Security :: Server Infected With Scanssh - Pscan2 - ./sshf

Jul 31, 2010

I am facing a security issue on my server. I can see many process like pscan2, scanssh and ./sshf processing on 'top'. The owner of these processes is non root account. Can anybody let me know what can be the extent of loss due to these suspicious scripts? How can I permanently remove these scripts from my server. Please note that I am using CentOS 5.5 (64bit).

View 4 Replies


Fedora Security :: Always Failing - Clam Found 9 Infected Notes Infected With: "Worm.Allaple-319"

Nov 10, 2010

I Clam-scanned a bunch of old CD's.. Clam found 9 infected notes infected with: "Worm.Allaple-319"... I wonders if this was my problem with Ubuntu always failing..? These are some of my best notes.. Is it possible to clean the bugs out of them with Fedora..?

View 8 Replies View Related

Security :: Computer Is INFECTED According To ClamAV?

Apr 11, 2010

I recently ran a virus scan on my CentOS server using ClamAV's "clamscan" command to scan my entire system for virus. After the scan was complete it says that I have 1 infected file on my computer. I COMPLETELY FREAKED OUT! Is there some kind of log that I should read to see where the infected files are? Also does ClamAV just scan your system for virus or does it scan and remove the virus on the computer.If you know of an alternative open source security software,

View 3 Replies View Related

Security :: Computer Has Been Infected With Trojans?

Jan 7, 2010

I'm now running Ubuntu 9.04. There are 2 accounts on this computer, one is linux, the other is ubuntu. Before New year, everything had been fine. But after new year, I came back and found that the password of this account linux has been changed. So I fixed using my rescue disk. But since that day on, it seems that this password changes everyday somehow. Everyday when I'm trying to log into my Ubuntu System using the account linux, it says login failed. However, i can still login using the account ubuntu. I'm really confused. Why is this? I checked the date of expiry. Everything seems to be fine.

View 14 Replies View Related

Ubuntu Security :: ISP Keeps Complaining About Infected Computer

Feb 27, 2011

For a while my ISP has been sending me emails regarding an infected computer or computers on my local network. There are 4 computers running linux and 3 running windows on said network (3x ubuntu, gentoo, 2x windows server 2003 and windows 7).Now, I haven't used Windows in oh so many years and am not responsible for those computers on this network. Does it seem like this is a virus on a Windows host or should I research and adjust my iptables settings on the router? The applied anti-virus software (I don't know which one) apparently does not find any infections. On my workstation I'm using spotify and win32 office through wine, both obtained from legal and trusted sources, and would thus not consider my wine environment a threat.

View 4 Replies View Related

Security :: LAN Hacked - How To Find Infected Machine

Jul 3, 2009

I have LAN with 20 machines. I see that one of them is infected. Its sending a lot of packets to the internet. My internet connection at this momment is realy slow. What should I do? How to detect which machine is infected? I'm using hardware firewall. Fortigate... Its hard to configure there nice logs. Any good software. I don't want to switch off network cable from each machine and check.

View 10 Replies View Related

Security :: Detect Infected PC In LAN (Sending Packets To Internet)

Jul 17, 2009

In my network I have 25 workstations and some serves. Everything working in local LAN with firewall. The problem is that on one machine (I dont know which one) is installed software which sending data to the internet. Actually I dont know what it is. Last time as I remember was trojan which can create new network interfaces in windows and send some data to the internet. The half speed of my network connection is used by this infected machine. How can I detect which machine it is? How can I listen/capture some traffic and analyze from which machine I have more connections.

Please take a look on this time. Instead of 141-150ms should be 4-5ms.

64 bytes from (62.xx.191.74): icmp_seq=1 ttl=249 time=141 ms
64 bytes from (62.xx.191.74): icmp_seq=2 ttl=249 time=135 ms
64 bytes from (62.xx.191.74): icmp_seq=3 ttl=249 time=147 ms
64 bytes from (62.xx.191.74): icmp_seq=4 ttl=249 time=127 ms
64 bytes from (62.xx.191.74): icmp_seq=5 ttl=249 time=156 ms
64 bytes from (62.xx.191.74): icmp_seq=6 ttl=249 time=129 ms
64 bytes from (62.xx.191.74): icmp_seq=7 ttl=249 time=188 ms

How can I detect which machine is infected using only linux and keyboard ?

