Jul 25, 2005

I have a Cpanel 9.x and all the updates.
However someone(s) has installed a SSH-SCAN in /tmp.

This progam then do a pile of SSH-SCANs on other computers and networks from MY server!

Not only that, but there are 2 virus's in these binaries!
Linux RST.B and Linux Backegmm.

Now my question to you cpanel experts out there is.
What is my best course of action to take to get this corrected ASAP!!
This is a commercial server, so I cannot afford to wait it out.

Thanks in advance.


Is it me, or is CPANEL not exactly the most secure system?
In fact it seems to be a prime hackers target.
To get CPANEL serverrs properly secured, do I have to start doing a lot of customizing?




Well-Known Member
Sep 12, 2004
Cleveland, Ohio
Remount /tmp and /var/tmp with noexec,nosuid,nodev options. Remove the file. And update cPanel to the latest version (cPanel 10 is latest now, not 9).


Well-Known Member
Sep 20, 2002
Toronto, Ontario Canada
cPanel Access Level
DataCenter Provider
Also server security is generally outside the realm of cPanel. cPanel is not a security software and should not be thought as one. As with any server (ms or *nix based) you need to do server security for it yourself. That said there are many companies around that can do that for you aa a fair price. See the Ads & Offers area for some sites.

Another note, do not scrimp on cost when it comes to server security, once you get it done right the first time, it is easier to maintain and keep updated. From the sounds of your situation you need to get that server checked out quickly. If the server has been compromised severely enough, you may have to reload the OS.
Last edited: