Hello!
Have a big problem my server is hacked.
I have ISPConfig2 final.
Hacker have full list of my /var/www catalogs.
And have ftp access to all users.
Have passwords from ftp. How it can be? As I know all password is encrypted.
No one user have Shell Access in my ISPConfig.
In auth.log all clean.
In other logs I did not see anything wrong.
In htop I see one service who has 100% it is /usr/sbin/apache2 -k start, he change PID but still 100%
chkrootkit log:
Code:
root@itex:~# chkrootkit
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not infected
Checking `inetdconf'... not infected
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not found
Checking `mingetty'... not found
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not tested
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not found
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for rootkit HiDrootkit's default files... nothing found
Searching for rootkit t0rn's default files... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for rootkit Lion's default files... nothing found
Searching for rootkit RSHA's default files... nothing found
Searching for rootkit RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:
/usr/lib/pymodules/python2.6/.path
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for suspect PHP files... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... INFECTED (PORTS: 1524 6667 31337)
Checking `lkm'... chkproc: nothing detected
chkdirs: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... lo: not promisc and no packet sniffer sockets
eth0: not promisc and no packet sniffer sockets
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
Checking `chkutmp'... chkutmp: nothing deleted
Checking `OSX_RSPLUG'... not infected
in rkhunter:
Code:
Warning: The file properties have changed:
File: /bin/cat
Current hash: e97ebdac9d5b18b608946cc379a9f7fff7d92353
Stored hash : b4459e224fc2e864e605c4b5e2148598afbf7d0b
Current inode: 10887308 Stored inode: 10887210
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /bin/chmod
Current hash: 73108f0862817a044ed09e1f6f2c4ed72eea14f6
Stored hash : 9deabae4c35c3488ce25aed6b9b7bdddf48cdadb
Current inode: 10887294 Stored inode: 10887233
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /bin/chown
Current hash: 8d341f31ec01fe4cebfec3b1a6da299f957a1f8a
Stored hash : 900cd762fe71289f69790e7f16e616716a1c1786
Current inode: 10887216 Stored inode: 10887234
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /bin/cp
Current hash: c8ca8827835e6a9d55acc4ff15dd52742c74dcdf
Stored hash : fb853246b80622a3f6a1995d13ffd3802f38c8b1
Current inode: 10887299 Stored inode: 10887236
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /bin/date
Current hash: 7fb8e614b5a2f0f2983533302c8dad8885f73338
Stored hash : 507ce363537fc49d5bfecdfebd7b769f69c416d5
Current inode: 10887295 Stored inode: 10887251
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /bin/df
Current hash: 3e691e8aebed0b0fd113b4926f653e81f9ac7e93
Stored hash : bd9c4d8777ba27ed3503035657d0f3cd099a5fa9
Current inode: 10887302 Stored inode: 10887255
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /bin/echo
Current hash: 9c0c91f011e6f8e143d714d61abfe9037a763642
Stored hash : 0827d20d70ebdd7dab3d5ef2413bd12167f13a13
Current inode: 10887311 Stored inode: 10887257
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /bin/ls
Current hash: a2b9552a4ad2d2f2da70709d625e021f2f8236e0
Stored hash : a1b43a43a2bf5f603e96d42f4e4400c0efad500a
Current inode: 10887229 Stored inode: 10887260
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /bin/mktemp
Current hash: 1dcbbf4346dab185de281c3ba0642e385c2f73a7
Stored hash : fb4891ada858bc911dfeae21e401916e0791bbf5
Current inode: 10887304 Stored inode: 10887314
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /bin/mv
Current hash: 3b4508d59c6215ea6144c6f69a1c16af998731a0
Stored hash : 22199c64e9bccc0e0daf5b1d14a72286cbbab373
Current inode: 10887307 Stored inode: 10887268
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /bin/pwd
Current hash: 209f342ecc209ff76ef8a5c27410cc1242873a53
Stored hash : 0c533b7192c2b459ddedc74549130d14925329ea
Current inode: 10887305 Stored inode: 10887269
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /bin/readlink
Current hash: 624851b7b0d9197e92300cf094a8f813217aa679
Stored hash : 172313f00bb722e482e89557cd2fdb93e719af27
Current inode: 10887230 Stored inode: 10887272
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /bin/touch
Current hash: 2a6e3c1ba3e644caa600c14b82776e3f48641b43
Stored hash : 430faece0db16f66bdcdf9af8ac31fca2b6dae2d
Current inode: 10887309 Stored inode: 10887280
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /bin/uname
Current hash: 114fe62c6bec5d64be2d16596e9201cac4dec4a8
Stored hash : dc4c05156a0b404f168849f35082ae1d30d117d1
Current inode: 10887296 Stored inode: 10887313
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/basename
Current hash: 5383a1a9de7908f013fdaeb43163c8a83141a45a
Stored hash : 264c7b9a61d79495a95fd4794ce0055166839278
Current inode: 5849381 Stored inode: 5494094
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/chattr
Current inode: 5488799 Stored inode: 5488801
Current file modification time: 1282026587 (17-Aug-2010 09:29:47)
Stored file modification time : 1271651439 (19-Apr-2010 07:30:39)
Warning: The file properties have changed:
File: /usr/bin/cut
Current hash: 2695f102096a30df2fb41f0c9deb71006ce6334d
Stored hash : d795c887aacfafea7f5a192b85db48a275e8d2dd
Current inode: 5850230 Stored inode: 5494065
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/dirname
Current hash: 4c5f02ceb63f20719ee844fc4f0904a7fa636de0
Stored hash : bb586d3753df795fc06193f5375e1ba7fd54e53f
Current inode: 5849371 Stored inode: 5494095
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/dpkg
Current hash: a0ba8c77acc1ad352df334fa96ff104034839ed0
Stored hash : d1b801ab6edd934c8b0cf3602ecbf3778299e452
Current inode: 5849266 Stored inode: 5494358
Current file modification time: 1286286079 (05-Oct-2010 16:41:19)
Stored file modification time : 1277742462 (28-Jun-2010 19:27:42)
Warning: The file properties have changed:
File: /usr/bin/dpkg-query
Current hash: e25c63dda635002257ae9567854289e0fd29af6f
Stored hash : 4b280474ec39aaf7f07af7f9f11736905622d2e0
Current inode: 6766611 Stored inode: 5494361
Current file modification time: 1286286079 (05-Oct-2010 16:41:19)
Stored file modification time : 1277742462 (28-Jun-2010 19:27:42)
Warning: The file properties have changed:
File: /usr/bin/du
Current hash: 48ba70d0f970534d8b83e14e314f038af66a4250
Stored hash : 7524dda0a64f840d524e5989d5a7f0b78bd21b7a
Current inode: 5850224 Stored inode: 5494008
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/env
Current hash: cc76cbf003843a8e1cc24798ef15845f95d9c071
Stored hash : ee53e355a39c21de9cb235160460827be98e4181
Current inode: 5849386 Stored inode: 5494096
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/GET
Current inode: 5489655 Stored inode: 5490133
Current file modification time: 1283311824 (01-Sep-2010 06:30:24)
Stored file modification time : 1277047006 (20-Jun-2010 18:16:46)
Warning: The file properties have changed:
File: /usr/bin/groups
Current hash: e5af040ef7917bf9c08c3c2086d1344de29249fb
Stored hash : 0cd8b1502a4fd12396dfb5e2df98ed3dfee42f44
Current inode: 5850253 Stored inode: 5494071
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/head
Current hash: 4c9ec31d346f4eb9753f2741cf75edf26ff27ba1
Stored hash : 1c67b2c64ace31473febe7ea6b3f4f761e71c649
Current inode: 5850245 Stored inode: 5494069
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/id
