I am not saying there is an exploit, I am asking if this could be? And if not what is it doing? I am not familiar wth recordio, however upon google it states it will show passwords and everything - so...
Why is recordio sending data to China? I am in US. Why is
recordio sending data anywhere?
Is this an exploit? PLEASE advise.
Time: Tue Jul 23 19:43:16 2013 -0400
PID: 16319 (Parent PID:16318)
Account: qmaild
Uptime: 206 seconds
Executable:
/usr/bin/recordio
Command Line (often faked in exploits):
/usr/bin/recordio /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true
Network connections by the process (if any):
tcp: (my ip masked) -> 14.222.46.214:4840
tcp: (my ip masked) -> 14.222.46.214:4840
Files open by the process (if any):
Memory maps by the process (if any):
00400000-00404000 r-xp 00000000 08:05 22156468
/usr/bin/recordio
00603000-00604000 rw-p 00003000 08:05 22156468
/usr/bin/recordio
00604000-00605000 rw-p 00000000 00:00 0
7f68c76b6000-7f68c7840000 r-xp 00000000 08:05 23341174
/lib64/libc-2.12.so
7f68c7840000-7f68c7a3f000 ---p 0018a000 08:05 23341174
/lib64/ libc-2.12.so
7f68c7a3f000-7f68c7a43000 r--p 00189000 08:05 23341174
/lib64/ libc-2.12.so
7f68c7a43000-7f68c7a44000 rw-p 0018d000 08:05 23341174
/lib64/ libc-2.12.so
7f68c7a44000-7f68c7a49000 rw-p 00000000 00:00 0
7f68c7a49000-7f68c7a69000 r-xp 00000000 08:05 23338624
/lib64/ ld-2.12.so
7f68c7c5c000-7f68c7c5f000 rw-p 00000000 00:00 0
7f68c7c67000-7f68c7c68000 rw-p 00000000 00:00 0
7f68c7c68000-7f68c7c69000 r--p 0001f000 08:05 23338624
/lib64/ ld-2.12.so
7f68c7c69000-7f68c7c6a000 rw-p 00020000 08:05 23338624
/lib64/ ld-2.12.so
7f68c7c6a000-7f68c7c6b000 rw-p 00000000 00:00 0
7fffefda0000-7fffefdb5000 rw-p 00000000 00:00 0
[stack]
7fffefdcb000-7fffefdcd000 r-xp 00000000 00:00 0
[vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
I am just overly concerned - if you know what is going on please let me know? SHOULD I disable recordio? Will logs still be wrote for qmailtoaster?
Please advise as soon as possible.
Thank you