I recently bought a VPS (virtuozzo & cpanel whm)but left it enabled with no firewall etc for a few days, (very newbie) while I figured out and researched the basics.
I'm now trying to secure it.
I've just installed CHKROOTKIT (chkrootkit.org) and I'm getting a lot of entries which cause me concern, and I need some expert advice on what they are, ie are they bad, or just routine, what do I need to do to fix it?
I thought everything should return 'nothing found', or 'not infected'
but 'searching for suspicious files and dirs' returns this huge quantity of entries
The next one is
Chris
I'm now trying to secure it.
I've just installed CHKROOTKIT (chkrootkit.org) and I'm getting a lot of entries which cause me concern, and I need some expert advice on what they are, ie are they bad, or just routine, what do I need to do to fix it?
I thought everything should return 'nothing found', or 'not infected'
but 'searching for suspicious files and dirs' returns this huge quantity of entries
Does this mean all of the fiels above are suspicious?Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Digest/SHA/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Digest/SHA1/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Digest/HMAC/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Compress/Zlib/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Term/ReadKey/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Term/ReadLine/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/IO/Stringy/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/IO/Socket/SSL/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/IO/Tee/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/IO/Tty/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/IO/Interactive/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/IO/Stty/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Mail/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Mail/SpamAssassin/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/MIME-tools/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Net/Daemon/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Net/SSLeay/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Net/LDAP/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Net/IP/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Net/DNS/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Net/AIM/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Net/OSCAR/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/RPC/PlServer/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Convert/ASN1/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Convert/BER/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Authen/SASL/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/XML/SAX/Base/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/XML/SAX/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/XML/Parser/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/XML/RegExp/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/XML/XSLT/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/XML/NamespaceSupport/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/XML/Simple/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/DBI/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/DBI/Shell/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/DBD/Multiplex/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/DBD/mysql/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Text/Reform/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Text/Query/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Text/CSV_XS/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/MIME/Lite/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/URI/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/HTML/Tagset/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/HTML/Parser/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/HTML/FillInForm/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/HTML/Clean/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/HTML/SimpleParse/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/HTML/Template/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/LWP/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Parse/RecDescent/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/OLE/Storage_Lite/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Image/Size/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Image/Button/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Image/ButtonMaker/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Safe/Hole/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Tie/ShadowHash/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Tie/IxHash/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Tie/Watch/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Set/Crontab/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Spreadsheet/ParseExcel/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Spreadsheet/WriteExcel/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/MLDBM/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/MLDBM/Sync/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Devel/Symdump/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Persistent/Base/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Persistent/DBI/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Persistent/MySQL/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Crypt/Blowfish/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Crypt/Blowfish_PP/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Crypt/CBC/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Crypt/DES/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Crypt/SSLeay/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/libxml-perl/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/XML-DOM/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Curses/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Curses/UI/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Data/ShowTable/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/GD/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/GD/Text/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/GD/Graph/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/GD/Graph3d/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/SQL/Statement/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/version/vpp/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Apache/Admin/Config/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/BSD/Resource/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Business/OnlinePayment/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Business/OnlinePayment/AuthorizeNet/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Business/UPS/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/TimeDate/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Expect/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/File/Copy/Recursive/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/File/Tail/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Filesys/Statvfs/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Geo/IPfree/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/MD5/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/PNGgraph/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Quota/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Readonly/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/SOAP/Lite/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/SVG/TT/Graph/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/String/CRC32/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Sys/Hostname/Long/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Tree/MultiNode/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Unix/PID/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/RRDp/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/RRDs/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/mytop/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Class/Std/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/Class/Std/Utils/.packlist /usr/lib/perl5/site_perl/5.8.7/x86_64-linux/auto/ExtUtils/CBuilder/.packlist /usr/lib/perl5/5.8.7/x86_64-linux/auto/Cwd/.packlist /usr/lib/perl5/5.8.7/x86_64-linux/auto/Digest/MD5/.packlist /usr/lib/perl5/5.8.7/x86_64-linux/auto/File/Temp/.packlist /usr/lib/perl5/5.8.7/x86_64-linux/auto/List/Util/.packlist /usr/lib/perl5/5.8.7/x86_64-linux/auto/MIME/Base64/.packlist /usr/lib/perl5/5.8.7/x86_64-linux/auto/Storable/.packlist /usr/lib/perl5/5.8.7/x86_64-li nux/auto/Time/HiRes/.packlist /usr/lib/perl5/5.8.7/x86_64-linux/auto/CPAN/.packlist /usr/lib/perl5/5.8.7/x86_64-linux/auto/CGI/.packlist /usr/lib/perl5/5.8.7/x86_64-linux/auto/ExtUtils/ParseXS/.packlist /usr/lib/perl5/5.8.7/x86_64-linux/.packlist /usr/lib/php/.registry /usr/lib/php/.registry/.channel.pecl.php.net /usr/lib/php/.registry/.channel.__uri /usr/lib/php/.channels /usr/lib/php/.channels/.alias /usr/lib/php/.filemap /usr/lib/php/.lock /usr/lib/php/.depdblock /usr/lib/php/.depdb /usr/lib/php/.registry /usr/lib/php/.registry/.channel.pecl.php.net /usr/lib/php/.registry/.channel.__uri /usr/lib/php/.channels /usr/lib/php/.channels/.alias
The next one is
Thanks in advanceChecking `bindshell'... INFECTED (PORTS: 465)
Checking `lkm'... You have 1 process hidden for readdir command
You have 1 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
Chris