The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possible Slapper Worm?

Discussion in 'General Discussion' started by xxkylexx, Jul 13, 2006.

  1. xxkylexx

    xxkylexx Well-Known Member

    Joined:
    Apr 29, 2006
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    I got an email from my daily chkrootkit and noticed this line for the first time:



    Can anyone tell me what this is, and what I need to do with it?



    Thanks,
    Kyle
     
  2. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    It's more than likely a false-positive as it's normally just finding the port that slapper uses. Rerun chkrootkit and see if it's still there.
     
  4. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    SSH to your server and run ./chkrootkit one more time. If it comes up Checking `slapper'... not infected then you know it was a false entry. If it comes up again telling you Checking `slapper'... Warning: Possible Slapper Worm installed, then you should wait a minute and run the ./chkrootkit a 3rd time to verify it is really installed. If it is you need to take measures to secure your server now, and attempt at removing the slapper worm. In some cases you might need to reload your OS. In any case, secure and harden your server.
     
Loading...

Share This Page