Rootkit problems

P

powerdomein

Verified User
Joined
Dec 28, 2005
Messages
99
Dear guys,

I run rkhunter from the ssh. the command was:
rkhunter -c
it founds 10 domainnames wtih different group, whic i create in few days. Now the domains dont WORK. I can see them from Ip.
exm.: http://85.92.134.111/~gulhan/ it works very well
but the domain: http://www.mesarecruitment.com dont work. I see only the apache site. I dont know wich chmod is been change..

Can someone please HELP me..

Thanks.. See picture.. for example.
 

Attachments

  • root.jpg
    root.jpg
    213.4 KB · Views: 192
Hi,

I see your website. You may want to try a few things.

Check

1° - Named is working fine :

telnet SERVERIP 53
http://www.dnsreport.com/tools/dnsreport.ch?domain=www.mesarecruitment.com+

2° - Problem of configuration :

service httpd configtest

3° - Is the website working somewhere else :

http://www.startingqbasic.co.uk/phproxy/
http://phproxy.frac.dk/

4° - Then check logs in /var/log :

apache access/errors logs
proftpd logs

5° - Look for some s-h-i-t-t-y things in /tmp :

Some phpshell, .. r57shell etc...

6° - Check exim logs in case of use for spam

7° - Check for who is allows to ssh in /etc/ssh/sshd_config

AllowUsers root
AllowUsers admin

nothing else should be there...

8° - Scan for open port :

nmap -sT -O localhost

9° - Check the systems load and the running processes :

uptime
ps aux | more
top

Then tell us if you find something.
 
Last edited:
Solutions is.....

I have search every where.. You can no-where find the problem or the solution. I check every file. .
And...

Check the httpd.conf file.. You will see that tkhunter the latest make change undo. The domains, which i created (line) was gone in the file. I added them manualy.

It works now..
 
You must log in or register to reply here.
Back
Top