Suspicious process running under user
Posted: 03 Mar 2013, 17:33
Hi,
Is someone can explain me does it mean and what should i do?
This IP from RU did this several times on the server on a website with a WP install.
i am relatively new with csf and server administration
Any help will be much appreciate !
thx
JC
Executable:
/usr/bin/php
Command Line (often faked in exploits):
/usr/bin/php /home/clientname/public_html/index.php
Network connections by the process (if any):
tcp: myip adress :40318 -> 91.231.156.58:80
Files open by the process (if any):
Memory maps by the process (if any):
00101000-0022b000 r-xp 00000000 08:05 65796 /lib/libcrypto..0.9.8e
0022b000-0023f000 rw-p 00129000 08:05 65796 /lib/libcrypto..0.9.8e
0023f000-00242000 rw-p 0023f000 00:00 0
00242000-00267000 r-xp 00000000 08:05 22228002 /usr/lib/libpng12..0.10.0
00267000-00268000 rw-p 00024000 08:05 22228002 /usr/lib/libpng12..0.10.0
00268000-002a4000 r-xp 00000000 08:05 2556567 /opt/pcre/lib/libpcre..0.0.1
002a4000-002a5000 rw-p 0003b000 08:05 2556567 /opt/pcre/lib/libpcre..0.0.1
002a5000-002da000 r-xp 00000000 08:05 2588997 /opt/xslt/lib/libxslt..1.1.27
002da000-002db000 rw-p 00035000 08:05 2588997 /opt/xslt/lib/libxslt..1.1.27
002dd000-00321000 r-xp 00000000 08:05 66673 /lib/libssl..0.9.8e
00321000-00325000 rw-p 00043000 08:05 66673 /lib/libssl..0.9.8e
00325000-0032d000 r-xp 00000000 08:05 22225498 /usr/lib/libkrb5support..0.1
0032d000-0032e000 rw-p 00007000 08:05 22225498 /usr/lib/libkrb5support..0.1
00334000-00379000 r-xp 00000000 08:05 2556545 /opt/mhash/lib/libmhash..2.0.1
00379000-0037a000 rw-p 00044000 08:05 2556545 /opt/mhash/lib/libmhash..2.0.1
0037a000-00479000 r-xp 00000000 08:05 22227321 /usr/lib/libX11..6.2.0
00479000-0047d000 rw-p 000ff000 08:05 22227321 /usr/lib/libX11..6.2.0
0047d000-004cd000 r-xp 00000000 08:05 2556041 /opt/curlssl/lib/libcurl..4.2.0
004cd000-004cf000 rw-p 0004f000 08:05 2556041 /opt/curlssl/lib/libcurl..4.2.0
004d3000-004fa000 r-xp 00000000 08:05 2556523 /opt/libmcrypt/lib/libmcrypt..4.4.8
004fa000-004fd000 rw-p 00027000 08:05 2556523 /opt/libmcrypt/lib/libmcrypt..4.4.8
004fd000-00502000 rw-p 004fd000 00:00 0
00502000-00596000 r-xp 00000000 08:05 22227943 /usr/lib/libkrb5..3.3
00596000-00599000 rw-p 00093000 08:05 22227943 /usr/lib/libkrb5..3.3
00599000-005dc000 r-xp 00000000 08:05 23103651 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/timezonedb.
005dc000-005de000 rw-p 00043000 08:05 23103651 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/timezonedb.
005de000-005e4000 r-xp 00000000 08:05 23103670 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_mysql.
005e4000-005e5000 rw-p 00005000 08:05 23103670 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_mysql.
005e5000-005ef000 r-xp 00000000 08:05 65719 /lib/libnss_files-2.5.
005ef000-005f0000 r--p 00009000 08:05 65719 /lib/libnss_files-2.5.
005f0000-005f1000 rw-p 0000a000 08:05 65719 /lib/libnss_files-2.5.
005f2000-00602000 r-xp 00000000 08:05 2588996 /opt/xslt/lib/libexslt..0.8.16
00602000-00603000 rw-p 0000f000 08:05 2588996 /opt/xslt/lib/libexslt..0.8.16
00603000-0061f000 r-xp 00000000 08:05 23104146 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/suhosin.
