The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trojan Attack on my Cpanel server

Discussion in 'Security' started by komalselva, Dec 21, 2010.

  1. komalselva

    komalselva Member

    Joined:
    Dec 17, 2010
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Komal
    Trojan Attack on my Cpanel server
    Hi,
    Today I received lots of “failed restart” mails (with 4 minutes interval ) from my cpanel server like
    exim on server2.euroshoutcast.com failed
    imap on server2.euroshoutcast.com failed
    queueprocd on server2.euroshoutcast.com failed
    syslogd on server2.euroshoutcast.com failed
    imap on server2.euroshoutcast.com failed
    cpanellogd on server2.euroshoutcast.com failed
    nameserver on server2.euroshoutcast.com failed
    sshd on server2.euroshoutcast.com failed
    tailwatchd on server2.euroshoutcast.com failed

    I logged in to my server using SSH and it says (SSH disconnects automatically in one or two minuets)

    The server is previously logged in on Tue Dec 21 16:59:59 2010 from 236.118.219.87.dynamic.jazztel.es (unknown user)

    I scanned for Trojans from cpanel it shows 14 Trojans in various section they are:
    Possible Trojan - /usr/lib/python2.4/site-packages/libxml2mod.la
    Possible Trojan - /usr/lib/python2.4/site-packages/libxml2mod.so
    Possible Trojan - /bin/netstat
    Possible Trojan - /usr/bin/xml2-config
    Possible Trojan - /usr/sbin/pureauth
    Possible Trojan - /usr/bin/cpan
    Possible Trojan - /usr/bin/instmodsh
    Possible Trojan - /usr/bin/prove
    Possible Trojan - /bin/ps
    Possible Trojan - /usr/bin/top
    Possible Trojan - /bin/ls
    Possible Trojan - /usr/bin/xmlcatalog
    Possible Trojan - /usr/bin/xmllint
    Possible Trojan - /etc/cron.daily/logrotate
    (Total 14 POSSIBLE Trojans Detected)

    After the attack my server load is increased from 0.16 to 4.3
    [​IMG]

    Please help me to clean my server
     
  2. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    425
    Likes Received:
    0
    Trophy Points:
    16
    If you are not being able to maintain connection to your server, i would suggest you get your DC to look into this.
     
  3. HostingH

    HostingH Well-Known Member

    Joined:
    Jan 13, 2008
    Messages:
    73
    Likes Received:
    3
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hi,

    Please scan and secure your server like ssh hardening/php tweaking/Install firewalls etc..


    -------------
    Server Security Specialist

    WL-Admin
     
Loading...

Share This Page