There is a very interesting thread at Webhostingtalk right now. If you find this file in your server, your server is infected: libkeyutils.so.1.9 (the file does not exist in any official repository). If you only find libkeyutils.so.1.3, you would not be infected. Please read the thread here: http://www.webhostingtalk.com/showthread.php?t=1235797
So far it has not been any reports of DirectAdmin servers infected by this, but it seems that it is a unknown security issue in either CentOS or cPanel, nobody knows how the hackers are getting in the first place, only that if you find libkeyutils.so.1.9 in your server, your server would be compromised.
You can run these commands to check if your server has libkeyutils.so.1.9 or not:
I ask if any of you find this file in your server or not? If nobody does, then the unknown security issue might not affect DirectAdmin servers. I have three DirectAdmin servers running CentOS 6.3 64bit, and none of them is affected yet.
So far it has not been any reports of DirectAdmin servers infected by this, but it seems that it is a unknown security issue in either CentOS or cPanel, nobody knows how the hackers are getting in the first place, only that if you find libkeyutils.so.1.9 in your server, your server would be compromised.
You can run these commands to check if your server has libkeyutils.so.1.9 or not:
Code:
updatedb
locate libkeyutils.so.1.9
I ask if any of you find this file in your server or not? If nobody does, then the unknown security issue might not affect DirectAdmin servers. I have three DirectAdmin servers running CentOS 6.3 64bit, and none of them is affected yet.
Last edited: