Status Blog
Welcome to the official offsite news and network announcements blog for RackSRV Communications. From this blog we will announce any planned maintenance, known service issues, promotions and general industry news so please consider bookmarking or utilising our RSS feed to keep yourself informed!

New SSHD Rootkit

    Posted in Industry News on 19/02/2013 @ 18:59

We are currently aware of a new SSH Rootkit as per the following link:

http://forums.cpanel.net/f185/sshd-rootkit-323962.html

As the source of this exploit is currently unknown but appears to be related to the LAMP stack on CentOS / CloudLinux only (at present), we have came up with the following script to assist: http://status.racksrv.com/ssh_rootchk.sh this will check for the rootkit as well as block the only known IP in use with this exploit.

We will ensure that this script is updated as this matter progresses, we will also keep you informed accordingly, clients using CentOS / CloudLinux that come across this exploit please contact support immediately.

Update @ 17:46 on 21/02/13 by Jon

According to http://secunia.com/advisories/52312/ Red Hat has issued an update for openssh so keep your eyes peeled for an updated package via the official repos!



Update @ 08:17 on 26/02/13 by

There are indications that this could potentially be a local exploit, please ensure you scan your desktops / workstations for malware and such, we will continue to update this matter as it progresses.



Recent News
With the migration and upgrade of our primary POP in Kent Science Park completed
We're currently investigating what appears to be a router crash at our primary P
With the relocation of our infrastructure expected to conclude on 27/03/17, the
Knowledgebase Articles