Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Trojan horse e-mail

Discussion in 'E-mail Discussion' started by noimad1, Jul 13, 2003.

  1. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    166
    I keep getting the following email from my root account:

    Hidden Pid detected! [pid 32126]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/include/sdk386/sk]

    anyone seen this before? Is there a way I need to kill this thing?

    thanks,

    cPanel.net Support Ticket Number:
     
  2. DokFLeed

    DokFLeed Member

    Joined:
    May 29, 2003
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    Earth
    your server might be compromised,check if its the suckit trojan

    do you see the last IP logged when you SSH to the server?
    try these commands

    #strings ps
    it will display strings , you can pickup from it if you are hacked

    #tail .bash_history
    will tell you latest activity, most rootkits do not remove it

    cPanel.net Support Ticket Number:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...
Similar Threads - Trojan horse mail
  1. alexweb
    Replies:
    4
    Views:
    416
  2. nightownl
    Replies:
    2
    Views:
    415

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice