The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Xinetd problem, please help :(

Discussion in 'General Discussion' started by sh4ka, Sep 18, 2005.

  1. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    442
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    US
    cPanel Access Level:
    DataCenter Provider
    I saw the server report today and there is a new port open

    113/tcp open auth


    root@server [~]# fuser -v 113/tcp

    USER PID ACCESS COMMAND
    113/tcp root 1969 f.... xinetd

    root@server [~]# ps -aux | grep "xinetd"
    root 1969 0.0 0.0 2136 912 ? S 08:41 0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid

    I kill all the xinetd process, restart xinetd, also rebooted the box and port still there..
    I have a few cPanel servers and I have never seen this port open, can anyone tell me what is that port ? and how to close it ? I am using RH Ent. 3 .

    thkz!

    pd: this rare port appear today after a kiddie using a script attacked one of the php-nuke websites I have hosted at the server.
     
  2. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    port 113 is the identd port that is used mostly for puter identification for irc servers.
    I would check your box over carefully for a running irc server and any more open ports that were not there before. Also run rkhunter and see if it reports any issues
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You need to edit /etc/xinetd.d/auth and change the disable line to:

    disable = yes

    then restart xinetd:

    service xinetd restart
     
  4. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    442
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    US
    cPanel Access Level:
    DataCenter Provider
    Thank you! ;)
     
Loading...

Share This Page