Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

/ftp_scanner on the WHM server, what is it?

Discussion in 'Security' started by postcd, Jun 29, 2014.

  1. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    662
    Likes Received:
    11
    Trophy Points:
    68
    Hello,

    while doing "top -c" command i found processes like these:
    please what does it do and why its there, which commands i should do to discover more?

    when i cat that file located in /root/fb
    i see amongs others:
     
    #1 postcd, Jun 29, 2014
    Last edited: Jun 29, 2014
  2. MisterGuru

    MisterGuru Registered

    Joined:
    Jun 3, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I think your server has been hacked and is being used to scan for other compromised servers. that file is looking for default users on the FTP servers it's listing. It's running as root, so the hacker has got you quite hard.

    You'll need to run a rootkit scanner on your server, and maybe block outbound FTP connections.

    You'll also probably need to check your logs to she when this started, so you can figure out which one of your users has been compromised, and let them know.

    You got some work ahead of you!!
     
    #2 MisterGuru, Jun 30, 2014
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,211
    Likes Received:
    1,375
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    I've moved this thread to the "Security" forum. You may receive more user-feedback here.

    Thank you.
     
    #3 cPanelMichael, Jun 30, 2014
(You must log in or sign up to post here.)
Loading...
Similar Threads - ftp_scanner server
  1. Gher09

    Load emails from pst to server? Is it possible?

    Gher09, Sep 22, 2017 at 3:18 PM, in forum: E-mail Discussions
    Replies:
    2
    Views:
    40
    Gher09
    Sep 22, 2017 at 5:40 PM
  2. verdon

    Best Practice for Second Server Configuration

    verdon, Sep 21, 2017 at 8:09 AM, in forum: General Discussion
    Replies:
    6
    Views:
    77
    verdon
    Sep 22, 2017 at 10:35 AM
  3. SeanLee

    Migrate accounts and NS to new cPanel server w/ new IP's

    SeanLee, Sep 20, 2017 at 3:53 PM, in forum: Bind / DNS / Nameserver Issues
    Replies:
    1
    Views:
    52
    cPanelMichael
    Sep 21, 2017 at 9:48 AM
  4. stapuff106

    New Server - Permission Issues and Missing error_log

    stapuff106, Sep 20, 2017 at 11:06 AM, in forum: General Discussion
    Replies:
    3
    Views:
    53
    cPanelMichael
    Sep 20, 2017 at 2:31 PM
  5. Nirjonadda

    Graceful Server Reboot

    Nirjonadda, Sep 20, 2017 at 3:56 AM, in forum: General Discussion
    Replies:
    6
    Views:
    58
    Nirjonadda
    Sep 20, 2017 at 9:34 AM

Share This Page