Current hash: aefc526afed345e18da85cbcb31c5b04add9874f
Stored hash : 59e87657aba2628c5579281edd7b91241acd0165
Current inode: 5850244 Stored inode: 5494099
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/ldd
Current hash: 8279769f4accb9fff41efd0f3c3cdfbb76c29f0a
Stored hash : 32b0f6e26bc337becb5e4539c8890180607361c4
Current inode: 5753578 Stored inode: 5491594
Current file modification time: 1290010999 (17-Nov-2010 18:23:19)
Stored file modification time : 1276526043 (14-Jun-2010 17:34:03)
Warning: The file properties have changed:
File: /usr/bin/lsattr
Current inode: 5488800 Stored inode: 5488802
Current file modification time: 1282026587 (17-Aug-2010 09:29:47)
Stored file modification time : 1271651439 (19-Apr-2010 07:30:39)
Warning: The file properties have changed:
File: /usr/bin/md5sum
Current hash: 4adf0c4adcb76edfa65a67724aa816ce8d30e494
Stored hash : 1618f47f2b480baed63979ec58783d4b7748342f
Current inode: 5850192 Stored inode: 5494072
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/runcon
Current hash: ecde1099b06e37e6cd7fb94d94289c0889172550
Stored hash : 0107cd99e3104732a3fbc9c44992b4b577ead465
Current inode: 5849378 Stored inode: 5495343
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/sha1sum
Current hash: d5d2fb34cad745ae12953c005859f22f62e41325
Stored hash : 0583612bf59245f7845b2b3019bea7de275ef3b6
Current inode: 5850165 Stored inode: 5494078
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/sha224sum
Current hash: 978ba276bf54cb5124d27928a861bd3ad84318b0
Stored hash : 1f40e2de46097fd28de96fce6d0c184aef34c54d
Current inode: 5850234 Stored inode: 5494079
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/sha256sum
Current hash: 661a34018a4e5cb6fe2998e1af7f507f385ddb5d
Stored hash : bf8b1a1f2ceda14126ab592cd995e105591bf360
Current inode: 5850200 Stored inode: 5494080
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/sha384sum
Current hash: 72880bb3433b56a43591ebe04db124fed640e510
Stored hash : d50583cb1d463dcd8a8170004f96769d474bc3b5
Current inode: 5850156 Stored inode: 5494081
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/sha512sum
Current hash: 25e03be6bec7372df8b4af8819030eb5589b8ead
Stored hash : 540dfcf5ba44dcc7bf0462e0633526b2337386a7
Current inode: 5850226 Stored inode: 5494082
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/size
Current inode: 5490399 Stored inode: 5490330
Current file modification time: 1282315301 (20-Aug-2010 17:41:41)
Stored file modification time : 1276856121 (18-Jun-2010 13:15:21)
Warning: The file properties have changed:
File: /usr/bin/sort
Current hash: 8eb30a901129950028af373ec819d9bc306c8080
Stored hash : 06a5511ea8bff3ec9221286cfb0a182d3258052d
Current inode: 5850247 Stored inode: 5494084
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/stat
Current hash: 278b154243387600aec64c53c487b511bae71ebd
Stored hash : 2890a89ffb9017633208ee7dc958a4dfcf7214aa
Current inode: 5850160 Stored inode: 5494045
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/strings
Current inode: 5490445 Stored inode: 5490336
Current file modification time: 1282315301 (20-Aug-2010 17:41:41)
Stored file modification time : 1276856121 (18-Jun-2010 13:15:21)
Warning: The file properties have changed:
File: /usr/bin/sudo
Current hash: 28282f23881b53b83b8accc9cc050ff033db973e
Stored hash : e14fc0a01a7f3ada1530a55cbcc34b9b4d041f7d
Current inode: 5490340 Stored inode: 5489887
Current file modification time: 1283287154 (31-Aug-2010 23:39:14)
Stored file modification time : 1276893615 (18-Jun-2010 23:40:15)
Warning: The file properties have changed:
File: /usr/bin/tail
Current hash: dab94cdba093f2a2941157c874037f68cae4a91d
Stored hash : b2cddf91b08280a60da8c529a73b275fdf3f26dd
Current inode: 5849383 Stored inode: 5494088
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/test
Current hash: 62065ae8d6029648f8047db9669cc4772d276931
