Cek Shell Backdoor di Server
- Thread starter T36o3h
- Start date
- Status
pedagang
Hosting Guru
pedagang
Hosting Guru
browsing aja
kalau centos 6 http://idroot.net/tutorials/install-htop-centos-6/
kalau centos 6 http://idroot.net/tutorials/install-htop-centos-6/
mustafaramadhan
Hosting Guru
Semestinya fungsi exec, passthru, shell_exec, system, proc_open, popen dan show_source di-disable untuk client. Jika sudah di-disable jelas tidak akan bisa dijalankan melalui php.
pagi ini saya dapat report dari rkhunter spt ini :
Warning: Changes found in the passwd file for user 'belajari':
The login shell has changed from '/bin/false' to '/usr/local/cpanel/bin/noshell'
Warning: Changes found in the passwd file for user 'mozaicbu':
The login shell has changed from '/usr/local/cpanel/bin/noshell' to '/usr/local/cpanel/bin/jailshell'
Warning: Suspicious file types found in /dev:
/dev/.udev/queue.bin: data
/dev/.udev/db/block:vda1: ASCII text
/dev/.udev/db/block:vda2: ASCII text
/dev/.udev/db/input:event2: ASCII text
/dev/.udev/db/input:event3: ASCII text
/dev/.udev/db/input:mouse1: ASCII text
/dev/.udev/db/input:mouse2: ASCII text
/dev/.udev/db/input:js0: ASCII text
/dev/.udev/db/input:event4: ASCII text
/dev/.udev/db/input:event0: ASCII text
/dev/.udev/db/block:vda: ASCII text
/dev/.udev/db/input:event1: ASCII text
/dev/.udev/db/serio:serio0: ASCII text
/dev/.udev/db/sound:card0: ASCII text
/dev/.udev/db/sound:controlC0: ASCII text
/dev/.udev/db/sound
cmC0D0p: ASCII text
/dev/.udev/db/soundcmC0D1c: ASCII text
/dev/.udev/db/soundcmC0D0c: ASCII text
/dev/.udev/db/sound:seq: ASCII text
/dev/.udev/db/sound:timer: ASCII text
/dev/.udev/db/usb:1-1: ASCII text
/dev/.udev/db/usb:usb1: ASCII text
/dev/.udev/db/block:ram4: ASCII text
/dev/.udev/db/block:ram6: ASCII text
/dev/.udev/db/block:ram5: ASCII text
/dev/.udev/db/block:ram8: ASCII text
/dev/.udev/db/block:ram9: ASCII text
/dev/.udev/db/block:ram7: ASCII text
/dev/.udev/db/block:ram3: ASCII text
/dev/.udev/db/block:ram2: ASCII text
/dev/.udev/db/block:ram14: ASCII text
/dev/.udev/db/block:ram12: ASCII text
/dev/.udev/db/block:ram15: ASCII text
/dev/.udev/db/block:ram13: ASCII text
/dev/.udev/db/block:ram10: ASCII text
/dev/.udev/db/block:ram11: ASCII text
/dev/.udev/db/block:loop6: ASCII text
/dev/.udev/db/block:ram1: ASCII text
/dev/.udev/db/block:loop1: ASCII text
/dev/.udev/db/block:loop2: ASCII text
/dev/.udev/db/block:ram0: ASCII text
/dev/.udev/db/block:loop3: ASCII text
/dev/.udev/db/block:loop5: ASCII text
/dev/.udev/db/block:loop0: ASCII text
/dev/.udev/db/block:loop7: ASCII text
/dev/.udev/db/block:loop4: ASCII text
/dev/.udev/rules.d/99-root.rules: ASCII text
Warning: Hidden directory found: /dev/.udev
Warning: Hidden file found: /usr/share/man/man5/.k5login.5.gz: gzip compressed data, from Unix, max compression
Warning: Hidden file found: /usr/share/man/man5/.k5identity.5.gz: gzip compressed data, from Unix, max compression
Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text
Apa ya artinya ???
Warning: Changes found in the passwd file for user 'belajari':
The login shell has changed from '/bin/false' to '/usr/local/cpanel/bin/noshell'
Warning: Changes found in the passwd file for user 'mozaicbu':
The login shell has changed from '/usr/local/cpanel/bin/noshell' to '/usr/local/cpanel/bin/jailshell'
Warning: Suspicious file types found in /dev:
/dev/.udev/queue.bin: data
/dev/.udev/db/block:vda1: ASCII text
/dev/.udev/db/block:vda2: ASCII text
/dev/.udev/db/input:event2: ASCII text
/dev/.udev/db/input:event3: ASCII text
/dev/.udev/db/input:mouse1: ASCII text
/dev/.udev/db/input:mouse2: ASCII text
/dev/.udev/db/input:js0: ASCII text
/dev/.udev/db/input:event4: ASCII text
/dev/.udev/db/input:event0: ASCII text
/dev/.udev/db/block:vda: ASCII text
/dev/.udev/db/input:event1: ASCII text
/dev/.udev/db/serio:serio0: ASCII text
/dev/.udev/db/sound:card0: ASCII text
/dev/.udev/db/sound:controlC0: ASCII text
/dev/.udev/db/sound
cmC0D0p: ASCII text/dev/.udev/db/sound
cmC0D1c: ASCII text/dev/.udev/db/sound
cmC0D0c: ASCII text/dev/.udev/db/sound:seq: ASCII text
/dev/.udev/db/sound:timer: ASCII text
/dev/.udev/db/usb:1-1: ASCII text
/dev/.udev/db/usb:usb1: ASCII text
/dev/.udev/db/block:ram4: ASCII text
/dev/.udev/db/block:ram6: ASCII text
/dev/.udev/db/block:ram5: ASCII text
/dev/.udev/db/block:ram8: ASCII text
/dev/.udev/db/block:ram9: ASCII text
/dev/.udev/db/block:ram7: ASCII text
/dev/.udev/db/block:ram3: ASCII text
/dev/.udev/db/block:ram2: ASCII text
/dev/.udev/db/block:ram14: ASCII text
/dev/.udev/db/block:ram12: ASCII text
/dev/.udev/db/block:ram15: ASCII text
/dev/.udev/db/block:ram13: ASCII text
/dev/.udev/db/block:ram10: ASCII text
/dev/.udev/db/block:ram11: ASCII text
/dev/.udev/db/block:loop6: ASCII text
/dev/.udev/db/block:ram1: ASCII text
/dev/.udev/db/block:loop1: ASCII text
/dev/.udev/db/block:loop2: ASCII text
/dev/.udev/db/block:ram0: ASCII text
/dev/.udev/db/block:loop3: ASCII text
/dev/.udev/db/block:loop5: ASCII text
/dev/.udev/db/block:loop0: ASCII text
/dev/.udev/db/block:loop7: ASCII text
/dev/.udev/db/block:loop4: ASCII text
/dev/.udev/rules.d/99-root.rules: ASCII text
Warning: Hidden directory found: /dev/.udev
Warning: Hidden file found: /usr/share/man/man5/.k5login.5.gz: gzip compressed data, from Unix, max compression
Warning: Hidden file found: /usr/share/man/man5/.k5identity.5.gz: gzip compressed data, from Unix, max compression
Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text
Apa ya artinya ???
pedagang
Hosting Guru
lebih enak anda lihat kalo langsung lewat ssh, kalau merah berarti perlu 'diperhatikan' (tidak selalu)
perintahnya " rkhunter --check "
pembersihan harus sampai ke sumbernya
jangan lupa siap dg backup (siap dg alternatif format ulang)
Perhatikan clue dari para master !
kalau saya sih hanya ikut numpang belajar
perintahnya " rkhunter --check "
pembersihan harus sampai ke sumbernya
jangan lupa siap dg backup (siap dg alternatif format ulang)
Perhatikan clue dari para master !
kalau saya sih hanya ikut numpang belajar- Status