Results 1 to 8 of 8
-
06-03-2005, 03:43 AM #1Web Hosting Master
- Join Date
- Jul 2004
- Posts
- 873
Trojan Horses Detected by (WHM) on server.domain.com
hi
is this a trojan ?
Hidden Pid detected! [pid 19147]
hidden from ps: [yes]
binary location: [/usr/sbin/named]
Hidden Pid detected! [pid 19148]
hidden from ps: [yes]
binary location: [/usr/sbin/named]
Hidden Pid detected! [pid 19149]
hidden from ps: [yes]
binary location: [/usr/sbin/named]
Hidden Pid detected! [pid 19150]
hidden from ps: [yes]
binary location: [/usr/sbin/named]
-
06-03-2005, 03:54 AM #2Web Hosting Master
- Join Date
- Jul 2004
- Posts
- 873
Rootkit Hunter
File scan
Scanned files: 309
Possible infected files: 0
Possible rootkits:
Scanning took 20 seconds
chkrootkit:
Checking `bindshell'... warning, got bogus tcp line.
INFECTED (PORTS: 465)
-
06-03-2005, 10:28 AM #3Web Hosting Master
- Join Date
- Apr 2003
- Location
- NC
- Posts
- 3,093
The trojan horse detector in WHM should be removed, it always gives false positives. The bindshell is normal for cPanel if you do a quick search you can find a lot of references about it.
John W, CISSP, C|EH
MS Information Security and Assurance
ITEagleEye.com - Server Administration and Security
Yawig.com - Managed VPS and Dedicated Servers with VIP Service
-
06-11-2005, 02:04 AM #4Web Hosting Master
- Join Date
- Jul 2004
- Posts
- 873
i again received that email ,
but there is other problem , yesterday when i was checking one of my old site , i see some one added a index.html file in there and site defaced !
this server is not shared ,
that person just added a index.html file.
i am useing last firewall and antutrojans that checking every 24 hours ,
ssh on normal ip port and root disabled
& & &
so how that person added that file ?
in which log i can find that ?
-
06-11-2005, 02:08 AM #5Disabled
- Join Date
- Dec 2002
- Location
- chica go go
- Posts
- 11,876
I've seen you ask alot of questions about administrating a server on this forum, as well as wht irc. You should hire a server administrator.
While you have someone else administrating the server, setup a local machine for learning. Then once you're confident in your abilities, start administrating your own server again.
-
06-11-2005, 02:28 AM #6Web Hosting Master
- Join Date
- Jul 2004
- Posts
- 873
thanks mikeylove
but i am a wealthy man and i wana test/learn linux on real server !
you have problem with this ?!
-
06-11-2005, 02:35 AM #7Disabled
- Join Date
- Dec 2002
- Location
- chica go go
- Posts
- 11,876
Yes, you are a liability to the internet.
-
06-11-2005, 08:01 AM #8Web Hosting Master
- Join Date
- Apr 2003
- Location
- NC
- Posts
- 3,093
If you are wealthy your time is worth more then hiring somebody. As far as how they got in, you coudl check the apache logs and messages logs but it will probably take awhile to find. Just because everything is updated does not mean that your system cannot be hacked, in fact it is far from it. There is a lot of information if you search around for how to tweak the system to help prevent these types of things.
John W, CISSP, C|EH
MS Information Security and Assurance
ITEagleEye.com - Server Administration and Security
Yawig.com - Managed VPS and Dedicated Servers with VIP Service