The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trojan Horses Detected

Discussion in 'General Discussion' started by davidmxs, Jul 2, 2003.

  1. davidmxs

    davidmxs Member

    Joined:
    Dec 28, 2002
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    I received this mail from my server:


    Hidden Pid detected! [pid 27730]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/share/locale/en/.rockmeamadeus/sk]


    I deleted the directory .rockmeamadeus but I do not know if my system was compromised. What should I do?

    Thanks for your help !

    cPanel.net Support Ticket Number:
     
  2. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    You should have kept a copy of the binary/source to see what was inside. You should also look in your tmp directory for any rogue files.

    Since crackers usually install additional backdoors, change system binaries, etc. You should consider a format & reinstall on that machine and then lock it down correctly.

    cPanel.net Support Ticket Number:
     

Share This Page