Author Topic: Tons of root emails related to teamspeak  (Read 7326 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Tons of root emails related to teamspeak
« on: March 19, 2018, 12:03:51 PM »
Is it normal? That every hour is email sent related to teamspeak server only.

content of every email is basically same:
Code: [Select]
Time:    Mon Mar 19 10:00:43 2018 +0100
PID:     15170 (Parent PID:15170)
Account: ts3
Uptime:  841167 seconds


Executable:

/home/ts3/ts3server_linux_amd64


Command Line (often faked in exploits):

./ts3server_linux_amd64


Network connections by the process (if any):

tcp: 0.0.0.0:30033 -> 0.0.0.0:0
udp: serverip:46636 -> IP:2010
udp: 0.0.0.0:9987 -> 0.0.0.0:0
tcp: 0.0.0.0:10011 -> 0.0.0.0:0


Files open by the process (if any):

/dev/null
/dev/null
/home/ts3/logs/ts3server_2018-03-09__15_21_16.309634_0.log
/home/ts3/ts3server.sqlitedb
/home/ts3/ts3server.sqlitedb
/home/ts3/ts3server.sqlitedb
/home/ts3/ts3server.sqlitedb
/home/ts3/ts3server.sqlitedb
/home/ts3/ts3server.sqlitedb
/home/ts3/ts3server.sqlitedb
/home/ts3/ts3server.sqlitedb
/home/ts3/ts3server.sqlitedb
/home/ts3/ts3server.sqlitedb
anon_inode:[eventpoll]
/dev/shm/7gbhujb54g8z9hu43jre8
anon_inode:[eventpoll]
anon_inode:[eventpoll]
/home/ts3/logs/ts3server_2018-03-09__15_21_16.309634_1.log


Memory maps by the process (if any):