0061f000-00623000 rw-p 0001b000 08:05 23104146 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/suhosin.
00623000-00625000 rw-p 00623000 00:00 0
00625000-00639000 r-xp 00000000 08:05 23103667 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo.
00639000-0063b000 rw-p 00014000 08:05 23103667 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo.
0063b000-0069f000 r-xp 00000000 08:05 23103671 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_sqlite.
0069f000-006a0000 rw-p 00063000 08:05 23103671 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_sqlite.
006c7000-006e2000 r-xp 00000000 08:05 65737 /lib/ld-2.5.
006e2000-006e3000 r--p 0001a000 08:05 65737 /lib/ld-2.5.
006e3000-006e4000 rw-p 0001b000 08:05 65737 /lib/ld-2.5.
006e4000-007fd000 r-xp 00000000 08:05 2556251 /opt/xml2/lib/libxml2..2.7.8
007fd000-00802000 rw-p 00119000 08:05 2556251 /opt/xml2/lib/libxml2..2.7.8
00802000-00803000 rw-p 00802000 00:00 0
00845000-00848000 r-xp 00000000 08:05 65807 /lib/libdl-2.5.
00848000-00849000 r--p 00002000 08:05 65807 /lib/libdl-2.5.
00849000-0084a000 rw-p 00003000 08:05 65807 /lib/libdl-2.5.
0084c000-00862000 r-xp 00000000 08:05 66653 /lib/libpthread-2.5.
00862000-00863000 r--p 00015000 08:05 66653 /lib/libpthread-2.5.
00863000-00864000 rw-p 00016000 08:05 66653 /lib/libpthread-2.5.
00864000-00866000 rw-p 00864000 00:00 0
00868000-0088f000 r-xp 00000000 08:05 66645 /lib/libm-2.5.
0088f000-00890000 r--p 00026000 08:05 66645 /lib/libm-2.5.
00890000-00891000 rw-p 00027000 08:05 66645 /lib/libm-2.5.
00893000-008a5000 r-xp 00000000 08:05 66656 /lib/libz..1.2.3
008a5000-008a6000 rw-p 00011000 08:05 66656 /lib/libz..1.2.3
008a8000-008e3000 r-xp 00000000 08:05 65811 /lib/libsepol..1
008e3000-008e4000 rw-p 0003b000 08:05 65811 /lib/libsepol..1
008e4000-008ee000 rw-p 008e4000 00:00 0
008f0000-00906000 r-xp 00000000 08:05 66658 /lib/libselinux..1
00906000-00908000 rw-p 00015000 08:05 66658 /lib/libselinux..1
0090a000-00911000 r-xp 00000000 08:05 65552 /lib/librt-2.5.
00911000-00912000 r--p 00007000 08:05 65552 /lib/librt-2.5.
00912000-00913000 rw-p 00008000 08:05 65552 /lib/librt-2.5.
00915000-0092a000 r-xp 00000000 08:05 66647 /lib/libnsl-2.5.
0092a000-0092b000 r--p 00014000 08:05 66647 /lib/libnsl-2.5.
0092b000-0092c000 rw-p 00015000 08:05 66647 /lib/libnsl-2.5.
0092c000-0092e000 rw-p 0092c000 00:00 0
00930000-00939000 r-xp 00000000 08:05 66651 /lib/libcrypt-2.5.
00939000-0093a000 r--p 00008000 08:05 66651 /lib/libcrypt-2.5.
0093a000-0093b000 rw-p 00009000 08:05 66651 /lib/libcrypt-2.5.