View 5 Replies View Related

Security :: Compromised Systems Notify Hacker They Are Infected

Dec 4, 2010

I have a server connected to the internet placed in a DMZ that was running ProFTPD. A couple of weeks ago there was a security threat uncovered that would grant access to external users through a buffer overflow. Of course I patched my ProFTPD quite often after that to secure my server. Now my problem is that the servers of ProFTPD were compromised and that source code with a back-door was released. To make matters worse compromised systems notify the hacker they are infected. is there any way to ensure I don't have a root-kit installed short of reinstalling the system?

View 4 Replies View Related

Ubuntu Security :: How To Repair Virus Infected Files With ClamAV

Mar 29, 2011

I have seen that we can scan for viruses and also virus infected files with ClamAV but is there any possibility that ClamAV can repair virus infected files.

View 1 Replies View Related

Security :: Detecting Infected Hosts - Honeypots - Wireshark - Nepenthes

Sep 2, 2010

Is there a 'plugin' for wireshark to analyze traffic and spot infected (windows) hosts? I have been using nepenthes with no luck. (and doubt all hosts are clean) is there some better way (other than using antivirus on each host)?

View 10 Replies View Related

Ubuntu Security :: Run A Program That Is Infected With A Trojan / Virus In Wine Will Effect It

May 2, 2010

if i run a program that is infected with a trojan/virus in Wine will it effect Ubuntu?

View 9 Replies View Related

Ubuntu Security :: Safe To Transfer Files From Infected Windows Partition?

Sep 2, 2010

My Windows XP Pro laptop has been attacked! Windows will no longer update and Microsoft Security Essentials will not update either. I've been trying to resolve the issue for over two weeks with Microsoft support, but it's just taking too long. I also tried some rescue CD options (all running some form of Linux, obviously):

- BitDefender Rescue CD (removed infections, now detects nothing),
- Kaspersky Rescue CD 10 (removed infections, now detects nothing),
- Trinity Rescue CD (won't load AV Engine, so can't use it to do anything).

Malwarebytes cleaned a bunch of stuff, but will not clean the final threat detected (it's supposed to get deleted on reboot, but never does). Hijack.FolderOptions is stuck in the accursed registry, and it keeps causing Windows Explorer to crash. I cannot rename files or work with them or everything just crashes.

So I'm ready to reinstall XP from scratch, and add a dual boot with Xubuntu & LXDE, which I'm already running on a much older laptop.

Question: I want to rescue the files I need. My idea was:

1) Install Xubuntu with dual boot.
2) Copy over files from Windows XP partition using Xubuntu.
3) Back up files to an external drive using Xubuntu.
4) Reinstall XP Pro and format hard drive.
5) Reinstall Xubuntu with dual boot.
6) Use Xubuntu for daily use.
7) Only use XP for those tasks that require it (TomTom updates ...)

Should I be concerned about the security risk from copying files from the Windows partition to the Xubuntu partition, and from there onto an external hard drive?

Is this the way to do it, or is there a better way? I just want my laptop back in working order. Right now I can't use it for anything.

View 8 Replies View Related

Ubuntu Security :: Clam Antivirus Does Not Prompt There Is A Virus When Opened The Infected File Or Link?

Aug 5, 2010

does it effective using ClamAV as Privoxy antivirus? I have actually configure it but it does not seem to come into any effect.Why?I test it with Eicar(test virus) online and it does not even prompt there is a problem unless i have scanned.Beside that,i have installed ClamAV daemon along with it. [URL]


Issue :How come the Clam Antivirus does not prompt there is a virus when i opened the file or problem link?Does it work difference as Window OS antivirus which prompt when there is a virus detected?

View 9 Replies View Related

Server :: Locating Infected Files In Logs?

