Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Help!

Discussion in 'General Discussion' started by jcallery, Jan 4, 2005.

  1. jcallery

    jcallery Well-Known Member

    Joined:
    Aug 25, 2003
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    156
    What do I do about this?

    Trojan Horses Detected by (WHM)

    Hidden Pid detected! [pid 12445]
    hidden from ps: [yes]
    binary location: [/tmp/sh-DNFF1MMAME2 (deleted)]

    Hidden Pid detected! [pid 12447]
    hidden from ps: [yes]
    binary location: [/sbin/ttymon]
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. brianc

    brianc Well-Known Member

    Joined:
    May 16, 2003
    Messages:
    151
    Likes Received:
    1
    Trophy Points:
    168
    Hi jcallery:

    It doesn't look good. Did you verify what is in /sbin/ttymon? Do you have a rootkit checker intalled on your server? If not then I recommend rkhunter which can be downloaded from http://www.rkhunter.org/projects/rootkit_hunter.html. Install it and then run it. Let me know what its output states.

    Also I did a google check on /sbin/ttymon and the following URL came up in its search results:

    http://redhat.irlp.net/hack_report.html

    So it seems we may be looking at a compromised server. I do offer an affordable security hardening package in case you need it once we deal with this particular issue.

    Brian
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice