+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: Usage (/forum-34.html)
+--- Thread: Rootkit Log (/thread-2088.html)
Pages: 1 2
Rootkit Log - BioALIEN - 01-04-2008 03:35 PM
I installed ispcp latest build 4 days ago and was checking my rootkit log and I found this. Can anybody give me clues on whether this is a major risk?
I followed only the standard install, so it's strange how I was infected so quickly?
Quote:[00:03:08] WARNING, found: /dev/.static (directory) /dev/.udev (directory) /dev/.initramfs (directory)
---
Checking `bindshell'... INFECTED (PORTS: 465)
Checking `lkm'... You have 1 process hidden for readdir command
You have 1 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
Anybody can give their opinion on this?
RE: Rootkit Log - BeNe - 01-04-2008 04:39 PM
We discuss this in the German Corner.
This is no Problem or Warning. SMTPS for Postfix is running on this Port 465 and it is OK. No one has a Problem with it - just RootKit Log.
Greez BeNe
RE: Rootkit Log - BioALIEN - 01-04-2008 05:20 PM
Hmm so its a false alarm? That's a major relief to know. Thanks for the response BeNe!
RE: Rootkit Log - BeNe - 01-04-2008 06:16 PM
Yeah if you want so it is a false alarm!
If you do not use SMTPS - disable it in Postfix and this wrong Warning/Error is gone. That´s all.
Greez BeNe
RE: Rootkit Log - raphael - 01-05-2008 04:02 AM
why isn't it 587? that's odd
RE: Rootkit Log - BeNe - 01-05-2008 04:47 AM
Port 587 is not secure / normal SMTP and 465 is SMTPS or not ?
Greez BeNe
RE: Rootkit Log - joximu - 01-05-2008 06:48 AM
SMTPS is 465, the so called "submit service" is on Port 587 and this is more and more used by providers to provide a "smtp with auth" for customers.
(Yeah, I know: smtp with auth is also possible on port 25 - I think the advantage could be: Port 587 is *only* for the own customers -> always and only with smtp auth, and port 25 (and 465???) is *only* for other mail servers -> no smtp auth but with all sort of spam/virus checks... (blacklists).
/Joximu
RE: Rootkit Log - raphael - 01-07-2008 03:50 AM
usually SMTP+TLS is on 587, not 465; port 25 is SMTP. AUTH is usually allowed at both ports, no discrimination neither on one nor the other
RE: Rootkit Log - joximu - 01-07-2008 04:28 AM
Ok thanks Raphael.
So, Port 465 is *only* used if you want to use SMTP with *SSL* (SMTPS)
And this is not (yet) very common (well, I use it on one server :-)
/J
RE: Rootkit Log - fulltilt - 02-04-2008 11:04 PM
i found this also today on a strato server:
Code:
Checking `sniffer'... lo: not promisc and no packet sniffer sockets
eth0: PACKET SNIFFER(/sbin/dhcpcd-bin[1709])