low security, spam/bot/trojan?

matigumma

Registered
Jun 24, 2011
2
0
51
Hello im new in the forum, try to find help about my case;
in our server we have near of 300 domains configured and recently have to many times blacklisted
abuseat.org describe this as a kind of trojan spam mailer infection...

here describe a simple way to dettect /http://cbl.abuseat.org/sshvuln.html
# locate libkeyutils.so
/lib/libkeyutils.so.1
/lib64/libkeyutils.so.1
/usr/lib64/libkeyutils.so
#
today we install CSFirewall to prohibits _any_ connections to IP address 78.47.139.110 or 72.156.139.154...
,
try to find an other user sending using
sudo lsof -i | grep smtp
and nothing

whm version 11.30.5

scaning trojan horses we get a long list.. and do not can distinct wich is realy a trojan

can anyone help?
 

24x7server

Well-Known Member
Apr 17, 2013
1,911
96
78
India
cPanel Access Level
Root Administrator
Twitter
If you have installed cloudlinux on your server. Check this SSHD Rootkit

Also you can correct this through SSH, Please check it at : /http://24x7servermanagement.com/blog/?p=910