savagelink
07-15-2003, 04:03 PM
I go to my server and access my webpage... and nothing.
My friend who has root access just tried to reset the server and what does he get?
****: Got signal 11 while manipulating kernel!
Doing a search in google reveals that its its a root kit. I was like WTF is that. So we look for it, get chkrootkit, and get these 2 interesting messages
Searching for Suckit rootkit ... Warning: /sbin/init INFECTED
Checking `bindshell'... INFECTED (PORTS: 31337)
so then i do a chkproc and get this
you have 2 process hidden for readdir command
you have 2 process hidden for ps command
which are 4786, 5536
so then we do a
kill -9 4786
bash: kill: (4786) - No such pid
kill -9 5536
bash: kill: (5536) - No such pid
and try to do a ./sk -u
./sk: /dev/null: Permission denied
./sk: line 2: syntax error near unexpected token `kmalloc()'
./sk: line 2: `RK_Init: idt=0xc0302000, sct[]=0xc02b021c, kmalloc()=0xc012d200, gfp=0xf0'
can anyone lend some help on how to get rid of this?
My friend who has root access just tried to reset the server and what does he get?
****: Got signal 11 while manipulating kernel!
Doing a search in google reveals that its its a root kit. I was like WTF is that. So we look for it, get chkrootkit, and get these 2 interesting messages
Searching for Suckit rootkit ... Warning: /sbin/init INFECTED
Checking `bindshell'... INFECTED (PORTS: 31337)
so then i do a chkproc and get this
you have 2 process hidden for readdir command
you have 2 process hidden for ps command
which are 4786, 5536
so then we do a
kill -9 4786
bash: kill: (4786) - No such pid
kill -9 5536
bash: kill: (5536) - No such pid
and try to do a ./sk -u
./sk: /dev/null: Permission denied
./sk: line 2: syntax error near unexpected token `kmalloc()'
./sk: line 2: `RK_Init: idt=0xc0302000, sct[]=0xc02b021c, kmalloc()=0xc012d200, gfp=0xf0'
can anyone lend some help on how to get rid of this?