help with usr/bin/php request script

[Steph1122]

My site got suspended because this script was overloading the server.

here is an example of the problematic script:

 

9320 janetmed 19 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9328 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9330 janetmed 17 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9332 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9334 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9335 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9336 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9341 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9342 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9344 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9353 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9355 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9357 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9359 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9364 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9365 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9367 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9383 janetmed 16 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9385 janetmed 16 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9387 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9388 janetmed 16 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9393 janetmed 17 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9394 janetmed 17 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9399 janetmed 17 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

 

The problem I'm having is that I dont know where that script is located or what it does. I run a PHP-Nuke and a e107 site on my server

Any help in just pointing me in the direction of just finding the script would really help me. Thanks

[sKunKbad]

Call you host. Make them work for their money.

[trq]

Have you got any crons setup to execute php scripts? /usr/bin/php is an executable binary that is generally used to execute scripts via the terminal. Either you have a cron calling the request.php this file, or your server has been comprimised in some way.

 

[Steph1122]

I dont know what a cron is so i didnt set anything up with that. what do you mean by execute scripts via the terminal? ???

[trq]

PHP can be run from the terminal (command line). Maybe PHP-Nuke setup a cron job. Cron is an application that runs scripts at set intervals.

 

You really need to find that request.php file before we could be of much more assitance.

[Steph1122]

Im havin a real hard time finding it. I cant even find my usr/bin folder. there is nothing in php nuke like that.

Have any idea where that might be?

[DyslexicDog]

No you need to find the request.php file in your site. /usr/bin/php is the php engine and it's running the request.php file.

 

The details in your first post are an output from a program similar to task manager.

 

9320 janetmed 19 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9328 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9330 janetmed 17 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9332 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9334 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9335 janetmed 18 0 53428 8560 4136 S 1 0.4 0:00.04 /usr/bin/php request.php

9365 janetmed      18      0          53428        8560        4136        S        1 0.4            0:00.04          /usr/bin/php          request.php

 

The first number is the ID for the process as you can see the request.php file is being called over and over again.