low security, spam/bot/trojan?

matigumma

Registered
Jun 24, 2011
2
0
51
Hello im new in the forum, try to find help about my case;
in our server we have near of 300 domains configured and recently have to many times blacklisted
abuseat.org describe this as a kind of trojan spam mailer infection...

here describe a simple way to dettect /http://cbl.abuseat.org/sshvuln.html
# locate libkeyutils.so
/lib/libkeyutils.so.1
/lib64/libkeyutils.so.1
/usr/lib64/libkeyutils.so
#
today we install CSFirewall to prohibits _any_ connections to IP address 78.47.139.110 or 72.156.139.154...
,
try to find an other user sending using
sudo lsof -i | grep smtp
and nothing

whm version 11.30.5

scaning trojan horses we get a long list.. and do not can distinct wich is realy a trojan

can anyone help?