The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

/ftp_scanner on the WHM server, what is it?

Discussion in 'Security' started by postcd, Jun 29, 2014.

  1. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    619
    Likes Received:
    6
    Trophy Points:
    18
    Hello,

    while doing "top -c" command i found processes like these:
    please what does it do and why its there, which commands i should do to discover more?

    when i cat that file located in /root/fb
    i see amongs others:
     
    #1 postcd, Jun 29, 2014
    Last edited: Jun 29, 2014
  2. MisterGuru

    MisterGuru Registered

    Joined:
    Jun 3, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I think your server has been hacked and is being used to scan for other compromised servers. that file is looking for default users on the FTP servers it's listing. It's running as root, so the hacker has got you quite hard.

    You'll need to run a rootkit scanner on your server, and maybe block outbound FTP connections.

    You'll also probably need to check your logs to she when this started, so you can figure out which one of your users has been compromised, and let them know.

    You got some work ahead of you!!
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page