The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trojan Horses Detected by (WHM)

Discussion in 'General Discussion' started by stevo, Jan 26, 2004.

  1. stevo

    stevo Member

    Joined:
    Dec 30, 2003
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    What shoudl i do when i get a email with this in it ?
    Hidden Pid detected! [pid 4242]
    hidden from ps: [yes]
    binary location: [/usr/sbin/named]

    Hidden Pid detected! [pid 4246]
    hidden from ps: [yes]
    binary location: [/usr/sbin/named]

    Hidden Pid detected! [pid 4247]
    hidden from ps: [yes]
    binary location: [/usr/sbin/named]

    :confused:
     
  2. awlane

    awlane Registered

    Joined:
    Jan 22, 2004
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Are you running a stable or release/edge version ?

    I am running Release on Fedora and last week all three servers started doing the same thing you are describing, so it's most likely a false alarm. Just curious if we are using similar software revisions ?!?
     
  3. stevo

    stevo Member

    Joined:
    Dec 30, 2003
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    WHM 8.5.1
    cPanel 8.5.3-S3
    RedHat - WHM X v2.1.1
     
  4. nettcom

    nettcom Active Member

    Joined:
    Jul 5, 2003
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    same problem...

    WHM 8.6.0 cPanel 8.7.0-R104
    RedHat Enterprise 3 - WHM X v2.1.2

    anyone know about this?
     
  5. ToddW

    ToddW Well-Known Member

    Joined:
    Jan 3, 2004
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Same Problems Here:

    WHM 8.5.1
    Cpanel 8.5.3-S3

    :confused:
     
  6. same here: WHM 8.8.0 cPanel 8.8.0-R05
    RedHat Enterprise 3 - WHM X v2.1.2
     
  7. but *NOT* on WHM 8.8.0 cPanel 8.8.0-R10
    RedHat Enterprise 3 - WHM X v2.1.2 ... at least not so far...

    correction:

    I did not get the automatic message after I upgraded to cPanel 8.8.0 R10 BUT I got all those "possible trojan detected" messages when I started the Security/Scan for Trojan Horses test....:

    :confused:
     
    #7 cards4success, Feb 3, 2004
    Last edited by a moderator: Feb 3, 2004
  8. [herb]man

    [herb]man Member

    Joined:
    Aug 22, 2003
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    .on.ca
    WHM 8.8.0 cPanel 8.8.0-R63
    Fedora - WHM X v2.1.2


    Started simply when I installed Fedora.
     
  9. welo

    welo Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    71
    Likes Received:
    0
    Trophy Points:
    6
    I had the identical problem. I deleted the 'named' file then reinstalled bind and all the messages stopped.
     
  10. mainarea

    mainarea Active Member

    Joined:
    Nov 18, 2002
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    It's not really a trojan, and you probably shouldn't have deleted the named file. Don't trust or rely on WHM's trojan scan, get chkrootkit & use that instead. It takes about 30 seconds, and is actually accurate.

    - Matt
     
  11. B12Org

    B12Org Well-Known Member

    Joined:
    Jul 15, 2003
    Messages:
    692
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle Washington
    cPanel Access Level:
    Root Administrator
    I got a bunch saying the same thing:

    Hidden Pid detected! [pid 25500]
    hidden from ps: [yes]
    binary location: [/usr/bin/stunnel-4.04local]

    Hidden Pid detected! [pid 25923]
    hidden from ps: [yes]
    binary location: [/usr/sbin/named]

    Hidden Pid detected! [pid 26010]
    hidden from ps: [yes]
    binary location: [/usr/sbin/mysqld]


    I got probably about 4 named and 6 sql pids detected each time, and its starting to get anoying that it keeps sendnig me emails about it when It should know these are not trojans. I just got my OS installed the other day (yesterday I think) and its already coming up with this?

    Just kinda funny I guess.
     

Share This Page