tags:

views:

326

answers:

4

hello,

i found out that my server is getting slower and slower.

on command top i get response that i have a lot svcrack.py and svwar.py processes active.

can you tell me what are those?

thank you in advance!

+2  A: 

Somebody is running a password cracker on your server. If it's not you, then your server has been compromised. Tread carefully.

Greg Hewgill
for what are used those two except passwords crack?
A: 

Doesn't sound nice anyway... Just googling those two process names returns me pages I can't open at work:

http://www.darknet.org.uk/tag/svcrack/

http://webcache.googleusercontent.com/search?q=cache:70I2elB01lQJ:sipvicious.org/blog/2007/11/introduction-to-svcrack.html+svcrack.py&cd=1&hl=en&ct=clnk&gl=uk

I would be investigating to see if the process running on your service is this, and if it is, taking some decisive action to stop it - unless you have it running for some reason?

All the results arelinked to VOIP and SIP.

Dave

Dave
A: 

Hi there - as everyone else said, that's part of SIPVicious, of which I'm the original author. Your server got compromised (somehow) and is being used to scan and compromise PBX servers open on the internet.

I would like more details about your case. Would be great if you could get in contact - [email protected]

  • sandro
Sandro Gauci
A: 

I have the same problem. Under what name would they be? I can't find the scripts.

Carlos
i found them in subdirectory of /var/run. can't remember dir name... they where hidden files. check there.