Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 25th March 2007, 19:22
alexillsley alexillsley is offline
Senior Member
 
Join Date: Dec 2006
Posts: 396
Thanks: 27
Thanked 4 Times in 4 Posts
Angry Virus / Root Kit Found

Hello,
I have just discorverd i have got a rootkit on my server, how can i remove it?
Code:
OSSEC HIDS Notification.
2007 Mar 25 17:31:20

Received From: server1->rootcheck
Rule: 14 fired (level 8) -> "Rootkit detection engine message"
Portion of the log(s):

Rootkit 'ZK' detected by the presence of file '/etc/sysconfig/console/load.zk'.
Please help,
Alex
Reply With Quote
Sponsored Links
  #2  
Old 25th March 2007, 19:30
alexillsley alexillsley is offline
Senior Member
 
Join Date: Dec 2006
Posts: 396
Thanks: 27
Thanked 4 Times in 4 Posts
Cool

I did a quick search on google and appears that files isnt actually a virus
Reply With Quote
  #3  
Old 25th March 2007, 19:40
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,419
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

Which scanner do you used to detect that? rkhunter or chkrootkit?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #4  
Old 25th March 2007, 20:10
alexillsley alexillsley is offline
Senior Member
 
Join Date: Dec 2006
Posts: 396
Thanks: 27
Thanked 4 Times in 4 Posts
Default

I used OSSEC HIDS
http://www.howtoforge.com/intrusion_...ith_ossec_hids
Reply With Quote
  #5  
Old 25th March 2007, 23:04
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,419
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

Maybe you should check your system with rkhunter too to be sure everything is ok. rkhunter can be downloaded here:

http://www.rootkit.nl
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 26th March 2007, 00:21
alexillsley alexillsley is offline
Senior Member
 
Join Date: Dec 2006
Posts: 396
Thanks: 27
Thanked 4 Times in 4 Posts
 
Default

Hi,
Thanks, i just installed rkhunter through yast, and it came out with no virus or root kits, looks safe
Alex
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
monit howto Jamesk5 HOWTO-Related Questions 11 5th August 2008 15:10
index.html make eror planet_fox Installation/Configuration 46 28th March 2007 09:10
mod_proxy / rewrite rules KenKnight Server Operation 25 30th January 2007 22:21
Apache - Virtual hosts - ISPConfig Hans Server Operation 8 23rd April 2006 16:29
cannot connect to ispconfig guidovanh Installation/Configuration 22 3rd March 2006 19:52


All times are GMT +2. The time now is 19:04.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.