Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

delete the libkeyutils.so.1.3

Discussion in 'Security' started by mehrdadali14, Jun 25, 2016.

  1. mehrdadali14

    mehrdadali14 Member

    Joined:
    Jun 16, 2016
    Messages:
    8
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Islamabad
    cPanel Access Level:
    Root Administrator
    Twitter:
    i received the warring in my cpanel security adviser regarding libkeyutils.so.1.3 and libkeyutils.so.1 so
    i removed that file with help of same website now as like this
    Softaculous.com/blog/checking-for-sshd-rootkit-hack/

    after rebooting the server
    same of services like apache not work and i can only access to server via vnc
    the give the following error
    error while loading shared libraries : libkeytuilis .so.i. conn't open shared object file

    My os is centos 6.6

    kindly help me to resolve it
     
    #1 mehrdadali14, Jun 25, 2016
    Last edited by a moderator: Jun 25, 2016
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,678
    Likes Received:
    71
    Trophy Points:
    203
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    that was absolutely stupid advice how not to clean up a hack

    This may get you working again and temporarily lock the hackers out

    # rm -rf /root/.ssh/*
    # service sshd stop
    # wget http://mirror.centos.org/centos-6/6.8/os/x86_64/Packages/keyutils-libs-1.4-5.el6.x86_64.rpm

    #rpm -ivh --replacefiles --replacepkgs keyutils-libs-1.4-5.el6.x86_64.rpm
    #yum reinstall openssh* -y
    #yum reinstall libssh2* -y
    #ldconfig
    #service sshd restart


    If it works then proceed to reload your OS as your server has been root compromised and you can no longer trust it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,678
    Likes Received:
    71
    Trophy Points:
    203
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    and PS change your root password
    and when restoring from the compromised server only pull data from the compromised server do not push data as you will reinfect your Fresh OS install
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    quizknows likes this.
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,885
    Likes Received:
    1,814
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice