Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Anyone know how to debug this intrusion.

Discussion in 'General Discussion' started by WebHostPro, Jun 15, 2003.

  1. WebHostPro

    WebHostPro Well-Known Member

    Jul 28, 2002
    Likes Received:
    Trophy Points:
    LA, Costa RIca
    cPanel Access Level:
    Root Administrator

    On a test server we managed to get it attacked and hacked with felonious information.

    We know are going to try to debug it without re-installing redhat.

    Any ideas on how to dig out the trojan horse or whatever the hacker did in this folder?

    The logs where re-directed to dev/null so there is no record of what was done.

    Maybe a good tool that can find a trojan and debug it?

    Here is the hack from user rpm:

    IMPORTANT: Do not ignore this email.
    This message is to inform you that the rpm
    package fileutils did not match the expected checksum. This could mean that
    your system was compromised (OwN3D). The offending files have been removed
    and replaced with the OS default. To be safe you should verify that your
    system has not be compromised.

    Modified Files:
    ..5..... /usr/bin/vdir

    We are new to trojan debugging and will post any useful information if it arises. This is experimental so any suggestions are welcome.

    Thanks, Support Ticket Number:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice