The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

hacked or false positives?

Discussion in 'General Discussion' started by elleryjh, Jan 17, 2005.

  1. elleryjh

    elleryjh Well-Known Member

    Joined:
    Apr 12, 2003
    Messages:
    479
    Likes Received:
    0
    Trophy Points:
    166
    Can someone please help me read the output from chkrootkit and Scan for Trojans? Thanks in advance!


    From chkrootkit:
    Checking `bindshell'... INFECTED (PORTS: 465)
    Checking `lkm'...
    You have 1 process hidden for readdir command
    You have 1 process hidden for ps command
    Warning: Possible LKM Trojan installed

    From WHM's Scan for Trojan Horses:
    Possible Trojan - /usr/bin/curl
    Possible Trojan - /usr/bin/podchecker
    Possible Trojan - /usr/bin/pstruct
    Possible Trojan - /usr/bin/splain
    Possible Trojan - /usr/bin/xsubpp
    Possible Trojan - /usr/bin/curl-config
    Possible Trojan - /usr/bin/dbiprof
    Possible Trojan - /usr/bin/sa-learn
    Possible Trojan - /usr/bin/spamassassin
    Possible Trojan - /usr/bin/spamc
    Possible Trojan - /usr/bin/spamd
    11 POSSIBLE Trojans Detected
     
    #1 elleryjh, Jan 17, 2005
  2. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,368
    Likes Received:
    5
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Most likely all false positives. Grab rkhunter and check the (more reliable) output from it.
    http://www.rootkit.nl/
     
    #2 sawbuck, Jan 17, 2005
  3. dr2web

    dr2web Active Member

    Joined:
    Jan 14, 2005
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    156
    Just in case anyone reads this... I had the exact same problem from chkrootkit...

    I installed rkhunter and it was indeed a false positive...

    Install rkhunter it is alot cleaner and more accurate.
     
    #3 dr2web, Mar 7, 2005
  4. Aric1

    Aric1 Well-Known Member

    Joined:
    Oct 15, 2003
    Messages:
    324
    Likes Received:
    0
    Trophy Points:
    166
    cPanel Access Level:
    DataCenter Provider
    And updated more often, which is important in such a tool.

    Don't forget to "show the love" to the author by buying him something on his Amazon wishlist. He's a good guy and very responsive.
     
    #4 Aric1, Mar 7, 2005
(You must log in or sign up to post here.)
Loading...
Similar Threads - hacked false positives
  1. kalexanakis

    Server hacked using pam_fprintd.so?

    kalexanakis, Jun 7, 2017, in forum: Security
    Replies:
    8
    Views:
    165
    Jcats
    Jun 23, 2017 at 1:40 PM
  2. Vladimir Šebez

    Possible mysql root password hacked

    Vladimir Šebez, Nov 15, 2016, in forum: Security
    Replies:
    6
    Views:
    442
    cPanelMichael
    Nov 18, 2016
  3. ruzbehraja

    Standard Operating Procedure for dealing with email abuse or hacked email accounts

    ruzbehraja, Aug 23, 2016, in forum: E-mail Discussions
    Replies:
    1
    Views:
    348
    cPanelMichael
    Aug 24, 2016
  4. Svemir

    Cpanel Account Hacked

    Svemir, Feb 15, 2016, in forum: Security
    Replies:
    3
    Views:
    1,140
    cPanelMichael
    Feb 18, 2016
  5. LaxSlash1993

    Hacked by another mail server?

    LaxSlash1993, Oct 14, 2015, in forum: Security
    Replies:
    5
    Views:
    598
    keat63
    Nov 2, 2015

Share This Page