Stored hash : cda761fde4e8435cd7b03c8589c4b4eda8295c58
Current inode: 5850166 Stored inode: 5495346
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/touch
Current hash: 2a6e3c1ba3e644caa600c14b82776e3f48641b43
Stored hash : 430faece0db16f66bdcdf9af8ac31fca2b6dae2d
Current inode: 5850256 Stored inode: 5489846
Current file modification time: 1286359395 (06-Oct-2010 13:03:15)
Stored file modification time : 1277046763 (20-Jun-2010 18:12:43)
Warning: The file properties have changed:
File: /usr/bin/tr
Current hash: e9f376e38f57e1131df918cb1ab76b94744f86e9
Stored hash : f2d44e8d350ea8e73f3a83353a144ce68578fbe5
Current inode: 5850164 Stored inode: 5494089
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/uniq
Current hash: 4168e44cfcb992dbe723b96b2801547af247be10
Stored hash : 43f3e863b58adc31d9628f8991975d2b40611849
Current inode: 5850231 Stored inode: 5494092
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/users
Current hash: a1bc94e2706cc6dc3af987a4c0e9b665bbe280b5
Stored hash : 8767e00225b08e75d0aae78160ccad488d8eaa75
Current inode: 5850248 Stored inode: 5494003
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/wc
Current hash: c5c890ed97370d1119658731825161924467f05f
Stored hash : f72ee7d6a9a57cc1184294d90076da217395998d
Current inode: 5850158 Stored inode: 5494093
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/wget
Current hash: 40b6e86e4445320b8df61f0b1aa8244dbe585749
Stored hash : b61f694dd51488b5abf927098aa38d556ab58ce1
Current inode: 5489774 Stored inode: 5491972
Current size: 333396 Stored size: 333364
Current file modification time: 1283357520 (01-Sep-2010 19:12:00)
Stored file modification time : 1262786529 (06-Jan-2010 16:02:09)
Warning: The file properties have changed:
File: /usr/bin/whatis
Current hash: 8ac1c97ded7d4c04614ae2b93b8b07f6a21ccbe7
Stored hash : 5ada41e246dcdf065e4615cd9844bbd4380838a0
Current inode: 5736584 Stored inode: 5491514
Current file modification time: 1286285374 (05-Oct-2010 16:29:34)
Stored file modification time : 1267525905 (02-Mar-2010 12:31:45)
Warning: The file properties have changed:
File: /usr/bin/who
Current hash: 8e4c8189e794c1accce11ba98625ab9d423159ca
Stored hash : 8ddd2c6fc1e2dece17a1fe159250e7a166ae6c95
Current inode: 5850237 Stored inode: 5494002
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/whoami
Current hash: c2334b613f35a709e6ab7a20ae631c67b2b13f01
Stored hash : bb895528efeae96c6c4c935b263e496a20864b7f
Current inode: 5850232 Stored inode: 5495349
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/bin/lwp-request
Current inode: 5488990 Stored inode: 5491398
Current file modification time: 1282937552 (27-Aug-2010 22:32:32)
Stored file modification time : 1262883889 (07-Jan-2010 19:04:49)
Warning: The file properties have changed:
File: /sbin/ifdown
Current hash: 8492aba75f302334dc9c558c0f58b09ab3040479
Stored hash : 36cd231c396a15983d0afe23e4e33dbb2349102a
Current inode: 3891229 Stored inode: 3891280
Current file modification time: 1282025603 (17-Aug-2010 09:13:23)
Stored file modification time : 1266649378 (20-Feb-2010 09:02:58)
Warning: The file properties have changed:
File: /sbin/ifup
Current hash: 8492aba75f302334dc9c558c0f58b09ab3040479
Stored hash : 36cd231c396a15983d0afe23e4e33dbb2349102a
Current inode: 3891229 Stored inode: 3891280
Current file modification time: 1282025603 (17-Aug-2010 09:13:23)
Stored file modification time : 1266649378 (20-Feb-2010 09:02:58)
Warning: The file properties have changed:
File: /sbin/init
Current hash: 968cbc98023d4bed9a52fd6f2aa519457fe0412b
Stored hash : d6997dd8ca3d89f8038729a284fb2447c35a1448
Current inode: 3891237 Stored inode: 3891256
Current file modification time: 1281659208 (13-Aug-2010 03:26:48)
Stored file modification time : 1270150546 (01-Apr-2010 22:35:46)
Warning: The file properties have changed:
File: /sbin/runlevel
Current hash: 028c8437b6cd831baf318e2acc5a8db8fb83c5f8
Stored hash : 550b372a8615ea7d455105d2244f2cf8345f43b2
Current inode: 3891283 Stored inode: 3891310
Current file modification time: 1281659208 (13-Aug-2010 03:26:48)
Stored file modification time : 1270150546 (01-Apr-2010 22:35:46)
Warning: The file properties have changed:
File: /usr/sbin/chroot
Current hash: 01f757a4225821face374208e7baa283ae56e9aa
Stored hash : 628f516c8f5a4bb0c816af24af980200dd0b937a
Current inode: 5767182 Stored inode: 5495353
Current file modification time: 1285094009 (21-Sep-2010 21:33:29)
Stored file modification time : 1267759792 (05-Mar-2010 05:29:52)
Warning: The file properties have changed:
File: /usr/sbin/rsyslogd
Current hash: ae3216d01c04f4da345589569bfaed37468868c5
Stored hash : ecb3d75ebf81fbde157497fb036bded23ce49abb
Current inode: 5488967 Stored inode: 5490750
Current file modification time: 1292004118 (10-Dec-2010 20:01:58)
Stored file modification time : 1267036087 (24-Feb-2010 20:28:07)
Warning: Network TCP port 1524 is being used by /usr/sbin/portsentry. Possible rootkit: Possible FreeBSD (FBRK) Rootkit backdoor
Use the 'lsof -i' or 'netstat -an' command to check this.
Warning: Network TCP port 6667 is being used by /usr/sbin/portsentry. Possible rootkit: Possible rogue IRC bot
Use the 'lsof -i' or 'netstat -an' command to check this.
Warning: Network TCP port 31337 is being used by /usr/sbin/portsentry. Possible rootkit: Historical backdoor port
Use the 'lsof -i' or 'netstat -an' command to check this.
Warning: Changes found in the passwd file for user 'itex72_ftp':
Warning: Changes found in the passwd file for user 'itex65_ftp':
Warning: Changes found in the passwd file for user 'itex65_admin':
Warning: Changes found in the passwd file for user 'itex65_info':
Warning: Changes found in the passwd file for user 'itex72_ioncare':
Warning: Changes found in the passwd file for user 'itex79_ftp':
Warning: Changes found in the passwd file for user 'itex80_ftp':
Warning: Changes found in the passwd file for user 'itex76_andrejae':
Warning: Changes found in the passwd file for user 'itex76_noresin':
Warning: Changes found in the passwd file for user 'itex76_ftp':
Warning: Changes found in the passwd file for user 'itex69_ftp':
Warning: Changes found in the passwd file for user 'itex69_info':
Warning: Changes found in the passwd file for user 'itex68_ftp':
Warning: Changes found in the passwd file for user 'itex68_info':
Warning: Changes found in the passwd file for user 'itex83_ftp':
Warning: Changes found in the passwd file for user 'itex88_ftp':
Warning: Changes found in the passwd file for user 'itex88_mailer':
Warning: Changes found in the passwd file for user 'itex88_info':
Warning: Changes found in the passwd file for user 'itex49_ftp':
Warning: Changes found in the passwd file for user 'itex49_office':
Warning: Changes found in the passwd file for user 'itex94_ftp':
Warning: Changes found in the passwd file for user 'itex75_ftp':
The login shell has changed from '/bin/false' to '/dev/null'
Warning: Changes found in the group file for group 'users':
Warning: The SSH and rkhunter configuration options should be the same:
SSH configuration option 'PermitRootLogin': yes
Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
Warning: Hidden directory found: /dev/.udev
Warning: Hidden directory found: /dev/.initramfs
How hacker can see my /var/www catalog list?
My server have many clients, and many site have Joomla engine.
Please help to solve this problem.
English | 
Deutsch
Hacked server
Threaded Mode
Recent comments
1 day 13 hours ago
1 day 15 hours ago
2 days 3 hours ago
2 days 6 hours ago
2 days 10 hours ago
2 days 16 hours ago
3 days 2 hours ago
3 days 4 hours ago
3 days 12 hours ago
3 days 13 hours ago