hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : bindshell... INFECTED (PORTS: 465)
Reply

Hosting Security and Technology Configuring and optimizing web hosting servers and operating systems, developing administration scripts, building servers, protecting against hackers, and general security (SSL certificates, etc.)
Forum Jump

bindshell... INFECTED (PORTS: 465)

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 12-05-2004, 03:45 AM
Tamranda_Ankit Tamranda_Ankit is offline
Disabled
  
Join Date: Aug 2004
Location: Delhi, India
Posts: 213

bindshell... INFECTED (PORTS: 465)

Hello,

I jsut now got a chkrootkit mail from my server ... everything was fine .... until i saw this :O

Checking `bindshell'... INFECTED (PORTS: 465)

Although I have APF ... will it still allow this thing to do traffic on port 465 ?

& How can I remove this thing ?

Reply With Quote


Sponsored Links
  #2  
Old 12-05-2004, 03:51 AM
Tamranda_Ankit Tamranda_Ankit is offline
Disabled
  
Join Date: Aug 2004
Location: Delhi, India
Posts: 213
lol ... found out that exim was listening to it ... so a fake alarm ...

# fuser -vn tcp 465

USER PID ACCESS COMMAND
465/tcp root 5655 f.... exim

Last edited by Tamranda_Ankit; 12-05-2004 at 04:01 AM.
Reply With Quote
  #3  
Old 12-05-2004, 04:52 AM
Captian_Spike Captian_Spike is offline
Web Hosting Master
  
Join Date: Nov 2003
Location: Canada
Posts: 881
Did you ever see this before in the chrootkit email?

You should just do a double check to make sure some program isn't appearing to be exim. There are valid reasons exim could be listening on this port, but it never hurts to be carefull.

Reply With Quote
Sponsored Links
  #4  
Old 12-05-2004, 04:58 AM
Tamranda_Ankit Tamranda_Ankit is offline
Disabled
  
Join Date: Aug 2004
Location: Delhi, India
Posts: 213
Hello,

Thanks for the Suggestion.

I tried opening the Port on telnet, SSH & on browser ... doesn't work .. used the Grep Command & used rkhunter too

Everything is fine.

Thanks Again

Reply With Quote
  #5  
Old 12-05-2004, 05:25 AM
TR Seeks TR Seeks is offline
Web Hosting Master
  
Join Date: Jan 2004
Location: UK
Posts: 1,345
Yes, This is a very common "fake" error. False negative, which happens on most cPanel systems.

Reply With Quote
Reply

Related posts from TheWhir.com
Title Type Date Posted
SSHD Rootkit in the Wild Blog 2013-02-22 16:44:08
Security Provider Websense Discovers Fake Symantec Emails Distributing Malware Web Hosting News 2012-08-29 14:44:19
Dome9 Study Finds Cloud Vulnerable Without Secure Cloud Ports and Firewalls Web Hosting News 2011-11-02 15:37:19
Akamai Report Names Taiwan Number-One Source of Attack Traffic Web Hosting News 2011-10-28 18:33:23
FBI Scrubs 19,000 PCs Infected by Coreflood Bot Malware Web Hosting News 2011-06-23 15:32:40


« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:

cPanel Addresses User Concerns of Transfer and Backup Restore System Security

US Attorney says Government Should Have Warrants to Search Email

8kMiles Acquires Cloud Security Firm FuGen Solutions for $7.5 Million

Name.com Resets Customer Passwords After Security Breach

Outbound Spam Causing Sleepless Nights?

Malwarebytes Launches Data Scan-and-Backup Service

Commtouch Report: Spam, Malware Continues to Increase in Q1 2013

Researchers Urge System Admins to Check for New Apache Web Server Backdoor Malware

APWG Study Finds Phishers Increasingly Target Shared Virtual Servers

Man Arrested in Connection to Spamhaus DDoS Attacks



 

Learn more about advertising opportunities across the iNET Interactive Network.

LiquidWeb
X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?