0093b000-00962000 rw-p 0093b000 00:00 0
00964000-0096f000 r-xp 00000000 08:05 66646 /lib/libgcc_s-4.1.2-20080825..1
0096f000-00970000 rw-p 0000a000 08:05 66646 /lib/libgcc_s-4.1.2-20080825..1
00972000-00982000 r-xp 00000000 08:05 22236063 /usr/lib/libbz2..1.0.3
00982000-00983000 rw-p 00010000 08:05 22236063 /usr/lib/libbz2..1.0.3
00985000-00995000 r-xp 00000000 08:05 22231206 /usr/lib/libXpm..4.11.0
00995000-00996000 rw-p 00010000 08:05 22231206 /usr/lib/libXpm..4.11.0
00998000-009c8000 r-xp 00000000 08:05 22225300 /usr/lib/libidn..11.5.19
009c8000-009c9000 rw-p 0002f000 08:05 22225300 /usr/lib/libidn..11.5.19
009cb000-009d1000 r-xp 00000000 08:05 22226743 /usr/lib/libltdl..3.1.4
009d1000-009d2000 rw-p 00005000 08:05 22226743 /usr/lib/libltdl..3.1.4
009f6000-009fa000 r-xp 00000000 08:05 65608 /lib/libnss_dns-2.5.
009fa000-009fb000 r--p 00003000 08:05 65608 /lib/libnss_dns-2.5.
009fb000-009fc000 rw-p 00004000 08:05 65608 /lib/libnss_dns-2.5.
00a04000-00a09000 r-xp 00000000 08:05 22227320 /usr/lib/libXdmcp..6.0.0
00a09000-00a0a000 rw-p 00004000 08:05 22227320 /usr/lib/libXdmcp..6.0.0
00a0c000-00a0e000 r-xp 00000000 08:05 22236056 /usr/lib/libXau..6.0.0
00a0e000-00a0f000 rw-p 00001000 08:05 22236056 /usr/lib/libXau..6.0.0
00a11000-00a32000 r-xp 00000000 08:05 22227503 /usr/lib/libjpeg..62.0.0
00a32000-00a33000 rw-p 00020000 08:05 22227503 /usr/lib/libjpeg..62.0.0
00a33000-00b0f000 r-xp 00000000 08:05 23529063 /usr/local/IonCube/ioncube_loader_lin_5.2.
00b0f000-00b12000 rw-p 000dc000 08:05 23529063 /usr/local/IonCube/ioncube_loader_lin_5.2.
00b12000-00b14000 rw-p 00b12000 00:00 0
00b42000-00b43000 r-xp 00b42000 00:00 0 [vd]
00b86000-00ba5000 r-xp 00000000 08:05 66657 /lib/libexpat..0.5.0
00ba5000-00ba7000 rw-p 0001f000 08:05 66657 /lib/libexpat..0.5.0
00bab000-00bc2000 r-xp 00000000 08:05 66660 /lib/libaudit..0.0.0
00bc2000-00bc4000 rw-p 00016000 08:05 66660 /lib/libaudit..0.0.0
00bc6000-00bd0000 r-xp 00000000 08:05 66661 /lib/libpam..0.81.5
00bd0000-00bd1000 rw-p 0000a000 08:05 66661 /lib/libpam..0.81.5
00bf6000-00c07000 r-xp 00000000 08:05 66650 /lib/librelv-2.5.
00c07000-00c08000 r--p 00010000 08:05 66650 /lib/librelv-2.5.
00c08000-00c09000 rw-p 00011000 08:05 66650 /lib/librelv-2.5.
00c09000-00c0b000 rw-p 00c09000 00:00 0
00c0d000-00c0f000 r-xp 00000000 08:05 65846 /lib/libkeyutils-1.2.
00c0f000-00c10000 rw-p 00001000 08:05 65846 /lib/libkeyutils-1.2.
