Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Are these trojan horses?

Discussion in 'General Discussion' started by logikstudios, Jan 2, 2007.

  1. logikstudios

    logikstudios Well-Known Member

    Joined:
    Nov 2, 2006
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    166
    Hey. I ran a trojan horse check and found some files.

    Are any of these to be worried about? (i have taken out some of the dots)

    Appears Clean

    /dev/core
    /dev/stderr

    Scanning for Trojan Horses.....
    .


    Possible Trojan - /etc/cron.daily/logrotate
    .
    .


    Possible Trojan - /usr/bin/cpan
    .


    Possible Trojan - /usr/bin/instmodsh
    .
    .


    Possible Trojan - /usr/bin/prove
    .
    .

    Possible Trojan - /usr/bin/pstruct
    .
    .

    Possible Trojan - /usr/bin/splain

    6 POSSIBLE Trojans Detected
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Kelmas

    Kelmas Well-Known Member

    Joined:
    Nov 6, 2006
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Lithuania
    On my box 4 scripts were detected after fresh cPanel install, so these are not trojans for sure:
    /usr/bin/cpan
    /usr/bin/instmodsh
    /usr/bin/prove
    /usr/bin/pstruct

    Not sure about others you found. Maybe somebody else might know.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    4
    Trophy Points:
    193
    Location:
    Minneapolis, MN
    /dev/stdin, /dev/stdout, and /dev/stderr are files used by some UNIX systems. Utilities such as gawk, support special filenames like /dev/stderr
    In addition, a system process can write to its standard output through /dev/stdout and the standard error via /dev/stderr

    /dev/core is a system package. Make sure you get the following when:
    ls -al /dev/core
    crw------- 1 root root /dev/core

    ls -al /dev/stderr
    lrwxrwxrwx 1 root root
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. logikstudios

    logikstudios Well-Known Member

    Joined:
    Nov 2, 2006
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    166
    Should i be worried or not?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    3
    Trophy Points:
    168
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Did you execute "ls -la /dev/core" as Andy suggested? What were the results? Do you have chkrootkit and/or rkhunter installed on the box? I would install and run those too. Probably not worth worrying over if you get the results Andy posted and both chkrootkit and rkhunter come up clean.
     
  6. logikstudios

    logikstudios Well-Known Member

    Joined:
    Nov 2, 2006
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    166
    Yep. they are the resuts andy got
    Thanks,
    Nathaniel
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...
Similar Threads - trojan horses
  1. alexweb
    Replies:
    4
    Views:
    430
  2. nightownl
    Replies:
    2
    Views:
    425

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice