Hello im new in the forum, try to find help about my case;
in our server we have near of 300 domains configured and recently have to many times blacklisted
abuseat.org describe this as a kind of trojan spam mailer infection...
here describe a simple way to dettect /http://cbl.abuseat.org/sshvuln.html
# locate libkeyutils.so
/lib/libkeyutils.so.1
/lib64/libkeyutils.so.1
/usr/lib64/libkeyutils.so
#
today we install CSFirewall to prohibits _any_ connections to IP address 78.47.139.110 or 72.156.139.154...
,
try to find an other user sending using
sudo lsof -i | grep smtp
and nothing
whm version 11.30.5
scaning trojan horses we get a long list.. and do not can distinct wich is realy a trojan
can anyone help?
in our server we have near of 300 domains configured and recently have to many times blacklisted
abuseat.org describe this as a kind of trojan spam mailer infection...
here describe a simple way to dettect /http://cbl.abuseat.org/sshvuln.html
# locate libkeyutils.so
/lib/libkeyutils.so.1
/lib64/libkeyutils.so.1
/usr/lib64/libkeyutils.so
#
today we install CSFirewall to prohibits _any_ connections to IP address 78.47.139.110 or 72.156.139.154...
,
try to find an other user sending using
sudo lsof -i | grep smtp
and nothing
whm version 11.30.5
scaning trojan horses we get a long list.. and do not can distinct wich is realy a trojan
can anyone help?