00c17000-00c19000 r-xp 00000000 08:05 66672 /lib/libcom_err..2.1
00c19000-00c1a000 rw-p 00001000 08:05 66672 /lib/libcom_err..2.1
00c1c000-00cfc000 r-xp 00000000 08:05 22226390 /usr/lib/libstdc++..6.0.8
00cfc000-00d00000 r--p 000df000 08:05 22226390 /usr/lib/libstdc++..6.0.8
00d00000-00d01000 rw-p 000e3000 08:05 22226390 /usr/lib/libstdc++..6.0.8
00d01000-00d07000 rw-p 00d01000 00:00 0
00d09000-00d2f000 r-xp 00000000 08:05 22236070 /usr/lib/libk5crypto..3.1
00d2f000-00d30000 rw-p 00025000 08:05 22236070 /usr/lib/libk5crypto..3.1
00d32000-00d5f000 r-xp 00000000 08:05 22237901 /usr/lib/libgssapi_krb5..2.2
00d5f000-00d60000 rw-p 0002d000 08:05 22237901 /usr/lib/libgssapi_krb5..2.2
00d62000-00ddf000 r-xp 00000000 08:05 22226299 /usr/lib/libfreetype..6.3.10
00ddf000-00de2000 rw-p 0007d000 08:05 22226299 /usr/lib/libfreetype..6.3.10
00de2000-00fb1000 r-xp 00000000 08:05 22228639 /usr/lib/libmysqlclient..16.0.0
00fb1000-00ffb000 rw-p 001cf000 08:05 22228639 /usr/lib/libmysqlclient..16.0.0
00ffb000-00ffc000 rw-p 00ffb000 00:00 0
00ffc000-01153000 r-xp 00000000 08:05 65769 /lib/libc-2.5.
01153000-01155000 r--p 00156000 08:05 65769 /lib/libc-2.5.
01155000-01156000 rw-p 00158000 08:05 65769 /lib/libc-2.5.
01156000-01159000 rw-p 01156000 00:00 0
04832000-04887000 r-xp 00000000 08:05 23103675 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/sqlite.
04887000-04889000 rw-p 00055000 08:05 23103675 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/sqlite.
08048000-0863b000 r-xp 00000000 08:05 22237789 /usr/bin/php
0863b000-0866a000 rw-p 005f2000 08:05 22237789 /usr/bin/php
0866a000-08674000 rw-p 0866a000 00:00 0
08f44000-0a26c000 rw-p 08f44000 00:00 0 [heap]
b7c01000-b7f11000 rw-p b7c01000 00:00 0
b7f1a000-b7f1b000 rw-p b7f1a000 00:00 0
bfaa9000-bfabe000 rw-p bffe9000 00:00 0 [stack]
Is someone can explain me does it mean and what should i do?
This IP from RU did this several times on the server on a website with a WP install.
i am relatively new with csf and server administration
Any help will be much appreciate !
thx
JC
Executable:
/usr/bin/php
Command Line (often faked in exploits):
/usr/bin/php /home/clientname/public_html/index.php
Network connections by the process (if any):
tcp: myip adress :40318 -> 91.231.156.58:80
Files open by the process (if any):
Memory maps by the process (if any):
00101000-0022b000 r-xp 00000000 08:05 65796 /lib/libcrypto..0.9.8e
0022b000-0023f000 rw-p 00129000 08:05 65796 /lib/libcrypto..0.9.8e
0023f000-00242000 rw-p 0023f000 00:00 0
00242000-00267000 r-xp 00000000 08:05 22228002 /usr/lib/libpng12..0.10.0
00267000-00268000 rw-p 00024000 08:05 22228002 /usr/lib/libpng12..0.10.0
00268000-002a4000 r-xp 00000000 08:05 2556567 /opt/pcre/lib/libpcre..0.0.1
002a4000-002a5000 rw-p 0003b000 08:05 2556567 /opt/pcre/lib/libpcre..0.0.1
002a5000-002da000 r-xp 00000000 08:05 2588997 /opt/xslt/lib/libxslt..1.1.27
002da000-002db000 rw-p 00035000 08:05 2588997 /opt/xslt/lib/libxslt..1.1.27
002dd000-00321000 r-xp 00000000 08:05 66673 /lib/libssl..0.9.8e
00321000-00325000 rw-p 00043000 08:05 66673 /lib/libssl..0.9.8e
00325000-0032d000 r-xp 00000000 08:05 22225498 /usr/lib/libkrb5support..0.1
0032d000-0032e000 rw-p 00007000 08:05 22225498 /usr/lib/libkrb5support..0.1
