The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

security issue

Discussion in 'Security' started by shann, Jun 6, 2003.

  1. shann

    shann Well-Known Member

    Joined:
    Jul 5, 2002
    Messages:
    366
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Website Owner
    Our server was hacked adn we did upgrade the kernel. Also upgrade teh security pathches.

    When we scan we got folliwng info.

    Whence Possible Trojan

    /usr/lib/libexpat.so.0.1.0
    .

    Possible Trojan - /usr/bin/GET
    .

    Possible Trojan - /usr/bin/HEAD
    .

    Possible Trojan - /usr/bin/POST
    .

    Possible Trojan - /usr/bin/lwp-download
    .

    Possible Trojan - /usr/bin/lwp-mirror
    .

    Possible Trojan - /usr/bin/lwp-request
    .

    Possible Trojan - /usr/bin/lwp-rget
    .
    .

    Possible Trojan - /usr/bin/curl
    .

    Possible Trojan - /usr/lib/libcurl.so.2.0.2
    .


    Would it cause any problem???? Any I deal???

    Thanks
    Shan

    cPanel.net Support Ticket Number:
     
  2. Angel78

    Angel78 Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    413
    Likes Received:
    1
    Trophy Points:
    16
    which Kernel did you have when you got hacked?

    cPanel.net Support Ticket Number:
     
  3. shann

    shann Well-Known Member

    Joined:
    Jul 5, 2002
    Messages:
    366
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Website Owner
    i had 2.4.19.

    ARe this trojon acceptable??

    cPanel.net Support Ticket Number:
     
  4. SoftmegUK

    SoftmegUK Well-Known Member

    Joined:
    Feb 13, 2002
    Messages:
    372
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK
    The trojan scanner in WHM isnt accurate, install and use chkrootkit :)

    cPanel.net Support Ticket Number:
     
  5. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    How do you know it was the kernel? I mean OpenSSH is vuln enough and we are upgraded to 3.5. You guys should really be updating your OpenSSH instead of using the vuln version currently installed on Cpanel. Anything below 3.3 is absolutely vulnarable.

    cPanel.net Support Ticket Number:
     
  6. Sash

    Sash Well-Known Member

    Joined:
    Feb 18, 2003
    Messages:
    252
    Likes Received:
    0
    Trophy Points:
    16
    Is the only reason you think you were hacked because of the cpanel trojan scanner?

    Have you tried running chkrootkit on the server?

    Mike

    cPanel.net Support Ticket Number:
     
  7. shann

    shann Well-Known Member

    Joined:
    Jul 5, 2002
    Messages:
    366
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Website Owner
    No,

    we had ptrace.c file on our tmp dir. thats how we found . We updated the kernel to 2.4.20 and updated security patches.

    when we scan we are getting above info.

    cPanel.net Support Ticket Number:
     
  8. SoftmegUK

    SoftmegUK Well-Known Member

    Joined:
    Feb 13, 2002
    Messages:
    372
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK
    I have never seen the scanner in WHM never throw back at least one possible trojan, install and use chkrootkit, like i suggested :)

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page