security issue

[shann]

Our server was hacked adn we did upgrade the kernel. Also upgrade teh security pathches.

When we scan we got folliwng info.

Whence Possible Trojan

/usr/lib/libexpat.so.0.1.0
.

Possible Trojan - /usr/bin/GET
.

Possible Trojan - /usr/bin/HEAD
.

Possible Trojan - /usr/bin/POST
.

Possible Trojan - /usr/bin/lwp-download
.

Possible Trojan - /usr/bin/lwp-mirror
.

Possible Trojan - /usr/bin/lwp-request
.

Possible Trojan - /usr/bin/lwp-rget
.
.

Possible Trojan - /usr/bin/curl
.

Possible Trojan - /usr/lib/libcurl.so.2.0.2
.


Would it cause any problem???? Any I deal???

Thanks
Shan

cPanel.net Support Ticket Number:

[Angel78]

which Kernel did you have when you got hacked?

cPanel.net Support Ticket Number:

[shann]

i had 2.4.19.

ARe this trojon acceptable??

cPanel.net Support Ticket Number:

[SoftmegUK]

The trojan scanner in WHM isnt accurate, install and use chkrootkit

cPanel.net Support Ticket Number:

[sexy_guy]

Originally posted by shann
i had 2.4.19.

ARe this trojon acceptable??

cPanel.net Support Ticket Number:

How do you know it was the kernel? I mean OpenSSH is vuln enough and we are upgraded to 3.5. You guys should really be updating your OpenSSH instead of using the vuln version currently installed on Cpanel. Anything below 3.3 is absolutely vulnarable.

cPanel.net Support Ticket Number:

[Sash]

Is the only reason you think you were hacked because of the cpanel trojan scanner?

Have you tried running chkrootkit on the server?

Mike

cPanel.net Support Ticket Number:

[shann]

No,

we had ptrace.c file on our tmp dir. thats how we found . We updated the kernel to 2.4.20 and updated security patches.

when we scan we are getting above info.

cPanel.net Support Ticket Number:

[SoftmegUK]

I have never seen the scanner in WHM never throw back at least one possible trojan, install and use chkrootkit, like i suggested

cPanel.net Support Ticket Number: