dedicated server help
web hosting guides
dedicated server home dedicated server forums dedicated server reviews dedicated resources partners dedicated server resources contact dedicated servers

dedicated server guides
Getting Started
General Tutorials
cPanel Tutorials
Security Center
Name Servers
Server Monitoring
Server Backups
Hosting Interviews
Web Hosting News
Reviews
For Fun
Linux Tutorials
Hosting Articles
Web Hosting Tutorials
 
 
 
web hosting tutorials
About Us
RSS Feed
Disclaimer
Site Map

 

CHKrootkit Finds Slapper Worm installed

Last Updated: November 30, 1999

Root Kit Hunters such as CHKRootKit are great for monitoring your server for security holes but sometimes they find false positives. These appear to be real security threats when you run the software so it's sometimes confusing to determine if you are in fact in trouble or if it's false.

One of these known false entries is 'Slapper Worm'

Slapper Worm may be a false entry if a process was running when CHKROOTKIT started, and it finished before CHKROOTKIT finished running.

To verify this wait a couple minutes after you get your CHKROOTKIT Report via e-mail, or after you run it on command line. After you wait 1 - 2 minutes you should simply login to your server VIA ssh and run CHKROOTKIT again. If it comes up Checking `slapper'... not infected then you know it was a false entry. If it comes up again telling you Checking `slapper'... Warning: Possible Slapper Worm installed then you should wait a minute and run the CHKROOTKIT a 3rd time to verify it is really installed. If it is you need to take measures to secure your server now, and attempt at removing the slapper worm or re-installing and re-loading your data and hardening your server again.

If you run a cPanel server BindShell is a false entry as well. (Happens on all cPanel Servers)

cpanel tutorials
cPanel Resources
Dedicated Servers