7f3d838000 ---p 00046000 fd:01 134372538 /usr/lib64/libdbus-1.so.3.7.4
7f7f3d838000-7f7f3d839000 r--p 00046000 fd:01 134372538 /usr/lib64/libdbus-1.so.3.7.4
7f7f3d839000-7f7f3d83a000 rw-p 00047000 fd:01 134372538 /usr/lib64/libdbus-1.so.3.7.4
7f7f3d83a000-7f7f3d83c000 r-xp 00000000 fd:01 134372575 /usr/lib64/libdl-2.17.so
7f7f3d83c000-7f7f3da3c000 ---p 00002000 fd:01 134372575 /usr/lib64/libdl-2.17.so
7f7f3da3c000-7f7f3da3d000 r--p 00002000 fd:01 134372575 /usr/lib64/libdl-2.17.so
7f7f3da3d000-7f7f3da3e000 rw-p 00003000 fd:01 134372575 /usr/lib64/libdl-2.17.so
7f7f3da3e000-7f7f3da42000 r-xp 00000000 fd:01 134418626 /usr/lib64/libcap.so.2.22
7f7f3da42000-7f7f3dc41000 ---p 00004000 fd:01 134418626 /usr/lib64/libcap.so.2.22
7f7f3dc41000-7f7f3dc42000 r--p 00003000 fd:01 134418626 /usr/lib64/libcap.so.2.22
7f7f3dc42000-7f7f3dc43000 rw-p 00004000 fd:01 134418626 /usr/lib64/libcap.so.2.22
7f7f3dc43000-7f7f3dc6a000 r-xp 00000000 fd:01 134689906 /usr/lib64/libexpat.so.1.6.0
7f7f3dc6a000-7f7f3de6a000 ---p 00027000 fd:01 134689906 /usr/lib64/libexpat.so.1.6.0
7f7f3de6a000-7f7f3de6c000 r--p 00027000 fd:01 134689906 /usr/lib64/libexpat.so.1.6.0
7f7f3de6c000-7f7f3de6d000 rw-p 00029000 fd:01 134689906 /usr/lib64/libexpat.so.1.6.0
7f7f3de6d000-7f7f3de73000 r-xp 00000000 fd:01 134468940 /usr/lib64/libdaemon.so.0.5.0
7f7f3de73000-7f7f3e072000 ---p 00006000 fd:01 134468940 /usr/lib64/libdaemon.so.0.5.0
7f7f3e072000-7f7f3e073000 r--p 00005000 fd:01 134468940 /usr/lib64/libdaemon.so.0.5.0
7f7f3e073000-7f7f3e074000 rw-p 00006000 fd:01 134468940 /usr/lib64/libdaemon.so.0.5.0
7f7f3e074000-7f7f3e0a8000 r-xp 00000000 fd:01 134560345 /usr/lib64/libavahi-core.so.7.0.2
7f7f3e0a8000-7f7f3e2a7000 ---p 00034000 fd:01 134560345 /usr/lib64/libavahi-core.so.7.0.2
7f7f3e2a7000-7f7f3e2a8000 r--p 00033000 fd:01 134560345 /usr/lib64/libavahi-core.so.7.0.2
7f7f3e2a8000-7f7f3e2a9000 rw-p 00034000 fd:01 134560345 /usr/lib64/libavahi-core.so.7.0.2
7f7f3e2a9000-7f7f3e2b5000 r-xp 00000000 fd:01 134796594 /usr/lib64/libavahi-common.so.3.5.3
7f7f3e2b5000-7f7f3e4b4000 ---p 0000c000 fd:01 134796594 /usr/lib64/libavahi-common.so.3.5.3
7f7f3e4b4000-7f7f3e4b5000 r--p 0000b000 fd:01 134796594 /usr/lib64/libavahi-common.so.3.5.3
7f7f3e4b5000-7f7f3e4b6000 rw-p 0000c000 fd:01 134796594 /usr/lib64/libavahi-common.so.3.5.3
7f7f3e4b6000-7f7f3e4d6000 r-xp 00000000 fd:01 134361204 /usr/lib64/ld-2.17.so
7f7f3e6c5000-7f7f3e6cc000 rw-p 00000000 00:00 0
7f7f3e6d4000-7f7f3e6d5000 rw-p 00000000 00:00 0
7f7f3e6d5000-7f7f3e6d6000 r--p 0001f000 fd:01 134361204 /usr/lib64/ld-2.17.so
7f7f3e6d6000-7f7f3e6d7000 rw-p 00020000 fd:01 134361204 /usr/lib64/ld-2.17.so
7f7f3e6d7000-7f7f3e6d8000 rw-p 00000000 00:00 0
7f7f3e6d8000-7f7f3e6f7000 r-xp 00000000 fd:01 134560346 /usr/sbin/avahi-daemon
7f7f3e8f6000-7f7f3e8f8000 r--p 0001e000 fd:01 134560346 /usr/sbin/avahi-daemon
7f7f3e8f8000-7f7f3e8f9000 rw-p 00020000 fd:01 134560346 /usr/sbin/avahi-daemon
7f7f3fda1000-7f7f3fdc2000 rw-p 00000000 00:00 0 [heap]
7ffc11adf000-7ffc11b00000 rw-p 00000000 00:00 0 [stack]
7ffc11b11000-7ffc11b13000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
What this is going on.