[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: My server catched a rootkit?

On Fri 26 Nov 2010 at 18:53:05 +0000, James Brown wrote:

> I have received the next messages from crondaemon:
> /etc/cron.daily/rkhunter:
> Internal error!
> Internal error!


> Is it a rootkit or other error? What I need to do - remove infected
> files, reinstall the above packeges or give an order to my
> vds-provider for reinstalling my server at all?!

Your course of action will depend on the confidence you place in
rkhunter. Mine is zero, but if your reading of its reports is convincing
and you think it tells you anything important about your system your
only option is to reinstall. Not because there is anything untoward
about the server but because you you have entered a state of insecurity.
If chkrootkit was installed after your problems appeared its logs are

Then you could ask yourself: there are over 1,000 million computers on
the internet; why me?

Reply to: