Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > lfd: System Exploit checking detected a possible compromise


lfd: System Exploit checking detected a possible compromise




Posted by LayeredSoft, 04-29-2008, 07:16 AM
welcome I always recieve this email : from lfd I do this to test if my server is infected : it created without any problems and I used tcpdump and I got this : is that mean the server is infected ? but these scripts are for the IPB forum board so why I still recieve this email ? Last edited by LayeredSoft; 04-29-2008 at 07:21 AM.
Posted by david510, 04-29-2008, 07:37 AM
If the .js files are repeatedly appearing in the tcpdump output for long interval, then the server might be infected. Otherwise they should be used for legitimate purposes. Also make sure these .js scripts are genuine ones.
Posted by LayeredSoft, 04-29-2008, 07:49 AM
Sorry I dont get it can you give me some other details
Posted by net, 04-29-2008, 08:00 AM
This can be a false alarm also if your OS or CPanel just updated.
Posted by tix3, 04-29-2008, 08:19 AM
Check if /etc and /home is mounted in a different partition.If they are check if /etc partition is out of space.For the .js files they seem pretty legitimate to me.The exploit usually generates a .js file with a ranodm sequence of 5 or 6 characters.
Posted by LayeredSoft, 04-29-2008, 12:49 PM
welcome all things going right I guess nothing run out of space !
Posted by Scott.Mc, 04-30-2008, 09:38 AM
That is plain wrong. The javascript he is seeing in the packet dump is coming from his installations which are not an issue neither does it mean he is infected. LayeredSoft this is a flase alter and is just a poor and hasty implimentation by CSF to detect the "js rootkit ???" that was around awhile back. Your issue is because you ran out of space on the partition /etc is on which lead to it's poor detection providing a false positive. To be exact While you may have space available now at the time it was generated you did not.
Posted by david510, 04-30-2008, 09:50 AM
Thanks for pointing out. I missed that warning.
Posted by vip2, 06-26-2008, 02:56 AM
I've just had a few issues of myself. Should I be worried?
Posted by Kooldino, 11-24-2009, 12:19 PM
I have this issue as well. http://www.cpanel.net/security/notes...s_toolkit.html is 404'd, so i can't find any information there. I tried creating a directory in my user home called "1" and it worked...
Posted by Kooldino, 11-30-2009, 11:58 AM
Bump......


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
K-Disk Network Outage - December 24, 2009 (Views: 765)
A few questions about reseller hosting! (Views: 811)
AT&T Blacklist Removal (Views: 745)
cPanel - TSR-2013-0010 Announcement (Security Updates) (Views: 763)
KVM VPS - E3 4-cores or E5 6-cores (Views: 699)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.