The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

/ftp_scanner on the WHM server, what is it?

Discussion in 'Security' started by postcd, Jun 29, 2014.

  1. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    647
    Likes Received:
    11
    Trophy Points:
    68
    Hello,

    while doing "top -c" command i found processes like these:
    please what does it do and why its there, which commands i should do to discover more?

    when i cat that file located in /root/fb
    i see amongs others:
     
    #1 postcd, Jun 29, 2014
    Last edited: Jun 29, 2014
  2. MisterGuru

    MisterGuru Registered

    Joined:
    Jun 3, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I think your server has been hacked and is being used to scan for other compromised servers. that file is looking for default users on the FTP servers it's listing. It's running as root, so the hacker has got you quite hard.

    You'll need to run a rootkit scanner on your server, and maybe block outbound FTP connections.

    You'll also probably need to check your logs to she when this started, so you can figure out which one of your users has been compromised, and let them know.

    You got some work ahead of you!!
     
    #2 MisterGuru, Jun 30, 2014
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,263
    Likes Received:
    1,195
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    I've moved this thread to the "Security" forum. You may receive more user-feedback here.

    Thank you.
     
    #3 cPanelMichael, Jun 30, 2014
(You must log in or sign up to post here.)
Loading...
Similar Threads - ftp_scanner server
  1. canou83

    SOLVED Server Time Issue

    canou83, Jul 20, 2017 at 4:03 AM, in forum: General Discussion
    Replies:
    3
    Views:
    40
    canou83
    Jul 20, 2017 at 10:50 AM
  2. postcd

    How would you move/sync cpanel server to other machine with min. downtime?

    postcd, Jul 19, 2017 at 4:50 PM, in forum: Data Protection
    Replies:
    1
    Views:
    32
    cPanelMichael
    Jul 20, 2017 at 8:36 AM
  3. intuitivsol

    Two servers using the same domain name

    intuitivsol, Jul 17, 2017 at 11:17 AM, in forum: Bind / DNS / Nameserver Issues
    Replies:
    3
    Views:
    28
    cPanelMichael
    Jul 18, 2017 at 11:10 AM
  4. ladydi711

    Splitting out Reseller and associated accounts to another server

    ladydi711, Jul 17, 2017 at 10:38 AM, in forum: General Discussion
    Replies:
    1
    Views:
    35
    cPanelMichael
    Jul 17, 2017 at 1:24 PM
  5. hitzgh

    server ip/~cpanelname showing error 404

    hitzgh, Jul 16, 2017 at 12:52 PM, in forum: General Discussion
    Replies:
    3
    Views:
    55
    cPanelMichael
    Jul 17, 2017 at 1:19 PM

Share This Page