ialex03

Well-Known Member
May 15, 2003
56
0
156
I have strange problem with CPanel server.
There is no files
/var/log/messages and
/var/log/secure

Syslog is configured correctly, syslog restart and reboot doesn't help and there is enough free space at /var/log

Where is the problem may be?

Thank you for any advise.
 

Danks

Active Member
Oct 10, 2001
26
1
303
touch /var/log/messages
touch /var/log/secure

restart syslog, and it will probably log again
 

ialex03

Well-Known Member
May 15, 2003
56
0
156
I've tried that, even tried to reboot the server after creating the files. Still have no luck.

cPanel.net Support Ticket Number:
 

rpmws

Well-Known Member
Aug 14, 2001
1,787
10
318
back woods of NC, USA
Originally posted by ialex03
I have strange problem with CPanel server.
There is no files
/var/log/messages and
/var/log/secure

Syslog is configured correctly, syslog restart and reboot doesn't help and there is enough free space at /var/log

Where is the problem may be?

Thank you for any advise.
have you run chkrootkit ?

cPanel.net Support Ticket Number:
 

ialex03

Well-Known Member
May 15, 2003
56
0
156
I've just have run chkrootkit. One strange thing is:

Checking `bindshell'... INFECTED (PORTS: 465 1524 31337)
Port 465 warning is usual for CPanel, as I know, but 1524 and 31337 .. is very strange.

Another strange thing is:

Checking `scalper'... Warning: Possible Scalper Worm installed
./chkrootkit -x scalper
ROOTDIR is `/'
Warning: Possible Scalper Worm installed
I have no idea what to do with it at the moment. Will investigate, but, maybe somebody already has experience and some free minutes to point me to the correct way.

cPanel.net Support Ticket Number:
 

rpmws

Well-Known Member
Aug 14, 2001
1,787
10
318
back woods of NC, USA
Relax a bit :)

465 bindshell I think is normal. I get that also. and I saw the scalper warning before and then I upgraded to latest chkrootkit and found that was it. Try that.

cPanel.net Support Ticket Number:
 

ialex03

Well-Known Member
May 15, 2003
56
0
156
I am happy that my server is not hacked (possibly, but I do want to beleive it :) )

But the main problem that forced me to open this thread still exists. For some strange reason my main logs (messages and secure) don't work.

Did anybody experienced similar problems?

cPanel.net Support Ticket Number: