The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

URGENT!! What is the best root kit detector?

Discussion in 'General Discussion' started by konrath, Sep 22, 2009.

  1. konrath

    konrath Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    367
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brasil
    Hello

    What is the best root kit detector?

    My server is compromised and I need to look for any malware.

    Thank you
    Konrath
     
  2. konrath

    konrath Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    367
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brasil
    I want search in all home ( users ).

    I want search malicious files, perl shell and etc..

    chrootkit seach only in O.S. files but dont search in home ( users )

    Thank you
    Konrath
     
  3. trevHCS

    trevHCS Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    69
    Likes Received:
    1
    Trophy Points:
    8
    As far as I know, a rootkit is something installed in the OS files rather than something in the /home or similar directory, hence why that one searches there.

    There is a trojan search script in WHM under security from memory which might help. Plus if you're running the anti-virus Clam demon then that hopefully would spot anything else (not sure if you can run it manually across the entire server).

    Also checking the Apache logs would be a good place as an awful lot of the infections are likely to show up as traffic in there, especially the simpler stuff. The access logs are also a good place to see if anyone actually logged in - gives an idea whether the infection was from say a dodgy PHP / Perl script, or a password attack

    /usr/local/cpanel/logs/access_log

    Trev
     
Loading...

Share This Page