Hi cPanel members, do you have any news about this security hole? Apache Binary Backdoors on Cpanel-based servers | Sucuri Blog
Make sure you are using keys or very strong password for ssh, and that cphulk is blocking all brute force attempts.We also don’t have enough information to pinpoint how those servers are initially being hacked, but we are thinking through SSHD-based brute force attacks.
For me, this python script syntaxes on line 34.There is a python script which can see if you're infected. If you are, that means either your root password was compromised or your kernel was old enough for privelege escalation. In either case, if you're infected, you need to migrate your sites and content to a new server with a clean OS installation (i.e. reimage your server).
https://gist.github.com/scuderiaf1/5483659
Looks a little goofy to me.shmid = shmget(SHM_KEY, SHM_SIZE, 0o666)