The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

low security, spam/bot/trojan?

Discussion in 'Security' started by matigumma, Apr 11, 2013.

  1. matigumma

    matigumma Registered

    Joined:
    Jun 24, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Hello im new in the forum, try to find help about my case;
    in our server we have near of 300 domains configured and recently have to many times blacklisted
    abuseat.org describe this as a kind of trojan spam mailer infection...

    here describe a simple way to dettect /http://cbl.abuseat.org/sshvuln.html
    # locate libkeyutils.so
    /lib/libkeyutils.so.1
    /lib64/libkeyutils.so.1
    /usr/lib64/libkeyutils.so
    #
    today we install CSFirewall to prohibits _any_ connections to IP address 78.47.139.110 or 72.156.139.154...
    ,
    try to find an other user sending using
    sudo lsof -i | grep smtp
    and nothing

    whm version 11.30.5

    scaning trojan horses we get a long list.. and do not can distinct wich is realy a trojan

    can anyone help?
     
  2. caisc

    caisc Active Member

    Joined:
    Oct 5, 2011
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    India
    cPanel Access Level:
    Root Administrator
  3. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    If you have installed cloudlinux on your server. Check this SSHD Rootkit

    Also you can correct this through SSH, Please check it at : /http://24x7servermanagement.com/blog/?p=910
     
Loading...

Share This Page