Oct 29, 2010

I ran a scan (clamscan -r --remove /home/) on my user's home directory yesterday & since I have so many users on my mail server, it takes a very long time to complete. I came back in this morning and realized that there were two infected files found during last nights scan:

----------- SCAN SUMMARY -----------
Known viruses: 847768
Engine version: 0.96.4
Scanned directories: 23114
Scanned files: 1066439
Infected files: 2


View 5 Replies View Related

Security :: Define An Appliance Based On Suse For An Application Server And Web Server Apache - Best Network And Security?

Feb 6, 2010

We are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?

View 3 Replies View Related

Ubuntu :: Infected USB Pen Drive Read-only - Can't Format

Feb 1, 2010

I got some documents scanned today and had them put in a USB drive. The shopkeeper informed me that it has a virus, yet he transferred the files onto the USB drive. When I put it into my computer ten minutes later, the drive was not getting mounted. I read up and tried installing usbmount. After installing that, I managed to mount the drive. However, the drive was read-only on Ubuntu. On Windows, I found a virus and tried unsuccessfully to delete it (read-only). I tried again on Ubuntu, but didn't manage to delete the infected file (ReCyCleR/sEtuP.exe). I have now backed up all the files on the disk (except, obviously, the ReCyCleR directory). When I try to format the drive using gParted, I get:


View 6 Replies View Related

Ubuntu :: Infected Some Data Mining Spyware?

Jun 22, 2011

Recently, I've been contacted through AIM by a showgirl who wants me to watch her webcam. I found it very unusual that I was contacted about this, especially through AIM. Now, I don't actively give out my AIM screen name. The only place I am aware of it being posted up is on Facebook, and even I have my privacy on Friends so no one outside my network could see it... and even then my birthday on Facebook is underaged for this scandalous activity.

So I don't believe my screen name was gathered from Facebook in its use in this.Is it possible that I am infected some data mining spyware? How does Ubuntu deal with tracking cookies? I also consider that my screen name was mined from someone else's AIM account by which I was then contacted.

View 4 Replies View Related

Ubuntu :: Potentially Be Infected In The Windows Sense?

Feb 18, 2011

So since i have installed linux, I have been ready about how virus are not nearly as likely to infect linux system as windows, i am running a dual-boot though and import my profile and have a lot of my files from windows system on linux, can they potentially be infected in the windows sense?

View 2 Replies View Related

Ubuntu :: ClamAV Finds Infected Calc Spreadsheet

Mar 4, 2011

ClamAV tells me that three of my Calc spreadsheets may be infected (status "MBL_144360.UNOFFICIAL", if that means anything). This seems not entirely implausible, since yesterday I used a USB stick to transfer files from a Windows system. Anyway, I'd really like to keep these spreadsheets. Can I disinfect them somehow?

View 2 Replies View Related

Networking :: Identify Which Infected Desktop Is Copying Files To NFS Share?

May 18, 2011

I have iomega appliance, which is based on Debian distribution. There is an NFS share that I have created which is without password.Since it is without password, there are some viruses copied. I want to find out which IP address is the source of these files. In other words, I want to know which PC is copying these infected files on the NFS share.

View 3 Replies View Related

Software :: Open Office Makes Virus Infected Docs?

Mar 12, 2010

KWord won't save as .doc format on Slackware 13.0 so I got the SlackBuild for OpenOffice and changed my .odt resume to .doc. But now yahoo won't attach it, it says it has a virus. Wtf? (I don't really think it has a virus.)

View 5 Replies View Related

Ubuntu Security :: Installing LAMP Server On Laptop - Security?

May 8, 2011

I'm concerned about security of having a LAMP server on my laptop as having any server makes the system less secure. However, if I were to create a new partition and install a lamp server on that and only use it when offline, would the security of my main partition be affected at all?

View 3 Replies View Related

Ubuntu Security :: Best Solution To Protect Server From Security Threats?

Jul 22, 2011

I've recently been running a game server from my desktop, as well as a web page to accompany it.I use the ports 80/8123(HTTP)/5900(VNC)/50500(GAME)/5839(ADMINISTRATION).What's the best solution to protect my server from security threats? On a side note, I plan on adding a MySQL server later, but I want to keep it local only.

