Answer the question
In order to leave comments, you need to log in
How to find a rootkit on a server if chrootkit, rkhunter and LMD don't help?
Hello!
Such a misfortune happened - on the VDS server there is some malicious code that slips iframe site templates into html (and hides it in an invisible area), which Kaspersky swears at. This code rewrites the template as scheduled, at the same time. If you rename the template file, or include another one, then it saves for a while, but then the iframe finds a new, plug-in template. This behavior suggests that someone is specifying a specific file for manually scheduled overwriting. So there is a rootkit on the server?
Tried to search using rkhunter, chrootkit, Linux Malware Detect, monitor logs, disable ssh users, reconfigure ports, disable root - useless. You can't just take and rearrange the system. Are there any other ways to get out of the situation? Debian squeeze system.
Answer the question
In order to leave comments, you need to log in
There is no rootkit, since you see infected files. Now, if they were, but they were not visible - a rootkit. Manual analysis of files and logs to help.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question