I am running rkhunter and it says its infected or found hidden processes? Drucken

  • 0

First, you need to understand that if your VPS is compromised, then its already too late. So what will rkhunter do? It can only verify that you are hacked to a root level. It will not protect you.

If you just got your new VPS and you run some rkhunter or chkrootkit, that may give you a lot of false positives. An example:

Checking bindshell... INFECTED (PORTS: 465)
Checking lkm... You have 90 process hidden for readdir command
chkproc: Warning: Possible LKM Trojan installed

You also need to understand that a VPS is a virtual server, so many of the chkrootkit tests that are performed on real machines may fail on your VPS. 

For example these binaries may fail the test:

/sbin/insmod
/sbin/lsmod
/sbin/modprobe

as they are not the default ones that come with the OS, instead they are modified files to work for a virtual server.

So what do you do? If you feel someone has hijacked your VPS (or server) at the root level, open a support ticket and ask support to check it for you. 

War diese Antwort hilfreich?

« Zurück