cPanel : SSHD Rootkit
We have been seeing this SSHD rootkit from time to time with much improved versions 🙂 One could see number of SSH processes on the server with nothing under process details. There is a huge discussion thread at WHT www.webhostingtalk.com/showthread.php?t=1235797 The current one which I have seen today was with keyutils-libs legit version name. However the “Signature” was missing. root@linuxbabu [/var/log]# ls -la /lib64 | grep libkeyutils lrwxrwxrwx 1 root root 18 Jun 22 2012 libkeyutils.so.1 -> libkeyutils.so.1.3* -rwxr-xr-x 1 […]
Read More