The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

kmod proccess

Discussion in 'General Discussion' started by olivier222333, Aug 4, 2004.

  1. olivier222333

    olivier222333 Well-Known Member
    PartnerNOC

    Joined:
    Jul 12, 2004
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    hi
    what are these process ?
    weird?

    21407 nobody 25 0 60 60 20 R 40 19.9 0.0 34:31 kmod
    21452 nobody 25 0 56 56 16 R 36 19.9 0.0 34:16 kmod2
    21302 nobody 25 0 52 52 16 R 36 22.4 0.0 36:23 pt

    and our server is very slow
    load average 10!
    thx
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That could very well be a rootkit trying to take advantage of old kmod/ptrace kernel bug. Which kernel are you running?

    I'd suggest getting chkrootkit and rootkit hunter on the server pronto.
     
  3. olivier222333

    olivier222333 Well-Known Member
    PartnerNOC

    Joined:
    Jul 12, 2004
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    oh shit I dont hope...
    I m running: 2.4.21-9.0.1.EL #1

    ok I run http://downloads.rootkit.nl/rkhunter-1.1.3.tar.gz...

    ---------------------------- Scan results ----------------------------

    MD5
    MD5 compared: 48
    Incorrect MD5 checksums: 7

    File scan
    Scanned files: 310
    Possible infected files: 2
    Possible rootkits: SHV4 SunOS Rootkit

    Scanning took 124 seconds

    -----------------------------------------------------------------------
     
    #3 olivier222333, Aug 4, 2004
    Last edited: Aug 4, 2004
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess

Share This Page