The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trojan horses e-mail

Discussion in 'E-mail Discussions' started by Gliebster, Dec 18, 2003.

  1. Gliebster

    Gliebster Active Member

    Joined:
    Jul 17, 2002
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    I keep getting this e-mail:

    Hidden Pid detected! [pid 10722]
    hidden from ps: [yes]
    binary location: [/usr/sbin/named]

    Hidden Pid detected! [pid 10723]
    hidden from ps: [yes]
    binary location: [/usr/sbin/named]

    Hidden Pid detected! [pid 10724]
    hidden from ps: [yes]
    binary location: [/usr/sbin/named]

    Now why would named be a hidden process. Is this something I should worry about?
     
  2. lyonchik23

    lyonchik23 Registered

    Joined:
    Sep 8, 2003
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hello, are you using RH Enterprise Linux 3.0?
    I seem to be having the same problem with RHEL3.0.
     
  3. Gliebster

    Gliebster Active Member

    Joined:
    Jul 17, 2002
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Yes, I am. I guess it's a RHEL thing. I'm not so worried anymore but it's a bit odd.
     
  4. inteltechs

    inteltechs Active Member

    Joined:
    Mar 2, 2003
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    is cpanel people going to fix it or something?
     
  5. cytopia

    cytopia Active Member

    Joined:
    Jul 17, 2003
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    omg, i get this too. it is soo annoying. my mobile is always having funny txt messages. oh well, it keeps me looking at the cell, but this should really be fixed.
     
  6. DataDork

    DataDork Active Member

    Joined:
    Apr 11, 2003
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Fixed in Edge Release

    I submitted a ticket today and got a reply that this issue has been resolved in the "edge" release for RH Enterprise 3.0.

    Take care guys!
     
  7. [herb]man

    [herb]man Member

    Joined:
    Aug 22, 2003
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    .on.ca
    Hi guys,

    I am experiencing the same problem since installing Fedora Core1, doesnt seem to be limited to enterprise edition... hope the fix wil lcome soon!
     
  8. cytopia

    cytopia Active Member

    Joined:
    Jul 17, 2003
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    yea, there was a period of time where it was fixed and now unfixed.

    heh
     
  9. bert

    bert Well-Known Member

    Joined:
    Aug 21, 2001
    Messages:
    602
    Likes Received:
    0
    Trophy Points:
    16
    I don't think this has ever been fixed. We're now almost in April and this continues to happen. I noticed that it doesn't happen if you run the RH kernel, it is only happening on this end while running the 2.6.x kernels.
     
  10. cytopia

    cytopia Active Member

    Joined:
    Jul 17, 2003
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    I don't receive any trojan emails anymore so I guess they did something to correct it.:)
     
  11. jackal

    jackal Well-Known Member
    PartnerNOC

    Joined:
    Feb 23, 2002
    Messages:
    708
    Likes Received:
    0
    Trophy Points:
    16
    The edge release 158 fixed ours yesterday.

    Thanks Nick and Rich :)
     
  12. nat

    nat Well-Known Member

    Joined:
    Jan 16, 2003
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    16
    Did the cpanel update stop the e-mails from being sent or did it stop the name processes from being hidden?

    Do you still have 3 procceses hidden? Use chkrootkit to find out?

    PHP:
    cd
    wget ftp
    ://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
    tar –xzf chk*
    cd chk*
    make sense
    ./chkrootkit -x lkm
     
  13. nat

    nat Well-Known Member

    Joined:
    Jan 16, 2003
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    16
    Thanks. I was getting all worried. I just changed to kernel 2.6.5 yesterday from a RedHat kernet and then got an e-mail by WebHost Manager about 3 named processing being hidden:

    Hidden Pid detected! [pid 2210]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/named]

    Hidden Pid detected! [pid 2211]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/named]

    Hidden Pid detected! [pid 2212]
    hidden from ps: [yes]
    hidden from kernel: [yes]
    binary location: [/usr/sbin/named]

    chkrootkit confirmed that there are 3 processes for /usr/sbin/named hidden.


    WHM 9.2.0 cPanel 9.2.0-S25
    RedHat Enterprise 3 - WHM X v2.1.2
    Kernel: 2.6.5 #2 SMP
     
  14. wbwcap

    wbwcap Registered

    Joined:
    Aug 31, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Not just RedHat

    Ok, it's good to know it's not just me, but FYI yall, I get these messages too and I'm not using either Fedora Core or RHEL, I'm using Cent OS and I get the exact same warnings of hidden named processes, and of course those named processes ARE indeed hidden, if I do ps for them, they do not show up, but I can kill the pids from the e-mail and killing any of the hidden pids kills all 3 of the hidden named pids as well as the visible named pid. I'm using stable, should I upgrade to one of the other releases, are there dangers to upgrading from stable to one of the other releases? and will doing so fix this annoyance or not?
     

Share This Page