92
« on: August 13, 2010, 05:06:23 PM »
Hello,
I am getting strange issue with my 4images gallery, first of all large number of core files were placed in the directory in which the gallery is installed, I contacted my hosting company here is what they replied.
------------------------------------------------
The core files are created by PHP while executing the code in /home/gallery/public_html/download.php.
===============
[root@server themes]# gdb php core.14929 | grep Core
Core was generated by `/usr/bin/php /home/gallery/public_html/download.php'.
Quit
===============
We have turned off core dump in the server now. The OS will not generate any core files. For this we have added the following parameters in the system configuration file (/etc/sysctl.conf).
================
kernel.core_uses_pid = 0
kernel.core_pattern = /dev/null
[root@server themes]# ulimit -a
core file size (blocks, -c) 0
================
We would recommend to contact your PHP developer to check the PHP code. You can view the contents of core file with GNU Debugger 'gdb php <core file>' and check the cause for the core dump.
===============
[root@server ~]#gdb php /home/gallery/public_html/core.14929
(gdb) bt
---------------------------------------
And second issue is that my server is running csf firewall here is what it detected.
--------------------------------------------
lfd on server: Suspicious process running under user gallery
Time: Fri Aug 13 09:53:11 2010 -0500
PID: 9006
Account: gallery
Uptime: 124 seconds
Executable:
/usr/bin/php
Command Line (often faked in exploits):
/usr/bin/php /home/gallery/public_html/download.php
Network connections by the process (if any):
Files open by the process (if any):
Memory maps by the process (if any):
00101000-0022b000 r-xp 00000000 08:05 2295394 /lib/libcrypto.so.0.9.8e
0022b000-0023e000 rw-p 00129000 08:05 2295394 /lib/libcrypto.so.0.9.8e
0023e000-00242000 rw-p 00000000 00:00 0
00244000-00274000 r-xp 00000000 08:03 1310775 /usr/lib/libidn.so.11.5.19
00274000-00275000 rw-p 0002f000 08:03 1310775 /usr/lib/libidn.so.11.5.19
00285000-00295000 r-xp 00000000 08:05 2295403 /lib/libresolv-2.5.so
00295000-00296000 r--p 0000f000 08:05 2295403 /lib/libresolv-2.5.so
00296000-00297000 rw-p 00010000 08:05 2295403 /lib/libresolv-2.5.so
00297000-00299000 rw-p 00000000 00:00 0
0031d000-003fd000 r-xp 00000000 08:03 724089 /usr/lib/libstdc++.so.6.0.8
003fd000-00401000 r--p 000df000 08:03 724089 /usr/lib/libstdc++.so.6.0.8
00401000-00402000 rw-p 000e3000 08:03 724089 /usr/lib/libstdc++.so.6.0.8
00402000-00408000 rw-p 00000000 00:00 0
00415000-00417000 r-xp 00000000 08:05 2295402 /lib/libkeyutils-1.2.so
00417000-00418000 rw-p 00001000 08:05 2295402 /lib/libkeyutils-1.2.so
0041a000-004ad000 r-xp 00000000 08:03 1310753 /usr/lib/libkrb5.so.3.3
004ad000-004b0000 rw-p 00092000 08:03 1310753 /usr/lib/libkrb5.so.3.3
004b2000-004ba000 r-xp 00000000 08:03 1310748 /usr/lib/libkrb5support.so.0.1
004ba000-004bb000 rw-p 00007000 08:03 1310748 /usr/lib/libkrb5support.so.0.1
004bd000-004e2000 r-xp 00000000 08:03 1310749 /usr/lib/libk5crypto.so.3.1
004e2000-004e3000 rw-p 00025000 08:03 1310749 /usr/lib/libk5crypto.so.3.1
004e5000-00502000 r-xp 00000000 08:03 723450 /usr/lib/libexpat.so.0.4.0
00502000-00504000 rw-p 0001c000 08:03 723450 /usr/lib/libexpat.so.0.4.0
00522000-0054f000 r-xp 00000000 08:03 1310754 /usr/lib/libgssapi_krb5.so.2.2
0054f000-00550000 rw-p 0002d000 08:03 1310754 /usr/lib/libgssapi_krb5.so.2.2
005a6000-005c7000 r-xp 00000000 08:03 724094 /usr/lib/libjpeg.so.62.0.0
005c7000-005c8000 rw-p 00020000 08:03 724094 /usr/lib/libjpeg.so.62.0.0
00716000-0075a000 r-xp 00000000 08:05 2295396 /lib/libssl.so.0.9.8e
0075a000-0075e000 rw-p 00043000 08:05 2295396 /lib/libssl.so.0.9.8e
007a1000-007c6000 r-xp 00000000 08:03 1310771 /usr/lib/libpng12.so.0.10.0
007c6000-007c7000 rw-p 00024000 08:03 1310771 /usr/lib/libpng12.so.0.10.0
007c9000-008f5000 r-xp 00000000 08:03 723855 /usr/lib/libmysqlclient.so.15.0.0
008f5000-00924000 rw-p 0012c000 08:03 723855 /usr/lib/libmysqlclient.so.15.0.0
00924000-00925000 rw-p 00000000 00:00 0
009a2000-009bd000 r-xp 00000000 08:05 2294035 /lib/ld-2.5.so
009bd000-009be000 r--p 0001a000 08:05 2294035 /lib/ld-2.5.so
009be000-009bf000 rw-p 0001b000 08:05 2294035 /lib/ld-2.5.so
009c1000-00b13000 r-xp 00000000 08:05 2295325 /lib/libc-2.5.so
00b13000-00b15000 r--p 00152000 08:05 2295325 /lib/libc-2.5.so
00b15000-00b16000 rw-p 00154000 08:05 2295325 /lib/libc-2.5.so
00b16000-00b19000 rw-p 00000000 00:00 0
00b1b000-00b1e000 r-xp 00000000 08:05 2295327 /lib/libdl-2.5.so
00b1e000-00b1f000 r--p 00002000 08:05 2295327 /lib/libdl-2.5.so
00b1f000-00b20000 rw-p 00003000 08:05 2295327 /lib/libdl-2.5.so
00b22000-00b49000 r-xp 00000000 08:05 2295329 /lib/libm-2.5.so
00b49000-00b4a000 r--p 00026000 08:05 2295329 /lib/libm-2.5.so
00b4a000-00b4b000 rw-p 00027000 08:05 2295329 /lib/libm-2.5.so
00b4d000-00b62000 r-xp 00000000 08:05 2295349 /lib/libpthread-2.5.so
00b62000-00b63000 r--p 00015000 08:05 2295349 /lib/libpthread-2.5.so
00b63000-00b64000 rw-p 00016000 08:05 2295349 /lib/libpthread-2.5.so
00b64000-00b66000 rw-p 00000000 00:00 0
00b68000-00b7a000 r-xp 00000000 08:03 724095 /usr/lib/libz.so.1.2.3
00b7a000-00b7b000 rw-p 00011000 08:03 724095 /usr/lib/libz.so.1.2.3
00b7d000-00b93000 r-xp 00000000 08:05 2295383 /lib/libselinux.so.1
00b93000-00b95000 rw-p 00015000 08:05 2295383 /lib/libselinux.so.1
00b97000-00bd2000 r-xp 00000000 08:05 2295382 /lib/libsepol.so.1
00bd2000-00bd3000 rw-p 0003a000 08:05 2295382 /lib/libsepol.so.1
00bd3000-00bdd000 rw-p 00000000 00:00 0
00bdf000-00be6000 r-xp 00000000 08:05 2295362 /lib/librt-2.5.so
00be6000-00be7000 r--p 00007000 08:05 2295362 /lib/librt-2.5.so
00be7000-00be8000 rw-p 00008000 08:05 2295362 /lib/librt-2.5.so
00bea000-00bff000 r-xp 00000000 08:05 2294008 /lib/libnsl-2.5.so
00bff000-00c00000 r--p 00014000 08:05 2294008 /lib/libnsl-2.5.so
00c00000-00c01000 rw-p 00015000 08:05 2294008 /lib/libnsl-2.5.so
00c01000-00c03000 rw-p 00000000 00:00 0
00c05000-00c0e000 r-xp 00000000 08:05 2295331 /lib/libcrypt-2.5.so
00c0e000-00c0f000 r--p 00008000 08:05 2295331 /lib/libcrypt-2.5.so
00c0f000-00c10000 rw-p 00009000 08:05 2295331 /lib/libcrypt-2.5.so
00c10000-00c37000 rw-p 00000000 00:00 0
00c39000-00c49000 r-xp 00000000 08:03 1310758 /usr/lib/libXpm.so.4.11.0
00c49000-00c4a000 rw-p 00010000 08:03 1310758 /usr/lib/libXpm.so.4.11.0
00c4c000-00c85000 r-xp 00000000 08:03 1310782 /usr/lib/libldap-2.3.so.0.2.15
00c85000-00c86000 rw-p 00039000 08:03 1310782 /usr/lib/libldap-2.3.so.0.2.15
00c8c000-00ca4000 r-xp 00000000 08:03 1310752 /usr/lib/libsasl2.so.2.0.22
00ca4000-00ca5000 rw-p 00017000 08:03 1310752 /usr/lib/libsasl2.so.2.0.22
00ca7000-00cb4000 r-xp 00000000 08:03 1310781 /usr/lib/liblber-2.3.so.0.2.15
00cb4000-00cb5000 rw-p 0000c000 08:03 1310781 /usr/lib/liblber-2.3.so.0.2.15
00cb7000-00cbd000 r-xp 00000000 08:03 723366 /usr/lib/libltdl.so.3.1.4
00cbd000-00cbe000 rw-p 00005000 08:03 723366 /usr/lib/libltdl.so.3.1.4
00cd9000-00cde000 r-xp 00000000 08:03 724080 /usr/lib/libXdmcp.so.6.0.0
00cde000-00cdf000 rw-p 00004000 08:03 724080 /usr/lib/libXdmcp.so.6.0.0
00ce1000-00cec000 r-xp 00000000 08:05 2295346 /lib/libgcc_s-4.1.2-20080825.so.1
00cec000-00ced000 rw-p 0000a000 08:05 2295346 /lib/libgcc_s-4.1.2-20080825.so.1
00cef000-00cf1000 r-xp 00000000 08:03 724079 /usr/lib/libXau.so.6.0.0
00cf1000-00cf2000 rw-p 00001000 08:03 724079 /usr/lib/libXau.so.6.0.0
00cf4000-00df3000 r-xp 00000000 08:03 724083 /usr/lib/libX11.so.6.2.0
00df3000-00df7000 rw-p 000ff000 08:03 724083 /usr/lib/libX11.so.6.2.0
00df9000-00dfb000 r-xp 00000000 08:05 2295395 /lib/libcom_err.so.2.1
00dfb000-00dfc000 rw-p 00001000 08:05 2295395 /lib/libcom_err.so.2.1
08048000-08573000 r-xp 00000000 08:03 1971159 /usr/bin/php
08573000-0859a000 rw-p 0052b000 08:03 1971159 /usr/bin/php
0859a000-085a3000 rw-p 00000000 00:00 0
0a297000-0a55e000 rw-p 00000000 00:00 0 [heap]
4c553000-4c5d0000 r-xp 00000000 08:03 723301 /usr/lib/libfreetype.so.6.3.10
4c5d0000-4c5d3000 rw-p 0007d000 08:03 723301 /usr/lib/libfreetype.so.6.3.10
b61f2000-b71f2000 rw-s 00000000 00:04 1610285060 /SYSV00000000 (deleted)
b71f2000-b71fc000 r-xp 00000000 08:05 2294011 /lib/libnss_files-2.5.so
b71fc000-b71fd000 r--p 00009000 08:05 2294011 /lib/libnss_files-2.5.so
b71fd000-b71fe000 rw-p 0000a000 08:05 2294011 /lib/libnss_files-2.5.so
b71fe000-b721e000 r-xp 00000000 08:03 524896 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/suhosin.so
b721e000-b7222000 rw-p 0001f000 08:03 524896 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/suhosin.so
b7222000-b7225000 rw-p 00000000 00:00 0
b7225000-b723d000 r-xp 00000000 08:03 524897 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so
b723d000-b723e000 rw-p 00017000 08:03 524897 /usr/local/lib/php/extensions/no-debug-non-zts-20060613/eaccelerator.so
b723e000-b7389000 r-xp 00000000 08:03 1441809 /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so
b7389000-b739a000 rw-p 0014b000 08:03 1441809 /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so
b739a000-b739f000 rw-p 00000000 00:00 0
b739f000-b748b000 r-xp 00000000 08:03 1869310 /usr/local/IonCube/ioncube_loader_lin_5.2.so
b748b000-b7490000 rw-p 000eb000 08:03 1869310 /usr/local/IonCube/ioncube_loader_lin_5.2.so
b74cb000-b74cf000 r-xp 00000000 08:05 2293963 /lib/libnss_dns-2.5.so
b74cf000-b74d0000 r--p 00003000 08:05 2293963 /lib/libnss_dns-2.5.so
b74d0000-b74d1000 rw-p 00004000 08:05 2293963 /lib/libnss_dns-2.5.so
b74d1000-b74d7000 rw-p 00000000 00:00 0
b74d7000-b75f0000 r-xp 00000000 08:05 656323 /opt/xml2/lib/libxml2.so.2.7.6
b75f0000-b75f5000 rw-p 00118000 08:05 656323 /opt/xml2/lib/libxml2.so.2.7.6
b75f5000-b75f7000 rw-p 00000000 00:00 0
b75f7000-b762b000 r-xp 00000000 08:05 688497 /opt/xslt/lib/libxslt.so.1.1.26
b762b000-b762c000 rw-p 00034000 08:05 688497 /opt/xslt/lib/libxslt.so.1.1.26
b762c000-b762d000 rw-p 00000000 00:00 0
b762d000-b7678000 r-xp 00000000 08:05 656320 /opt/curlssl/lib/libcurl.so.4.2.0
b7678000-b767a000 rw-p 0004a000 08:05 656320 /opt/curlssl/lib/libcurl.so.4.2.0
b767a000-b76ac000 r-xp 00000000 08:05 688650 /opt/pcre/lib/libpcre.so.0.0.1
b76ac000-b76ad000 rw-p 00031000 08:05 688650 /opt/pcre/lib/libpcre.so.0.0.1
b76ad000-b76ae000 rw-p 00000000 00:00 0
b76ae000-b76d5000 r-xp 00000000 08:05 688212 /opt/libmcrypt/lib/libmcrypt.so.4.4.8
b76d5000-b76d8000 rw-p 00027000 08:05 688212 /opt/libmcrypt/lib/libmcrypt.so.4.4.8
b76d8000-b76de000 rw-p 00000000 00:00 0
b76de000-b7723000 r-xp 00000000 08:05 688310 /opt/mhash/lib/libmhash.so.2.0.1
b7723000-b7724000 rw-p 00044000 08:05 688310 /opt/mhash/lib/libmhash.so.2.0.1
b7724000-b7769000 r-xp 00000000 08:05 688482 /opt/tidy/lib/libtidy-0.99.so.0.0.0
b7769000-b776e000 rw-p 00045000 08:05 688482 /opt/tidy/lib/libtidy-0.99.so.0.0.0
b776e000-b776f000 rw-p 00000000 00:00 0
b776f000-b777f000 r-xp 00000000 08:05 688530 /opt/xslt/lib/libexslt.so.0.8.15
b777f000-b7780000 rw-p 0000f000 08:05 688530 /opt/xslt/lib/libexslt.so.0.8.15
b778b000-b778c000 rw-p 00000000 00:00 0
b778c000-b778d000 r-xp 00000000 00:00 0 [vdso]
bf88f000-bf8af000 rwxp 00000000 00:00 0 [stack]
bf8af000-bf8b0000 rw-p 00000000 00:00 0
----------------------------------
I am running the latest version of 4images. And cache is enabled on the gallery.
Please Help.