View 9 Replies View Related

Ubuntu Security :: Apply Security Updates Alone - Server

Aug 14, 2010

I'm new to server admin, so my question is based on what may be a bad assumption. With a server, my assumption is "if it ain't broke, don't fix it". In other words, I'm not really interested in upgrading the software to the latest and greatest if I already have stuff working on the server.

However, the one place where I DO want to constantly have upgrades is for security patches. How do I apply security updates to Ubuntu Server... and ONLY security updates?

View 2 Replies View Related

Security :: Increase The Security Of NFS Kernel Server ?

Aug 29, 2009

I followed this how to to make a NFS server: [url]

So it means: exports looks like this:


Here are some quick examples of what you could add to your /etc/exports

For Full Read Write Permissions allowing any computer from through

It means that if sbdy arrives with a linux machine, puts the ethernet cable into the router, then logs as root on his machine, and mount the exports. He can do almost everythg, with permissions chmod'ing ...

Is that LAMP, or i am wrong for nfs kernel servers, the ultimate users/password servers against that to prevent those physical approches /logins?is there good how to ?

View 5 Replies View Related

Security :: Test Server Security With Hping3?

Feb 15, 2011

I want to know how can I test my server security with hping3 tool I want to make a virtual DoS or DDoS or SYNK attack in my LAN to test my server security and ability against these attack .Is hping3 a good solution for this or not if yes how can I do this which option of this can make such these attacks?

View 4 Replies View Related

Ubuntu Security :: Pgadmin3 Through Ssh Tunnel - Error Connecting To The Server: Server Closed The Connection Unexpectedly

Mar 1, 2010

I'm using Postgresql 8.4.2-2. I'm trying to remote into my server securely. I figure I could do so with ssh. Apparently I figured correctly, as per, [URL] and [URL] I setup the ssh tunnel. ssh -L 5432:serverip:5432 Then I setup pgadmin3 to connect as follows:

host: localhost
port: 5432
user: postgres
maintenance db: postgres

And I receive the following error:

An error has occurred: Quote: An error has occurred: Error connecting to the server: server closed the connection unexpectedly This probably means the server terminated abnormally before or while processing the request.

I'm not sure what the problem is. I can connect with Code: psql from the cli after connecting to the terminal via ssh. So I know that I'm using the correct password.

View 3 Replies View Related

Ubuntu :: Set Up Security For NFS Server?

Oct 7, 2010

I have NFS set up on my file server on my local network. Right now I'm allowing all local IP's. Now I want to be able to access the shares from home, across town.

Can you secure NFS in any way other than IP restriction, ie. password login? I know I could just use sftp but I want the control and seamlessness of NFS.

View 2 Replies View Related

Security :: Best IDS For Server (centos)?

Apr 8, 2010

I had two continues attack on our server(web hosting capnel)...The attacker is deleting one users public_html content so that he is losing his contents.. Actually all files are with owner as him. But I don't know what's happening? is it a good idea to use some IDS on server..would it be a overhead for server?

View 1 Replies View Related

Security :: Getting The Connections To IRC Server?

Feb 4, 2010

For some time now I've been noticing the network activity light for my linux box blinking like mad on my router. After a little looking around for ways to see what connections my box has established, I found the following using lsof -i


bash 13839 root 1u IPv4 3118972 TCP shana:49148-> (SYN_SENT)
bash 13839 root 2u IPv4 3118986 TCP shana:34323->


I know I'm not using IRC, and I have my sshd locked down fairly tight, requiring a key to log in, so obviously, it looks like there's something or somebody in Croatia (the origin of that IP address) connecting my system to for some nefarious purpose. Looking at my processes, ID 13839 shows up as


13839 ? S 0:00 bash
Just 'bash', not '-bash' as


13426 pts/0 S 0:00 -bash

my session appears. Previously, this odd bash process was ID 2704, which seemed to imply that it had launched fairly soon after my system booted up which really makes me wonder. Oh, and yes, I did kill that 2704 process, and it returned as this 13839. 2704 also had those same IRC connections present in lsof.

View 12 Replies View Related

Copyrights 2005-15, All rights reserved