00400000-0083f000 r-xp 00000000 08:02 16908546                           /home/ts3/ts3server_linux_amd64
00a3e000-00b71000 rw-p 0043e000 08:02 16908546                           /home/ts3/ts3server_linux_amd64
00b71000-010c5000 rw-p 00000000 00:00 0                                  [heap]
7f7620000000-7f7620021000 rw-p 00000000 00:00 0
7f7620021000-7f7624000000 ---p 00000000 00:00 0
7f7624000000-7f7624021000 rw-p 00000000 00:00 0
7f7624021000-7f7628000000 ---p 00000000 00:00 0
7f7628000000-7f7628021000 rw-p 00000000 00:00 0
7f7628021000-7f762c000000 ---p 00000000 00:00 0
7f762c000000-7f762c021000 rw-p 00000000 00:00 0
7f762c021000-7f7630000000 ---p 00000000 00:00 0
7f7630000000-7f7630021000 rw-p 00000000 00:00 0
7f7630021000-7f7634000000 ---p 00000000 00:00 0
7f7634000000-7f7634021000 rw-p 00000000 00:00 0
7f7634021000-7f7638000000 ---p 00000000 00:00 0
7f7638000000-7f7638021000 rw-p 00000000 00:00 0
7f7638021000-7f763c000000 ---p 00000000 00:00 0
7f763c000000-7f763c021000 rw-p 00000000 00:00 0
7f763c021000-7f7640000000 ---p 00000000 00:00 0
7f7640000000-7f7640021000 rw-p 00000000 00:00 0
7f7640021000-7f7644000000 ---p 00000000 00:00 0
7f7644000000-7f7644021000 rw-p 00000000 00:00 0
7f7644021000-7f7648000000 ---p 00000000 00:00 0
7f7648000000-7f7648021000 rw-p 00000000 00:00 0
7f7648021000-7f764c000000 ---p 00000000 00:00 0
7f764c000000-7f764c021000 rw-p 00000000 00:00 0
7f764c021000-7f7650000000 ---p 00000000 00:00 0
7f7650000000-7f7650021000 rw-p 00000000 00:00 0
7f7650021000-7f7654000000 ---p 00000000 00:00 0
7f7654000000-7f7654021000 rw-p 00000000 00:00 0
7f7654021000-7f7658000000 ---p 00000000 00:00 0
7f7658000000-7f7658023000 rw-p 00000000 00:00 0
7f7658023000-7f765c000000 ---p 00000000 00:00 0
7f765c000000-7f765c021000 rw-p 00000000 00:00 0
7f765c021000-7f7660000000 ---p 00000000 00:00 0
7f7660000000-7f7660062000 rw-p 00000000 00:00 0
7f7660062000-7f7664000000 ---p 00000000 00:00 0
7f7664000000-7f766403e000 rw-p 00000000 00:00 0
7f766403e000-7f7668000000 ---p 00000000 00:00 0
7f7668000000-7f766803d000 rw-p 00000000 00:00 0
7f766803d000-7f766c000000 ---p 00000000 00:00 0
7f766c000000-7f766c046000 rw-p 00000000 00:00 0
7f766c046000-7f7670000000 ---p 00000000 00:00 0
7f7670000000-7f767003c000 rw-p 00000000 00:00 0
7f767003c000-7f7674000000 ---p 00000000 00:00 0
7f7674000000-7f76742f8000 rw-p 00000000 00:00 0
7f76742f8000-7f7678000000 ---p 00000000 00:00 0
7f7678000000-7f767803e000 rw-p 00000000 00:00 0
7f767803e000-7f767c000000 ---p 00000000 00:00 0
7f767c000000-7f767c2df000 rw-p 00000000 00:00 0
7f767c2df000-7f7680000000 ---p 00000000 00:00 0
7f7681c2c000-7f7681c2d000 ---p 00000000 00:00 0
7f7681c2d000-7f7681d2d000 rw-p 00000000 00:00 0
7f7681d2d000-7f7681d2e000 ---p 00000000 00:00 0
7f7681d2e000-7f7681e2e000 rw-p 00000000 00:00 0
7f7681e2e000-7f7681e2f000 ---p 00000000 00:00 0
7f7681e2f000-7f7681f2f000 rw-p 00000000 00:00 0
7f7681f2f000-7f7681f30000 ---p 00000000 00:00 0
7f7681f30000-7f7682030000 rw-p 00000000 00:00 0
7f7682030000-7f7682031000 ---p 00000000 00:00 0
7f7682031000-7f7682131000 rw-p 00000000 00:00 0
7f7682131000-7f7682132000 ---p 00000000 00:00 0
7f7682132000-7f7682232000 rw-p 00000000 00:00 0
7f7682232000-7f7682233000 ---p 00000000 00:00 0
7f7682233000-7f7682333000 rw-p 00000000 00:00 0
7f7682333000-7f7682334000 ---p 00000000 00:00 0
7f7682334000-7f7682434000 rw-p 00000000 00:00 0
7f7682434000-7f7682435000 ---p 00000000 00:00 0
7f7682435000-7f7682535000 rw-p 00000000 00:00 0
7f7682535000-7f7682536000 ---p 00000000 00:00 0
7f7682536000-7f7682636000 rw-p 00000000 00:00 0
