The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Anyone know how to debug this intrusion.

Discussion in 'General Discussion' started by DWHS.net, Jun 15, 2003.

  1. DWHS.net

    DWHS.net Well-Known Member
    PartnerNOC

    Joined:
    Jul 28, 2002
    Messages:
    1,569
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    LA, Costa RIca
    cPanel Access Level:
    Root Administrator
    Hello,

    On a test server we managed to get it attacked and hacked with felonious information.

    We know are going to try to debug it without re-installing redhat.

    Any ideas on how to dig out the trojan horse or whatever the hacker did in this folder?

    The logs where re-directed to dev/null so there is no record of what was done.

    Maybe a good tool that can find a trojan and debug it?

    Here is the hack from user rpm:

    IMPORTANT: Do not ignore this email.
    This message is to inform you that the rpm
    package fileutils did not match the expected checksum. This could mean that
    your system was compromised (OwN3D). The offending files have been removed
    and replaced with the OS default. To be safe you should verify that your
    system has not be compromised.

    Modified Files:
    ..5..... /usr/bin/vdir

    We are new to trojan debugging and will post any useful information if it arises. This is experimental so any suggestions are welcome.

    Thanks,

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page