Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

hacked or false positives?

Discussion in 'General Discussion' started by elleryjh, Jan 17, 2005.

  1. elleryjh

    elleryjh Well-Known Member

    Joined:
    Apr 12, 2003
    Messages:
    479
    Likes Received:
    0
    Trophy Points:
    166
    Can someone please help me read the output from chkrootkit and Scan for Trojans? Thanks in advance!


    From chkrootkit:
    Checking `bindshell'... INFECTED (PORTS: 465)
    Checking `lkm'...
    You have 1 process hidden for readdir command
    You have 1 process hidden for ps command
    Warning: Possible LKM Trojan installed

    From WHM's Scan for Trojan Horses:
    Possible Trojan - /usr/bin/curl
    Possible Trojan - /usr/bin/podchecker
    Possible Trojan - /usr/bin/pstruct
    Possible Trojan - /usr/bin/splain
    Possible Trojan - /usr/bin/xsubpp
    Possible Trojan - /usr/bin/curl-config
    Possible Trojan - /usr/bin/dbiprof
    Possible Trojan - /usr/bin/sa-learn
    Possible Trojan - /usr/bin/spamassassin
    Possible Trojan - /usr/bin/spamc
    Possible Trojan - /usr/bin/spamd
    11 POSSIBLE Trojans Detected
     
    #1 elleryjh, Jan 17, 2005
  2. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,370
    Likes Received:
    5
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Most likely all false positives. Grab rkhunter and check the (more reliable) output from it.
    http://www.rootkit.nl/
     
    #2 sawbuck, Jan 17, 2005
  3. dr2web

    dr2web Active Member

    Joined:
    Jan 14, 2005
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    156
    Just in case anyone reads this... I had the exact same problem from chkrootkit...

    I installed rkhunter and it was indeed a false positive...

    Install rkhunter it is alot cleaner and more accurate.
     
    #3 dr2web, Mar 7, 2005
  4. Aric1

    Aric1 Well-Known Member

    Joined:
    Oct 15, 2003
    Messages:
    324
    Likes Received:
    0
    Trophy Points:
    166
    cPanel Access Level:
    DataCenter Provider
    And updated more often, which is important in such a tool.

    Don't forget to "show the love" to the author by buying him something on his Amazon wishlist. He's a good guy and very responsive.
     
    #4 Aric1, Mar 7, 2005
(You must log in or sign up to post here.)
Loading...
Similar Threads - hacked false positives
  1. JarekN

    Site keeps on getting hacked - infected files

    JarekN, Mar 15, 2018, in forum: Security
    Replies:
    6
    Views:
    152
    cPanelMichael
    Mar 15, 2018
  2. kalexanakis

    Server hacked using pam_fprintd.so?

    kalexanakis, Jun 7, 2017, in forum: Security
    Replies:
    8
    Views:
    1,064
    Jcats
    Jun 23, 2017
  3. Vladimir Šebez

    Possible mysql root password hacked

    Vladimir Šebez, Nov 15, 2016, in forum: Security
    Replies:
    6
    Views:
    957
    cPanelMichael
    Nov 18, 2016
  4. ruzbehraja

    Standard Operating Procedure for dealing with email abuse or hacked email accounts

    ruzbehraja, Aug 23, 2016, in forum: E-mail Discussions
    Replies:
    1
    Views:
    663
    cPanelMichael
    Aug 24, 2016
  5. deanhills

    "False" disk usage e-mail notification

    deanhills, Apr 23, 2018 at 5:56 AM, in forum: General Discussion
    Replies:
    1
    Views:
    25
    cPanelLauren
    Apr 23, 2018 at 10:44 AM

Share This Page