Possible Trojan List By WHM - Do I Need To Worry?
I ran the Trojan scan in WHM and it came up with the list below. I have a strong feeling WHM is mis-reporting these as trojans, but I thought I would ask the experts here:
Scan for Trojan Horses
Appears Clean
/dev/stderr
Scanning for Trojan Horses.....
Possible Trojan - /usr/bin/cpan
Possible Trojan - /usr/bin/instmodsh
Possible Trojan - /usr/bin/prove
Possible Trojan - /usr/bin/xmlcatalog
Possible Trojan - /usr/bin/xmllint
Possible Trojan - /usr/bin/xml2-config
Possible Trojan - /usr/lib/libxml2.la
Possible Trojan - /usr/bin/mysqlhotcopy
Possible Trojan - /usr/bin/Wand-config
Possible Trojan - /usr/bin/animate
Possible Trojan - /usr/bin/compare
Possible Trojan - /usr/bin/composite
Possible Trojan - /usr/bin/conjure
Possible Trojan - /usr/bin/convert
Possible Trojan - /usr/bin/display
Possible Trojan - /usr/bin/identify
Possible Trojan - /usr/bin/import
Possible Trojan - /usr/bin/mogrify
Possible Trojan - /usr/bin/montage
Possible Trojan - /usr/bin/curl-config
Possible Trojan - /usr/bin/curl
Possible Trojan - /usr/lib/libcurl.so.3.0.0
Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.la
Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.so
Possible Trojan - /usr/sbin/pureauth
25 POSSIBLE Trojans Detected
Is there anything that looks fishy here?
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
15 POSSIBLE Trojan Detected WHM
i have an site on my server when i open it the kaspersky anti viruss detect there is an trojan in this site .. ( see the picture in the attachment ) and i checked the server from the whm and there is result 15 POSSIBLE Trojans Detected How i can solve this ?? and remove this trojans .
View Replies!
View Related
IP Address And Subdomain Missing On WHM Account List
After changing options in "tweak settings", domains section, I found my site IP Address is missing, subdomain configuration also disappear. Print screen attached. - Add proxy VirtualHost to httpd.conf to automatically redirect unconfigured cpanel, webmail, webdisk and whm subdomains to the correct port (requires mod_rewrite and mod_proxy) - Automatically create cpanel, webmail, webdisk and whm proxy subdomain DNS entries for new accounts. When this is initially enabled it will add appropriate proxy subdomain DNS entries to all existing accounts. (Use /scripts/proxydomains to reconfigure the DNS entries manually) - Allow users to create cpanel, webmail, webdisk and whm subdomains that override automatically generated proxy subdomains Those following configuration is ** set by default. I have never changing option in "tweak settings" after 1-20 automatic update to STABLE version since I tweaked the WHM from first time installed. Domain cannot be accessed from http port, subdomain disappear.
View Replies!
View Related
Root Server But Worry About IP Addresses
We would like to offer root servers to customers, but we worry that they change the IP address to another IP address in our network and make troubles like this. I think, if a customer takes the same IP like our gateway router, our whole network is not reachable anymore. How can I avoid this?
View Replies!
View Related
Trojan C99Shell
I just installed zen cart on my webhosting and after few days later i saw some file written like core1405.php and when i open to view the file it is actually trojan c99shell. I have deleted all of the core file. Now how can i prevent it from happen again? Cause it is too much work to clean up the hosting server.
View Replies!
View Related
LKM Trojan?
I just installed a fresh copy of centos 4.5, updated some programs and installed chkrootkit. When i run # ./chkproc, it shows the following output: # ./chkproc You have 14 process hidden for readdir command You have 14 process hidden for ps command Searching for LKM trojans shows the following output: # ./chkrootkit -x lkm EXE 9994: /usr/sbin/named CWD 9995: /var/named EXE 9995: /usr/sbin/named CWD 9996: /var/named EXE 9996: /usr/sbin/named CWD 9997: /var/named EXE 9997: /usr/sbin/named CWD 9998: /var/named EXE 9998: /usr/sbin/named CWD 26293: /var/lib/mysql EXE 26293: /usr/sbin/mysqld CWD 26294: /var/lib/mysql EXE 26294: /usr/sbin/mysqld CWD 26295: /var/lib/mysql EXE 26295: /usr/sbin/mysqld CWD 26296: /var/lib/mysql EXE 26296: /usr/sbin/mysqld CWD 26297: /var/lib/mysql EXE 26297: /usr/sbin/mysqld CWD 26298: /var/lib/mysql EXE 26298: /usr/sbin/mysqld CWD 26299: /var/lib/mysql EXE 26299: /usr/sbin/mysqld CWD 26300: /var/lib/mysql EXE 26300: /usr/sbin/mysqld When i stop mysql and named, and run # ./chkrootkit -x lkm again, it doesn't show anything. When i turn mysql and named back on, it starts complaining about compromises again. Can it be a false alarm, or should i really be worried? What do you advise me to do now?
View Replies!
View Related
Trojan-Downloader.JS.Psyme.hz
I have an hosting account at OXEO.com and I have trojan problems on all my websites The index files of all my websites show a Trojan program called Trojan-Downloader.JS.Psyme.hz I checked my websites on Google and Google is warning users for this kind of problems for one of my websites Does anybody here has experienced the same problem?
View Replies!
View Related
How-to - Rootkit Scan (trojan Etc)
What is a rootkit? The following link is a very good read to answer that question. http://linux.oreillynet.com/pub/a/li...4/rootkit.html In Summary, a rootkit is a trojan installed on your Linux server after someone has broken into it. These files are used to cover the hackers tracks, and to give the hacker tools to do more dirty work from your server. Usage: 1. su - (change to root user) 2. mkdir /usr/local/chkrootkit 3. wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz 4. tar -xvzf chkrootkit.tar.gz 5. cd chkrootkit* 6. cp * /usr/local/chkrootkit 7. cd /usr/local/chkrootkit 8. make sense Now scan your system: 1. cd /usr/local/chkrootkit 2. ./chkrootkit chkrootkit may from time to time give false positives. If you ever get a positive or "infected hit" scan a second time. If you do get a positive hit, google the hit to research the issue and steps to correct. Part 2 - automated chkrootkit, and emailed results. I'm lazy, and like my server to do the work for me so I have it scan every day, and email me the results. Usage: 1. vi /etc/cron.daily/chkrootkit 2. add the following code. Code: #!/bin/bash (cd /usr/local/chkrootkit; ./chkrootkit -q 2>&1 | mail -s "Daily chkrootkt scan" you@yourdomain.com) 3. chmod 0755 /etc/cron.daily/chkrootkit This will email you@yourdomain.com every morning with your chkrootkit results. the -q option will only show you exploits. Removal: If you don't like getting the emails or just want to remove this from your server: 1. rm /etc/cron.daily/chkrootkit 2. rm -rf /usr/local/chkrootkit All files will now be deleted from your server.
View Replies!
View Related
PHP.Backdoor.Trojan
As usually I do monthly scan to all files on my site,today I download all backup site into my PC,then scanning them using Norton Antivirus and on one site files Norton detected PHP.Backdoor.Trojan. I take a look file location and found current file with name xTgsj78Jn.txt Then I go to my server where site hosted,and i go to the directory and found file above stay on there,I try many time to delete it but always get an error message "Permission denied",I try to change permission but always returned an error. When deleted it i use command rm -r with root access,then I do ls -l and found details file like below. -rwxrwxrwx 1 nobody nobody 137787 Mar 19 20:14 xTgsj78Jn.txt* Please help me to delete this file. FYI this file uploaded to my hosting file site.
View Replies!
View Related
Websites Infected With Trojan How To Solve?
i see my websites are infected with some trojan. there are some iframe tag simlilar to this in all index files <iframe src="http://traff<<removed>>.cn/in.cgi?27" width=100 height=80></iframe> any idea how might this iframe inserted in my codes. i have tried to format my systems and remove all saved ftp passwords , but still this virus is comming back and the strange thing is i have website on different servers infected with same virus any idea how this is happened and how to avoide this?
View Replies!
View Related
Trojan-Clicker.HTML.Iframe.g In My Website? What Is This??
I have a website and all works fine, but an user said me that uses kaspersky said me my website has an trojan i don't understand how this is possible, and i'l really worried. the trojan that appears to my user is: Trojan-Clicker.HTML.Iframe.g someone know why i have this trojan? Now the users refuses to open my website!! i'm more than worried this is an printscreen of the error: ...
View Replies!
View Related
Trojan Detected On Initial Load Of Site
I have 2 reseller accounts with one provider, and in the last several days I have noticed that when you visit the site for the first time, my AV software detects a trojan on the site, but the code & html files are 100% clean! I'm suspecting that there is something being injected into the scripts from the server daemons that's either running or something else. Anyone have any suggestions?
View Replies!
View Related
Trojan-Clicker.HTML.IFrame.amh
I am not that technically proficient so I have to resort to shared hosting solutions...I am currently with Bluehost. Problem: I have a small site with minimal needs in terms of storage and bandwidth, but the site is controversial and gets hacked and attacked a lot. I need a shared hosting provider which ranks higher than most in terms of security. Recently the site was attacked such that any user going to the site was infected with Trojan horse viruses. Donno if it's useful or not but here are the files from my PC antivirus which was infected when I went to the site with IE: File generated by Rogers Online Protection Anti-Virus C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5PG8E0SM0gifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:25 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5GC9JZWI3gifimg[2].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:27 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5QBPA1ELgifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:27 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE56SLECSUQgifimg[5].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:28 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5EKTEAS82gifimg[5].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:28 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5P5098OY4gifimg[4].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:29 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5IPGNWAB0gifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:30 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE55VT8B104gifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:30 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE543XUDX83gifimg[2].htm Trojan-Clicker.HTML.IFrame.amh Quarantined 11/5/2009 12:21:31 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE56SLECSUQgifimg[5].htm Trojan-Clicker.HTML.IFrame.amh Quarantined 11/5/2009 12:22:18 AM C:Documents and SettingsuserLocal SettingsTemporary Internet
View Replies!
View Related
Prevent Of Execution Trojan Shell Scripts, Like R57shell And Other?
Which configuration for php and server that prevent execute shell scripts? Which funstions you recommend to disable? Like shell_exec, passthru, proc_open, proc_close, proc_get-status, proc_nice, proc_terminate, exec, system, suexec, popen, pclose, dl, ini_set, virtual, set_time_limit
View Replies!
View Related
/tmp/clamav-77e7bfdbb2d3872b/test2.exe: Trojan.Taskkill.A FOUND
What is the mining of following lines in temp folder. If i have been check daily /tmp folder many /tmp/clamav are presented in mail server, and occupied the large amount of space in temp folder /tmp/clamav-77e7bfdbb2d3872b/test1.exe: Worm.Mydoom.U FOUND /tmp/clamav-77e7bfdbb2d3872b/test2.exe: Trojan.Taskkill.A FOUND /tmp/clamav-77e7bfdbb2d3872b/test3.exe: Worm.Nyxem.D FOUND /tmp/malware.zip: Infected.Archive FOUND
View Replies!
View Related
Trojan Activity - Running Perl With High CPU Usage, With User Apache
Running programs named Perl with Heavy CPU usage, with the ownership of user apache. We found the problem on Fedora 3 and Fedora 6. In our case, it was the result of a Trojan activity. Quick Solution Check the cron jobs of user apache crontab -u apache -e */1 * * * * perl /tmp/.tmp/tmpfile delete the cronjob entry. Also delete the file /tmp/.tmp/tmpfile also added "apache" to the file /etc/cron.deny That's all Problem and solution in detail....
View Replies!
View Related
List Too Long
root@server [~]# replace ns3.host.com ns1.host.com -- /var/named/* -bash: /usr/bin/replace: Argument list too long How can I work past this? Using Centos 4.5 / cpanel
View Replies!
View Related
Mailing List
I have a client who is interested in settin up a paying mailing list for a website I built for him. I figured since he doesn't want to spend $3000 for a full CMS, I would just do things manually. A customer would pay through Paypal. He would then check PayPal for any new subscribers dailys, add them if new, and then send out his newsletter daily to the people who have paid. In the mailing list software, there would be a box for how many days this person would be allowed to be sent an e-mail and then once his subscription was up, an e-mail would be sent out (the last part is optional). Does anyone have any insight of a program/script that would work in this manner? Or maybe a decently cheap script that they know of? This site is a non-profit, donation site.
View Replies!
View Related
VPS For Mailing List
one of my client have an in-house subscriber list with 30000 email build with their offline promotional campaign. They need to send 4 to 5 email in a month and the list might expand to 60000 in a year. they are using a mailing program to schedule the mailing at 250 email per hour as according to the limit of their ISP and they are looking for a better solution. i want to suggest them taking a VPS but i'm new to VPS so i'm here to looking for suggestion that i can recommend to my client.
View Replies!
View Related
Netstat :: How To List IP Addresses?
My site is under attack, when i run this command [php]netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -[/php it show 1 116.xxx 1 118.xxx 1 203.xx 1 222.xxx 1 Address 1 servers) 3 115.xxx 3 123.xxx 4 58.xxx 10 127.0.0.1 694 What 694 connections mean ? Why netstat don't list their IP ? How can i know which IP is attacking my site ?
View Replies!
View Related
Server IP On Spam List
I recieved a new block of ips from my server folks and this block is worse than before, the main ip is on more than 10 spam lists. How do I resolve this? Is there a way a server company can select a clean block of ips? can I set the email program to use a separate ip or something intead of changing ips of server?
View Replies!
View Related
On-Net Building List
Does anyone know why companies like Level3/Yipes/Abovenet/Global Crossing don't make their on-net building list available readily? Cogent/Zayo/etc have it listed right on their website....Zayo even gives you this downloadable KMZ file for Google Earth. I'm working with a few clients who run their own data center/web hosting facilities and are looking at new spaces in various Class A office buildings. Obviously, I can go around and call all the providers, but it becomes a voicemail game.
View Replies!
View Related
Short List Of Hosts
I have a short list of hosts I'm considering for either my main or backup host. I am currently with A Small Orange in Atlanta who seems to be fairly stable. Here's the list: iHubNet.com MidPulse.com SharkSpace.com AspirationHosting.com I like that iHubNet has their own servers. The comments that folks like Matt A make on this board to be helpful have caught my attention. My web site has a domain and two parked domains. About 50 subdomanins and is typically 300 to 450MB in size. It uses about that much in bandwidth a month, mostly from clients downloading audio mp3's of voiceover work. The site staying online is important. I just don't seem to read much on this board about some of these hosts and was wondering if anyone had any experience with them?
View Replies!
View Related
List Of Available VPS Platforms?
Anyone got a list of available VPS platforms, perhaps with feedback? I run Plesk so I was going to run with Virtuozzo but I see Parallels don't want to give us pricing and I don't have time for that kind of rubbish. What alternatives are there?
View Replies!
View Related
New VPS And Mailing List
Just got a new WiredTree VPS up and running. Service has been great so far. Make that super! VPS newbie question: I would like to set a limit on emails for all domains but mine to some number per hour, but I would like mine to be unlimited. I'm not going to be sending a lot, but, when necessary, they will need to go fast. So far, the only way I have figured out how to keep unlimited for me is to not set a throttle at all and allow Mailman only on admin domains. If any user has to have lists, then I can authorize it then and maybe keep tabs on it.(There's probably a lot better way to say that, but I'm tired :-)
View Replies!
View Related
Email List Hosting
We are a small non-profit (High School PTA) and would like to sending weekly newsletters to our parents who are paid members and have provided an email address on their membership forms. Although we have about 2000 members, our list is about 800 subscribers. We expect this to max out at about 1500 over the next year or two. The newsletter is produced in MS Publisher and is sent as an ‘email message’ through outlook. Looked at email services – afford them right now. I am looking for a hosting company/service that will allow: 1. Maximum deliverability -we have issues with Comcast and AOL. Surprisingly, yahoo and hotmail have been fine. 2. We do not want opt-in – we want to be able to add addresses. We tried yahoo groups but I kept battling parents who would let invitations expire and ask that I resend or those who requested that I ‘just’ add them because they had already provided their address or because are not email savvy enough to follow the links! Yahoo groups limits the number of address on their ‘free’ list and you can add only 10 members per day. This was fine when we had only 100-200 but cannot do this with a growing list. 3. Need to way to ‘manage’ the list – meaning see which email address received the newsletters successfully, which ones got rejected by individual’s filter, which ones were blocked by the providers, email address which are no longer valid, etc. Currently, I have no way (that I know of) to get this information. I do not know PHP scripts or cgi-bin scripts – am willing to learn if there is a simple tutorial here on the forum. 4. All other needs are minimal.
View Replies!
View Related
LXadmin Mailing List
In LXadmin mailing lists feature, how can only admin can send mail? There is a switch called "Only Moderators Can Post" but it doesnt work. I will send a mail to my members, but if they reply there will be a mess.
View Replies!
View Related
Logs - Entire List
Just got off the phone with tech support and they noticed that someone was trying to gain brute force entry to our VPS. We want to view our logs but can only see the last 250 lines or so when using this command inside putty: tail -9000 /var/log/messages How do we see / copy the entire 9000 entries to view in a text editor? Any tips would be great. I am a newbie at this.
View Replies!
View Related
Debian Sources.list
for a sources.list with sources that provide very up to date software. Currently I'm using this: deb [url] deb-src [url] deb [url] deb-src [url] But a few things like PHP + MySQL are behind a few versions...
View Replies!
View Related
Mirror/Mirroring List File
There are some Download Manager Programs that have a option like Find alternate URLs through mirror list file when giving a file for downloading. Where can I insert such a file in my site so that download programs can add other mirrors to it from my list of mirrors?
View Replies!
View Related
Why Don't Providers List RAM Speed
I'm curious as to why more dedicated server providers don't list RAM speed in their server specs. To me, server performance is very important, and the speed of the ram can certainly affect that. It also might not be obvious to many people how to determine the speed of the ram in your system. You can use the program lshw... PHP Code: #lshw ... *-bank:1 description: DIMM 1333 MHz (0.8 ns) vendor: Manufacturer01 physical id: 1 serial: 00000000 slot: DIMM1 size: 2GiB width: 64 bits clock: 1333MHz (0.8ns) ...
View Replies!
View Related
Get List Of Domains Using Specific Nameservers
Is it possible to get a list of domains that are using a specific pair of nameservers? We've purchased several hosting companies over the years, and would like to consolidate the nameservers we are using and need to manage. Thus.. we need to figure out which customers are using which nameservers. So getting a list of which domains are using the nameservers we don't want to use any more would be a nice easy way. Then we can contact those specific customers only.
View Replies!
View Related
Accounts Show Up As Suspended In List
there are about 5 accounts that show up in suspended list, but they are really not suspended and the dns still points to my server, sites are live. I tried unsuspending. Nothing. I suspended, unsuspended, nothing. I forced a cpanel upgrade, nothing.
View Replies!
View Related
Send To Mailing List Via Outlook
As you know, most mailinglists are built as you have to send emails from a control panel. But I am searching for a script or service where a group of members can email each other from their favourite email program, such as Outlook. Only those members would be allow to send to the list.
View Replies!
View Related
Mailing List Friendly Hosts
I'm downsizing my hosting business and I need to find a new host for a good client of mine. They are a small independent record label and use around 2gb of storage and 100gb of transfer. More importantly, though, they make heavy use of their mailman mailing lists. Can anyone recommend a host who doesn't limit outbound emails per hour or who has another solution for large mailing lists?
View Replies!
View Related
Update Package With Feature List
I am using CPanel. I just made customized features list and want to update all accounts of my reseller with that feature list. But problem is if I update package, this will update account space/bw, I am some account edit direct for space and bw etc. but thats account have same package name. Is there any option available that update features list without changing current space + BW.
View Replies!
View Related
|
TRACKER
