We have been seeing this SSHD rootkit from time to time with much improved versions 🙂 One could see number of SSH processes on the server with nothing under process details. There is a huge discussion thread at WHT www.webhostingtalk.com/showthread.php?t=1235797 The current one which I have seen today was with keyutils-libs legit version name. However… Continue reading cPanel : SSHD Rootkit