00334000-00379000 r-xp 00000000 08:05 2556545 /opt/mhash/lib/libmhash..2.0.1
00379000-0037a000 rw-p 00044000 08:05 2556545 /opt/mhash/lib/libmhash..2.0.1
0037a000-00479000 r-xp 00000000 08:05 22227321 /usr/lib/libX11..6.2.0
00479000-0047d000 rw-p 000ff000 08:05 22227321 /usr/lib/libX11..6.2.0
0047d000-004cd000 r-xp 00000000 08:05 2556041 /opt/curlssl/lib/libcurl..4.2.0
004cd000-004cf000 rw-p 0004f000 08:05 2556041 /opt/curlssl/lib/libcurl..4.2.0
004d3000-004fa000 r-xp 00000000 08:05 2556523 /opt/libmcrypt/lib/libmcrypt..4.4.8
004fa000-004fd000 rw-p 00027000 08:05 2556523 /opt/libmcrypt/lib/libmcrypt..4.4.8
004fd000-00502000 rw-p 004fd000 00:00 0
00502000-00596000 r-xp 00000000 08:05 22227943 /usr/lib/libkrb5..3.3
00596000-00599000 rw-p 00093000 08:05 22227943 /usr/lib/libkrb5..3.3
00599000-005dc000 r-xp 00000000 08:05 23103651 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/timezonedb.
005dc000-005de000 rw-p 00043000 08:05 23103651 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/timezonedb.
005de000-005e4000 r-xp 00000000 08:05 23103670 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_mysql.
005e4000-005e5000 rw-p 00005000 08:05 23103670 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_mysql.
005e5000-005ef000 r-xp 00000000 08:05 65719 /lib/libnss_files-2.5.
005ef000-005f0000 r--p 00009000 08:05 65719 /lib/libnss_files-2.5.
005f0000-005f1000 rw-p 0000a000 08:05 65719 /lib/libnss_files-2.5.
005f2000-00602000 r-xp 00000000 08:05 2588996 /opt/xslt/lib/libexslt..0.8.16
00602000-00603000 rw-p 0000f000 08:05 2588996 /opt/xslt/lib/libexslt..0.8.16
00603000-0061f000 r-xp 00000000 08:05 23104146 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/suhosin.
0061f000-00623000 rw-p 0001b000 08:05 23104146 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/suhosin.
00623000-00625000 rw-p 00623000 00:00 0
00625000-00639000 r-xp 00000000 08:05 23103667 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo.
00639000-0063b000 rw-p 00014000 08:05 23103667 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo.
0063b000-0069f000 r-xp 00000000 08:05 23103671 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_sqlite.
0069f000-006a0000 rw-p 00063000 08:05 23103671 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_sqlite.
006c7000-006e2000 r-xp 00000000 08:05 65737 /lib/ld-2.5.
006e2000-006e3000 r--p 0001a000 08:05 65737 /lib/ld-2.5.
006e3000-006e4000 rw-p 0001b000 08:05 65737 /lib/ld-2.5.
006e4000-007fd000 r-xp 00000000 08:05 2556251 /opt/xml2/lib/libxml2..2.7.8
007fd000-00802000 rw-p 00119000 08:05 2556251 /opt/xml2/lib/libxml2..2.7.8
00802000-00803000 rw-p 00802000 00:00 0
00845000-00848000 r-xp 00000000 08:05 65807 /lib/libdl-2.5.
00848000-00849000 r--p 00002000 08:05 65807 /lib/libdl-2.5.
00849000-0084a000 rw-p 00003000 08:05 65807 /lib/libdl-2.5.
0084c000-00862000 r-xp 00000000 08:05 66653 /lib/libpthread-2.5.
00862000-00863000 r--p 00015000 08:05 66653 /lib/libpthread-2.5.
00863000-00864000 rw-p 00016000 08:05 66653 /lib/libpthread-2.5.
00864000-00866000 rw-p 00864000 00:00 0
00868000-0088f000 r-xp 00000000 08:05 66645 /lib/libm-2.5.
0088f000-00890000 r--p 00026000 08:05 66645 /lib/libm-2.5.
00890000-00891000 rw-p 00027000 08:05 66645 /lib/libm-2.5.