7f7682636000-7f7682637000 ---p 00000000 00:00 0
7f7682637000-7f7682737000 rw-p 00000000 00:00 0
7f7682737000-7f7682738000 ---p 00000000 00:00 0
7f7682738000-7f7682838000 rw-p 00000000 00:00 0
7f7682838000-7f7682839000 ---p 00000000 00:00 0
7f7682839000-7f7682939000 rw-p 00000000 00:00 0
7f7682939000-7f768293a000 ---p 00000000 00:00 0
7f768293a000-7f7682a3a000 rw-p 00000000 00:00 0
7f7682a3a000-7f7682a3b000 ---p 00000000 00:00 0
7f7682a3b000-7f7682b3b000 rw-p 00000000 00:00 0
7f7682b3b000-7f7682b3c000 ---p 00000000 00:00 0
7f7682b3c000-7f7682d5a000 rw-p 00000000 00:00 0
7f7682d5a000-7f7682d70000 r-xp 00000000 08:01 264007                     /usr/lib64/libresolv-2.17.so
7f7682d70000-7f7682f70000 ---p 00016000 08:01 264007                     /usr/lib64/libresolv-2.17.so
7f7682f70000-7f7682f71000 r--p 00016000 08:01 264007                     /usr/lib64/libresolv-2.17.so
7f7682f71000-7f7682f72000 rw-p 00017000 08:01 264007                     /usr/lib64/libresolv-2.17.so
7f7682f72000-7f7682f74000 rw-p 00000000 00:00 0
7f7682f74000-7f7682f79000 r-xp 00000000 08:01 263052                     /usr/lib64/libnss_dns-2.17.so
7f7682f79000-7f7683178000 ---p 00005000 08:01 263052                     /usr/lib64/libnss_dns-2.17.so
7f7683178000-7f7683179000 r--p 00004000 08:01 263052                     /usr/lib64/libnss_dns-2.17.so
7f7683179000-7f768317a000 rw-p 00005000 08:01 263052                     /usr/lib64/libnss_dns-2.17.so
7f768317a000-7f7683186000 r-xp 00000000 08:01 263258                     /usr/lib64/libnss_files-2.17.so
7f7683186000-7f7683385000 ---p 0000c000 08:01 263258                     /usr/lib64/libnss_files-2.17.so
7f7683385000-7f7683386000 r--p 0000b000 08:01 263258                     /usr/lib64/libnss_files-2.17.so
7f7683386000-7f7683387000 rw-p 0000c000 08:01 263258                     /usr/lib64/libnss_files-2.17.so
7f7683387000-7f768338d000 rw-p 00000000 00:00 0
7f768338d000-7f768338e000 ---p 00000000 00:00 0
7f768338e000-7f768348e000 rw-p 00000000 00:00 0
7f768348e000-7f768348f000 ---p 00000000 00:00 0
7f768348f000-7f768358f000 rw-p 00000000 00:00 0
7f768358f000-7f7683590000 ---p 00000000 00:00 0
7f7683590000-7f7683690000 rw-p 00000000 00:00 0
7f7683690000-7f7683691000 ---p 00000000 00:00 0
7f7683691000-7f7683e91000 rw-p 00000000 00:00 0
7f7683e91000-7f7683e92000 ---p 00000000 00:00 0
7f7683e92000-7f7684692000 rw-p 00000000 00:00 0
7f7684692000-7f7684693000 ---p 00000000 00:00 0
7f7684693000-7f7684793000 rw-p 00000000 00:00 0
7f7684793000-7f7684794000 ---p 00000000 00:00 0
7f7684794000-7f7684894000 rw-p 00000000 00:00 0
7f7684894000-7f76849f9000 r-xp 00000000 08:02 16908540                   /home/ts3/libts3db_sqlite3.so
7f76849f9000-7f7684bf9000 ---p 00165000 08:02 16908540                   /home/ts3/libts3db_sqlite3.so
7f7684bf9000-7f7684c03000 rw-p 00165000 08:02 16908540                   /home/ts3/libts3db_sqlite3.so
7f7684c03000-7f7684c17000 rw-p 00000000 00:00 0
7f7684c17000-7f7684dcf000 r-xp 00000000 08:01 263230                     /usr/lib64/libc-2.17.so
7f7684dcf000-7f7684fcf000 ---p 001b8000 08:01 263230                     /usr/lib64/libc-2.17.so
7f7684fcf000-7f7684fd3000 r--p 001b8000 08:01 263230                     /usr/lib64/libc-2.17.so
7f7684fd3000-7f7684fd5000 rw-p 001bc000 08:01 263230                     /usr/lib64/libc-2.17.so
7f7684fd5000-7f7684fda000 rw-p 00000000 00:00 0
