Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trojans Detected

Discussion in 'General Discussion' started by scrotaye2, Apr 17, 2006.

  1. scrotaye2

    scrotaye2 Member

    Joined:
    Apr 17, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    151
    Hi, I am fairly new to the world of unix, and pretty much rely on cPanel to administrate my server.

    Today, I got this email from cPanel and I'm genuinely worried about it.

    Can someone please inform me what to do, or in which direction to go?

    Edit: I am running FreeBSD 5.3
     
    #1 scrotaye2, Apr 17, 2006
    Last edited: Apr 17, 2006
  2. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    166
    Seems like your box has been rooted. Im surprised because out of the box Freebsd is far more secure than Unix is.
     
  3. scrotaye2

    scrotaye2 Member

    Joined:
    Apr 17, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    151
    What does rooted mean?

    I have googled, and so far I've came up with the command chkroot but it's not a valid command (I guess for FBSD)
     
  4. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    166
    It means your box has been hacked.
     
  5. scrotaye2

    scrotaye2 Member

    Joined:
    Apr 17, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    151
    Alright. Tips/directions on what to do or where to go?
     
  6. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    166
    Read your private message. I already sent you a tip. Click on PRIVATE MESSAGE to read it.
     
  7. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    New York
    If you do a "ps ax" or check the server do you see those tasks running ?. I've seen alot of these trojan checkers come up withj false positives on Freebsd machines.

    If you have console control and are familiar with the O/S check the dates on those binaries.
     
  8. scrotaye2

    scrotaye2 Member

    Joined:
    Apr 17, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    151
    Hi, I am not familiar enough with FreeBSD to do that. However I looked in the 'currently running processes' in cPanel, and these processes are running. Is the best thing to do just start over, cleaning the box and reinstalling the os?
     
  9. scrotaye2

    scrotaye2 Member

    Joined:
    Apr 17, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    151
    I contacted the guys that house my server, and they said tihs:

    Does this make sense?
     
    #9 scrotaye2, Apr 17, 2006
    Last edited: Apr 17, 2006
Loading...

Share This Page