00893000-008a5000 r-xp 00000000 08:05 66656 /lib/libz..1.2.3
008a5000-008a6000 rw-p 00011000 08:05 66656 /lib/libz..1.2.3
008a8000-008e3000 r-xp 00000000 08:05 65811 /lib/libsepol..1
008e3000-008e4000 rw-p 0003b000 08:05 65811 /lib/libsepol..1
008e4000-008ee000 rw-p 008e4000 00:00 0
008f0000-00906000 r-xp 00000000 08:05 66658 /lib/libselinux..1
00906000-00908000 rw-p 00015000 08:05 66658 /lib/libselinux..1
0090a000-00911000 r-xp 00000000 08:05 65552 /lib/librt-2.5.
00911000-00912000 r--p 00007000 08:05 65552 /lib/librt-2.5.
00912000-00913000 rw-p 00008000 08:05 65552 /lib/librt-2.5.
00915000-0092a000 r-xp 00000000 08:05 66647 /lib/libnsl-2.5.
0092a000-0092b000 r--p 00014000 08:05 66647 /lib/libnsl-2.5.
0092b000-0092c000 rw-p 00015000 08:05 66647 /lib/libnsl-2.5.
0092c000-0092e000 rw-p 0092c000 00:00 0
00930000-00939000 r-xp 00000000 08:05 66651 /lib/libcrypt-2.5.
00939000-0093a000 r--p 00008000 08:05 66651 /lib/libcrypt-2.5.
0093a000-0093b000 rw-p 00009000 08:05 66651 /lib/libcrypt-2.5.
0093b000-00962000 rw-p 0093b000 00:00 0
00964000-0096f000 r-xp 00000000 08:05 66646 /lib/libgcc_s-4.1.2-20080825..1
0096f000-00970000 rw-p 0000a000 08:05 66646 /lib/libgcc_s-4.1.2-20080825..1
00972000-00982000 r-xp 00000000 08:05 22236063 /usr/lib/libbz2..1.0.3
00982000-00983000 rw-p 00010000 08:05 22236063 /usr/lib/libbz2..1.0.3
00985000-00995000 r-xp 00000000 08:05 22231206 /usr/lib/libXpm..4.11.0
00995000-00996000 rw-p 00010000 08:05 22231206 /usr/lib/libXpm..4.11.0
00998000-009c8000 r-xp 00000000 08:05 22225300 /usr/lib/libidn..11.5.19
009c8000-009c9000 rw-p 0002f000 08:05 22225300 /usr/lib/libidn..11.5.19
009cb000-009d1000 r-xp 00000000 08:05 22226743 /usr/lib/libltdl..3.1.4
009d1000-009d2000 rw-p 00005000 08:05 22226743 /usr/lib/libltdl..3.1.4
009f6000-009fa000 r-xp 00000000 08:05 65608 /lib/libnss_dns-2.5.
009fa000-009fb000 r--p 00003000 08:05 65608 /lib/libnss_dns-2.5.
009fb000-009fc000 rw-p 00004000 08:05 65608 /lib/libnss_dns-2.5.
00a04000-00a09000 r-xp 00000000 08:05 22227320 /usr/lib/libXdmcp..6.0.0
00a09000-00a0a000 rw-p 00004000 08:05 22227320 /usr/lib/libXdmcp..6.0.0
00a0c000-00a0e000 r-xp 00000000 08:05 22236056 /usr/lib/libXau..6.0.0
00a0e000-00a0f000 rw-p 00001000 08:05 22236056 /usr/lib/libXau..6.0.0
00a11000-00a32000 r-xp 00000000 08:05 22227503 /usr/lib/libjpeg..62.0.0
00a32000-00a33000 rw-p 00020000 08:05 22227503 /usr/lib/libjpeg..62.0.0
00a33000-00b0f000 r-xp 00000000 08:05 23529063 /usr/local/IonCube/ioncube_loader_lin_5.2.
00b0f000-00b12000 rw-p 000dc000 08:05 23529063 /usr/local/IonCube/ioncube_loader_lin_5.2.
