The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trojan horse e-mail

Discussion in 'E-mail Discussions' started by noimad1, Jul 13, 2003.

  1. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    I keep getting the following email from my root account:

    Hidden Pid detected! [pid 32126]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/include/sdk386/sk]

    anyone seen this before? Is there a way I need to kill this thing?

    thanks,

    cPanel.net Support Ticket Number:
     
  2. DokFLeed

    DokFLeed Member

    Joined:
    May 29, 2003
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Earth
    your server might be compromised,check if its the suckit trojan

    do you see the last IP logged when you SSH to the server?
    try these commands

    #strings ps
    it will display strings , you can pickup from it if you are hacked

    #tail .bash_history
    will tell you latest activity, most rootkits do not remove it

    cPanel.net Support Ticket Number:
     

Share This Page