Client Login

I am running rkhunter and it says its infected or found hidden processes?

First, you need to understand that if your VPS is compromised, then its already too late. So what will rkhunter do? It can only verify that you are hacked to a root level. It will not protect you.

If you just got your new VPS and you run some rkhunter or chkrootkit, that may give you a lot of false positives. An example:

Checking bindshell... INFECTED (PORTS: 465)
Checking lkm... You have 90 process hidden for readdir command
chkproc: Warning: Possible LKM Trojan installed

You also need to understand that a VPS is a virtual server, so many of the chkrootkit tests that are performed on real machines may fail on your VPS.

For example these binaries may fail the test:

/sbin/insmod
/sbin/lsmod
/sbin/modprobe

as they are not the default ones that come with the OS, instead they are modified files to work for a virtual server.

So what do you do? If you feel someone has hijacked your VPS (or server) at the root level, open a support ticket and ask support to check it for you.

To keep your VPS protected from any hacks, at a user level or root level, please follow all the steps in this guideline for each user/account on your VPS/server.



Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article

Also Read