Results 1 to 8 of 8
  1. #1

    Scanning For Trojan Horses With WebHost Manager - 9 POSSIBLE Trojans Detected ???

    Hi,

    I have a fresh virgin dedicated server that I just signed up yesterday and I tried to scan for Trojan Horses with WebHost Manager today and below is the result. 9 POSSIBLE Trojans Detected? Is this okay/normal or should I be very concern? Thanks for answering my noob question.

    Scan for Trojan Horses
    Appears Clean


    /dev/stderr



    Scanning for Trojan Horses.....
    .
    .

    Possible Trojan - /usr/bin/xml2-config
    .
    .
    .

    Possible Trojan - /usr/bin/cpan
    .
    .
    .
    .

    Possible Trojan - /etc/cron.daily/logrotate
    .
    .
    .
    .

    Possible Trojan - /usr/lib/python2.4/site-packages/libxml2mod.la
    .

    Possible Trojan - /usr/lib/python2.4/site-packages/libxml2mod.so
    .
    .
    .
    .

    Possible Trojan - /usr/sbin/antirelayd
    .
    .

    Possible Trojan - /usr/bin/xmlcatalog
    .

    Possible Trojan - /usr/bin/xmllint
    .
    .
    .
    .
    .
    .

    Possible Trojan - /usr/sbin/pureauth
    .
    .
    .
    9 POSSIBLE Trojans Detected


  2. #2
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,930
    WHM's trojan scanner is a joke, get RKHunter or CHKRootkit as those are actually pretty accurate.
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

  3. #3
    You can safely Ignore the WHM Trojan scan results.

  4. #4
    Join Date
    Aug 2009
    Posts
    476
    There is nothing to worry about. Don't use that lame scanner.
    Hosting24.com Web Hosting - First class web hosting services.
    Boxbilling - Complete billing, invoicing and client management system.

  5. #5
    Join Date
    May 2002
    Location
    Kingston, Ontario
    Posts
    1,573
    Agreed with comments above, the scanner in WHM is not accurate
    Upload Guardian 2 - Malicious Upload Scanner - Windows and Linux!
    Instantly scan uploaded files
    Get notified when released

  6. #6
    Join Date
    Nov 2002
    Location
    Portland, Oregon
    Posts
    2,948

    Thumbs up Don't Panic!


    I'm surprised the developers haven't removed the trojan scanner from WHM. It's useless. Everyone who've responded so far are correct. Those notifications can be ignored. I would suggest installing 'chkrootkit' and 'rkhunter' on your systems for added security and peace of mind. You can run them manually if you like, or set up a cron to schedule automatic scans that output to a logfile or have the details sent to you in an email.

    Keep in mind, though, that those two tools may also report a few false-positives [(for example, "Checking `bindshell'... INFECTED (PORTS: 465)]" on cPanel servers. I believe this is due to cPanel's directory structure and certain files that are modified when a cPanel update is executed.

    -chkrootkit site
    -rkHunter site

    You can also research the Lynis server auditing tool at http://www.rootkit.nl/projects/lynis.html

    Good luck!

    | John Edel Jetfire Networks L.L.C. Trusted Hosting Solutions
    | Consistent, Reliable, Stable OpenVZ & KVM Virtual Private Servers
    | SpamWall AV & Full SMTP Filtering
    Now an SSLStore Titanium Partner!

  7. #7
    Join Date
    Jun 2003
    Location
    California
    Posts
    2,766
    I agree with chrootkit and rkhunter. You do get some "false positives" on cPanel servers, so check the configuration options (I don't recall which program does it, but one of them complains about certain files being replaced by scripts on cPanel servers).

    Another good option is to either buy ConfigServer's CXS (I love this tool) for $50, or use Linux Malware Detect (LMD) to scan nightly and send you a report. As with all of these programs, you can get false positives that you have to check out.

  8. #8
    Join Date
    Nov 2011
    Location
    Germany
    Posts
    32
    Ignore them, They mean nothing at all

Similar Threads

  1. Trojan Horses Detected by (WHM) on server.domain.com
    By goolex in forum Hosting Security and Technology
    Replies: 7
    Last Post: 06-11-2005, 08:01 AM
  2. Trojan Horses Detected by (WHM)
    By slipondajimmy in forum Hosting Security and Technology
    Replies: 10
    Last Post: 05-17-2005, 11:45 PM
  3. Trojan Horses Detected by WHM
    By sgeler in forum Hosting Security and Technology
    Replies: 6
    Last Post: 02-07-2005, 11:21 PM
  4. Trojan horses .. 18 Detected !!
    By altobi in forum Dedicated Server
    Replies: 4
    Last Post: 12-06-2004, 01:37 PM
  5. Trojan Horses Detected by (WHM)
    By nettigritty in forum Hosting Security and Technology
    Replies: 15
    Last Post: 01-30-2004, 02:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •