The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trojans and some Security questions

Discussion in 'Security' started by Slatko, Jan 22, 2011.

  1. Slatko

    Slatko Member

    Joined:
    Jan 21, 2011
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    So iam new in Cpanel before i use Plesk.
    And Cpanel is so nice mmmmmmm :D
    But some Security questions i have:
    I has made an Trojan Scan this are the Results:
    Code:
     Main >> Security Center >> Scan for Trojan Horses
    Scan for Trojan Horses
    Appears Clean
    /dev/core
    /dev/stderr
    Scanning for Trojan Horses.....
    Possible Trojan - /usr/bin/cpan
    Possible Trojan - /usr/bin/instmodsh
    Possible Trojan - /usr/bin/
    Possible Trojan - /usr/bin/xml2-con
    Possible Trojan - /usr/lib64/python2.4/site-packages/libxml2mod.la
    Possible Trojan - /usr/lib64/python2.4/site-packages/libxml2mod.s
    Possible Trojan - /usr/bin/xmlcatalog
    Possible Trojan - /usr/bin/xmllint
    Possible Trojan - /etc/cron.daily/logrotate
    Possible Trojan - /usr/sbin/pureauth
    Possible Trojan - /usr/bin/xml2-config
    
    Modsecurity works very nice.
    But are this Files all Trojans?
    And i have many Nobody Process runing:
    Code:
    22943 nobody    15   0  286m 204m 2228 S  2.0  2.6   0:05.89 httpd              
    23503 nobody    16   0  286m 204m 2284 S  1.7  2.6   0:04.35 httpd              
    25319 nobody    18   0  286m 204m 2264 S  1.3  2.6   0:02.96 httpd 
    
    Nedd much memory is this normal?
    thx
     
  2. LinuxTechie

    LinuxTechie Well-Known Member

    Joined:
    Jan 22, 2011
    Messages:
    502
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hello,

    I could not find any trojans from the results. You can do a maldetect or clamscan in your server to find vulnerable files in the server.

    Nobody processes are simply apache and nothing to worry about it. If you find more connections in apache it can be limited.
     
Loading...

Share This Page