Centos Vps Security

Discussion in 'Security' started by costa1988sv, Feb 23, 2013.

  1. #1
    Someone is modifying files and mysql database on vps, the first time it modified files and stopped, after from mysql, and now again files, i changed the password, an switched to kloxo-mr, but and not fixed, he can don from my php script that?

    [ Rootkit Hunter version 1.4.0 ]

    [1;33mChecking rkhunter version... [0;39m
    This version : 1.4.0
    Latest version: 1.4.0
    [ Rootkit Hunter version 1.4.0 ]

    [1;33mChecking rkhunter data files... [0;39m
    Checking file mirrors.dat [34C[ [1;32mNo update [0;39m ]
    Checking file programs_bad.dat [29C[ [1;32mNo update [0;39m ]
    Checking file backdoorports.dat [28C[ [1;32mNo update [0;39m ]
    Checking file suspscan.dat [33C[ [1;32mNo update [0;39m ]
    Checking file i18n/cn [38C[ [1;32mNo update [0;39m ]
    Checking file i18n/de [38C[ [1;32mNo update [0;39m ]
    Checking file i18n/en [38C[ [1;32mNo update [0;39m ]
    Checking file i18n/zh [38C[ [1;32mNo update [0;39m ]
    Checking file i18n/zh.utf8 [33C[ [1;32mNo update [0;39m ]
    Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
    Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable
    Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable
    Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
    Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable
    Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable
    Warning: The file properties have changed:
    File: /etc/rkhunter.conf
    Current hash: 5a5dfd36c0278364949bdbd851ea9f4e086ac3bf
    Stored hash : abd46c79e524e6f0e3b58756b3332761019edf80
    Current size: 37361 Stored size: 37357
    Current file modification time: 1361644930 (23-Feb-2013 21:42:10)
    Stored file modification time : 1360752129 (13-Feb-2013 13:42:09)
    Warning: Found enabled xinetd service: /etc/xinetd.d/pureftp
    Warning: Found enabled xinetd service: /etc/xinetd.d/smtp_lxa
    Warning: No output found from the lsmod command or the /proc/modules file:
    /proc/modules output:
    lsmod output:
    Warning: The kernel modules directory '/lib/modules' is missing or empty.
    Warning: The SSH and rkhunter configuration options should be the same:
    SSH configuration option 'PermitRootLogin': yes
    Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
    Warning: Suspicious file types found in /dev:
    /dev/.udev/uevent_seqnum: ASCII text
    Warning: Hidden directory found: '/dev/.udev'
    Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
    Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
    Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
    Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text
    Warning: Application 'openssl', version '0.9.8e', is out of date, and possibly a security risk.
    Warning: Application 'sshd', version '4.3p2', is out of date, and possibly a security risk.
     
    costa1988sv, Feb 23, 2013 IP