00b12000-00b14000 rw-p 00b12000 00:00 0
00b42000-00b43000 r-xp 00b42000 00:00 0 [vd]
00b86000-00ba5000 r-xp 00000000 08:05 66657 /lib/libexpat..0.5.0
00ba5000-00ba7000 rw-p 0001f000 08:05 66657 /lib/libexpat..0.5.0
00bab000-00bc2000 r-xp 00000000 08:05 66660 /lib/libaudit..0.0.0
00bc2000-00bc4000 rw-p 00016000 08:05 66660 /lib/libaudit..0.0.0
00bc6000-00bd0000 r-xp 00000000 08:05 66661 /lib/libpam..0.81.5
00bd0000-00bd1000 rw-p 0000a000 08:05 66661 /lib/libpam..0.81.5
00bf6000-00c07000 r-xp 00000000 08:05 66650 /lib/librelv-2.5.
00c07000-00c08000 r--p 00010000 08:05 66650 /lib/librelv-2.5.
00c08000-00c09000 rw-p 00011000 08:05 66650 /lib/librelv-2.5.
00c09000-00c0b000 rw-p 00c09000 00:00 0
00c0d000-00c0f000 r-xp 00000000 08:05 65846 /lib/libkeyutils-1.2.
00c0f000-00c10000 rw-p 00001000 08:05 65846 /lib/libkeyutils-1.2.
00c17000-00c19000 r-xp 00000000 08:05 66672 /lib/libcom_err..2.1
00c19000-00c1a000 rw-p 00001000 08:05 66672 /lib/libcom_err..2.1
00c1c000-00cfc000 r-xp 00000000 08:05 22226390 /usr/lib/libstdc++..6.0.8
00cfc000-00d00000 r--p 000df000 08:05 22226390 /usr/lib/libstdc++..6.0.8
00d00000-00d01000 rw-p 000e3000 08:05 22226390 /usr/lib/libstdc++..6.0.8
00d01000-00d07000 rw-p 00d01000 00:00 0
00d09000-00d2f000 r-xp 00000000 08:05 22236070 /usr/lib/libk5crypto..3.1
00d2f000-00d30000 rw-p 00025000 08:05 22236070 /usr/lib/libk5crypto..3.1
00d32000-00d5f000 r-xp 00000000 08:05 22237901 /usr/lib/libgssapi_krb5..2.2
00d5f000-00d60000 rw-p 0002d000 08:05 22237901 /usr/lib/libgssapi_krb5..2.2
00d62000-00ddf000 r-xp 00000000 08:05 22226299 /usr/lib/libfreetype..6.3.10
00ddf000-00de2000 rw-p 0007d000 08:05 22226299 /usr/lib/libfreetype..6.3.10
00de2000-00fb1000 r-xp 00000000 08:05 22228639 /usr/lib/libmysqlclient..16.0.0
00fb1000-00ffb000 rw-p 001cf000 08:05 22228639 /usr/lib/libmysqlclient..16.0.0
00ffb000-00ffc000 rw-p 00ffb000 00:00 0
00ffc000-01153000 r-xp 00000000 08:05 65769 /lib/libc-2.5.
01153000-01155000 r--p 00156000 08:05 65769 /lib/libc-2.5.
01155000-01156000 rw-p 00158000 08:05 65769 /lib/libc-2.5.
01156000-01159000 rw-p 01156000 00:00 0
04832000-04887000 r-xp 00000000 08:05 23103675 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/sqlite.
04887000-04889000 rw-p 00055000 08:05 23103675 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/sqlite.
08048000-0863b000 r-xp 00000000 08:05 22237789 /usr/bin/php
0863b000-0866a000 rw-p 005f2000 08:05 22237789 /usr/bin/php
0866a000-08674000 rw-p 0866a000 00:00 0
08f44000-0a26c000 rw-p 08f44000 00:00 0 [heap]
b7c01000-b7f11000 rw-p b7c01000 00:00 0
b7f1a000-b7f1b000 rw-p b7f1a000 00:00 0
bfaa9000-bfabe000 rw-p bffe9000 00:00 0 [stack]