7f7684fda000-7f7684fef000 r-xp 00000000 08:01 263039                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f7684fef000-7f76851ee000 ---p 00015000 08:01 263039                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f76851ee000-7f76851ef000 r--p 00014000 08:01 263039                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f76851ef000-7f76851f0000 rw-p 00015000 08:01 263039                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f76851f0000-7f76852f1000 r-xp 00000000 08:01 264025                     /usr/lib64/libm-2.17.so
7f76852f1000-7f76854f0000 ---p 00101000 08:01 264025                     /usr/lib64/libm-2.17.so
7f76854f0000-7f76854f1000 r--p 00100000 08:01 264025                     /usr/lib64/libm-2.17.so
7f76854f1000-7f76854f2000 rw-p 00101000 08:01 264025                     /usr/lib64/libm-2.17.so
7f76854f2000-7f7685509000 r-xp 00000000 08:01 263010                     /usr/lib64/libpthread-2.17.so
7f7685509000-7f7685708000 ---p 00017000 08:01 263010                     /usr/lib64/libpthread-2.17.so
7f7685708000-7f7685709000 r--p 00016000 08:01 263010                     /usr/lib64/libpthread-2.17.so
7f7685709000-7f768570a000 rw-p 00017000 08:01 263010                     /usr/lib64/libpthread-2.17.so
7f768570a000-7f768570e000 rw-p 00000000 00:00 0
7f768570e000-7f7685715000 r-xp 00000000 08:01 263591                     /usr/lib64/librt-2.17.so
7f7685715000-7f7685914000 ---p 00007000 08:01 263591                     /usr/lib64/librt-2.17.so
7f7685914000-7f7685915000 r--p 00006000 08:01 263591                     /usr/lib64/librt-2.17.so
7f7685915000-7f7685916000 rw-p 00007000 08:01 263591                     /usr/lib64/librt-2.17.so
7f7685916000-7f7685918000 r-xp 00000000 08:01 263242                     /usr/lib64/libdl-2.17.so
7f7685918000-7f7685b18000 ---p 00002000 08:01 263242                     /usr/lib64/libdl-2.17.so
7f7685b18000-7f7685b19000 r--p 00002000 08:01 263242                     /usr/lib64/libdl-2.17.so
7f7685b19000-7f7685b1a000 rw-p 00003000 08:01 263242                     /usr/lib64/libdl-2.17.so
7f7685b1a000-7f7685b3b000 r-xp 00000000 08:01 263291                     /usr/lib64/ld-2.17.so
7f7685be7000-7f7685be8000 ---p 00000000 00:00 0
7f7685be8000-7f7685bf8000 rw-p 00000000 00:00 0
7f7685bf8000-7f7685bf9000 ---p 00000000 00:00 0
7f7685bf9000-7f7685c09000 rw-p 00000000 00:00 0
7f7685c09000-7f7685c0a000 ---p 00000000 00:00 0
7f7685c0a000-7f7685c1a000 rw-p 00000000 00:00 0
7f7685c1a000-7f7685c1b000 ---p 00000000 00:00 0
7f7685c1b000-7f7685c2b000 rw-p 00000000 00:00 0
7f7685c2b000-7f7685c2c000 rw-s 00000000 00:10 161211                     /dev/shm/7gbhujb54g8z9hu43jre8
7f7685c2c000-7f7685c2d000 ---p 00000000 00:00 0
7f7685c2d000-7f7685d33000 rw-p 00000000 00:00 0
7f7685d33000-7f7685d3a000 r--s 00000000 08:01 263432                     /usr/lib64/gconv/gconv-modules.cache
7f7685d3a000-7f7685d3b000 rw-p 00000000 00:00 0
7f7685d3b000-7f7685d3c000 r--p 00021000 08:01 263291                     /usr/lib64/ld-2.17.so
7f7685d3c000-7f7685d3d000 rw-p 00022000 08:01 263291                     /usr/lib64/ld-2.17.so
7f7685d3d000-7f7685d3e000 rw-p 00000000 00:00 0
7ffc99a2c000-7ffc99a4d000 rw-p 00000000 00:00 0                          [stack]
7ffc99b9b000-7ffc99b9d000 r--p 00000000 00:00 0                          [vvar]
7ffc99b9d000-7ffc99b9f000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

« Last Edit: March 19, 2018, 12:05:43 PM by Roman »

Offline
*
Re: Tons of root emails related to teamspeak
« Reply #1 on: March 19, 2018, 02:12:03 PM »
You need to edit this file: /etc/csf/csf.pignore it will do the same with the radios and others.

Here is all the info you need:
http://wiki.centos-webpanel.com/csflfd-firewall-configuration