delete the libkeyutils.so.1.3

mehrdadali14

• June 25, 2016 13:21

i received the warring in my cpanel security adviser regarding libkeyutils.so.1.3 and libkeyutils.so.1 so i removed that file with help of same website now as like this Softaculous.com/blog/checking-for-sshd-rootkit-hack/ after rebooting the server same of services like apache not work and i can only access to server via vnc the give the following error error while loading shared libraries : libkeytuilis .so.i. conn't open shared object file My os is centos 6.6 kindly help me to resolve it

• 

  dalem

  • June 25, 2016 22:27

  that was absolutely stupid advice how not to clean up a hack This may get you working again and temporarily lock the hackers out # rm -rf /root/.ssh/* # service sshd stop # wget

  0
• 

  dalem

  • June 25, 2016 22:33

  and PS change your root password and when restoring from the compromised server only pull data from the compromised server do not push data as you will reinfect your Fresh OS install

  0
• 

  cPanelMichael

  • June 27, 2016 17:06

  Hello, Generally, if your server is rooted, it's a good idea to reinstall the OS/cPanel and then migrate your accounts over to the new system. To note, a guide on detecting if your server is affected by the libkeyutils Trojan is available at: Determine Your System's Status - cPanel Knowledge Base - cPanel Documentation Thank you.

  0

Please sign in to leave a comment.