Getting rkHunter Security Warnings daily?

Shahzadqayyum

• June 26, 2015 12:36

Hello! I Got [rkhunter] Warnings found for server? Security Warnings a few weeks ago. I scanned my server using maldet. Found 2 infected files.
======================== malware detect scan report for server.xyz.com: SCAN ID: 061415-1200.11881 TIME: Jun 14 12:51:23 -0400 PATH: /home TOTAL FILES: 50682 TOTAL HITS: 2 TOTAL CLEANED: 0 NOTE: quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 061415-1200.11881 FILE HIT LIST: {MD5}php.exe.globals.5034 : /home/cpeasyapache/src/php-5.4.39/ext/standard/tests/file/bug41874_3.phpt {MD5}php.exe.globals.4973 : /home/cpeasyapache/src/php-5.4.39/ext/standard/tests/general_functions/bug50732.phpt =============================================== Linux Malware Detect v1.4.2 < proj@rfxn.com >
these infected files were manually quarantined by support staff. Next day same notification [rkhunter] Warnings found for server? in my inbox? again scanned all server but still getting these notifications. I tried almost everything including cpanel /server hardening. Updated cpanel and rkHunter but still getting these notifications daily/sometimes twice a day? any help be appreciated. thanks in advance

• 

  quizknows

  • June 26, 2015 18:26

  Check the rkhunter log file, or run "rkhunter -c" yourself to see what it is flagging. If in doubt ask for help from your hosting provider. You should also tell the support staff that those files found by maldet are false positives... they should know that. They are valid parts of EasyApache / PHP source. Maybe ask for a more experienced technician or a security team if they have one available.

  0
• 

  cPanelMichael

  • July 08, 2015 18:41

  Hello :) Yes, please consult with your support staff and have them review the file names in the report. You can compare the MD5sums with another cPanel server to verify they are in-fact legitimate files included with cPanel/EasyApache. Thank you.

  0

Please sign in to leave a comment.