A rootkit is a Backdoor shell that allows a hacker to upload and download files from your web server which makes defacing the index page without the use of SSH access. But there is a resolution for removing and detecting rootkits rather than manually probing for suspicious code.
Chkrootkit is an Open Source tool that scans and checks signs of rootkits in your computer locally.
To scan/detect and Remove Rootkits in Linux we are going to install chkrootkit
Download file from the official website and install by using below command.
#wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
#tar zxvf chkrootkit.tar.gz
#cd chkrootkit-0.49
#chmod +x chkrootkit
#./chkrootkitor
#tar zxvf chkrootkit.tar.gz
#cd chkrootkit-0.49
#chmod +x chkrootkit
#./chkrootkitor
it would start scanning your computer locally
Note :: if you get “Checking `bindshell’… INFECTED (PORTS: 465)” please ignore if you are running cpanel server There it is, it’s nothing to worry about.
I am founder and webmaster of www.linuxpcfix.com and working as a Sr. Linux Administrator (Expertise on Linux/Unix & Cloud Server) and have been in the industry since more than 14 years.
