Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

low security, spam/bot/trojan?

Discussion in 'Security' started by matigumma, Apr 11, 2013.

  1. matigumma

    matigumma Registered

    Joined:
    Jun 24, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    51
    Hello im new in the forum, try to find help about my case;
    in our server we have near of 300 domains configured and recently have to many times blacklisted
    abuseat.org describe this as a kind of trojan spam mailer infection...

    here describe a simple way to dettect /http://cbl.abuseat.org/sshvuln.html
    # locate libkeyutils.so
    /lib/libkeyutils.so.1
    /lib64/libkeyutils.so.1
    /usr/lib64/libkeyutils.so
    #
    today we install CSFirewall to prohibits _any_ connections to IP address 78.47.139.110 or 72.156.139.154...
    ,
    try to find an other user sending using
    sudo lsof -i | grep smtp
    and nothing

    whm version 11.30.5

    scaning trojan horses we get a long list.. and do not can distinct wich is realy a trojan

    can anyone help?
     
  2. caisc

    caisc Well-Known Member

    Joined:
    Oct 5, 2011
    Messages:
    72
    Likes Received:
    2
    Trophy Points:
    58
    Location:
    India
    cPanel Access Level:
    Root Administrator
  3. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,888
    Likes Received:
    90
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    If you have installed cloudlinux on your server. Check this SSHD Rootkit

    Also you can correct this through SSH, Please check it at : /http://24x7servermanagement.com/blog/?p=910
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice