I ran chkrootkit on a machine that recently rebooted itself and got this.
Checking `lkm'... You have 17 process hidden for ps command
Warning: Possible LKM Trojan installed
this also looks suspect
bind named 373 4 udp4 *:49152 *:*
I then ran chkrootkit on my test directadmin box and got this
Checking `lkm'... You have 24 process hidden for ps command
Warning: Possible LKM Trojan installed
but no unusual open ports this time
I ran chkrootkit on all my other servers without directadmin on and no hidden processes, so right now I am trying to diagnose if my 2 servers have been exploited or not.
Checking `lkm'... You have 17 process hidden for ps command
Warning: Possible LKM Trojan installed
this also looks suspect
bind named 373 4 udp4 *:49152 *:*
I then ran chkrootkit on my test directadmin box and got this
Checking `lkm'... You have 24 process hidden for ps command
Warning: Possible LKM Trojan installed
but no unusual open ports this time
I ran chkrootkit on all my other servers without directadmin on and no hidden processes, so right now I am trying to diagnose if my 2 servers have been exploited or not.