Virus on CentOS 5

Support for security such as Firewalls and securing linux
Post Reply
max_80
Posts: 2
Joined: 2012/07/22 13:19:30

Virus on CentOS 5

Post by max_80 » 2012/07/26 04:39:02

Hello everyone
I have a server DELL Powe Edge with raid 1 on Cent OS 5, kernel version 2.6.18-194.17.4
Recently i have seen that my website has broken.
I tryed to reboot it, but whet it stated i see grub promt.
I booted from rescue linux and tryed to chroot /mnt/sysimage, but it command did not work, i saw : chroot can not execute /bin/sh, no such file or directory.
I did fsck, all error was corrected.
In my home directory i see user account "kk" where i see 14 files : 1, autorun, fwd, httpd, run, x, mech.help, mech.level, mech.pid, Virusata.seen, mech.session, mech.set, start.sh, bang.txt
I belive that there is a virus. I want to how my server had been cracked. I have not seen my /var/www, /var/log
I want to know if i can to repear it ? Or i need to reinstall sistem ?
Sorry for my English i am Russian.

User avatar
toracat
Site Admin
Posts: 7518
Joined: 2006/09/03 16:37:24
Location: California, US
Contact:

Virus on CentOS 5

Post by toracat » 2012/07/26 05:01:38

kernel 2.6.18-194.17.4 was from the CentOS 5.5 era and is dated Oct 2010. If you have not updated the OS since that time, there must be a great number of known security vulnerabilities on your system. I am not surprised to hear your system has been compromized.

I strongly suggest you do a fresh install and keep your system up-to-date.

max_80
Posts: 2
Joined: 2012/07/22 13:19:30

Re: Virus on CentOS 5

Post by max_80 » 2012/07/26 05:44:37

Thank you very much for your answear
I did't have any update for 2 years. I did't have any backup. What a pity

Post Reply