Trojan/Backdoor - Apache mod_rootme Detection

Critical Nessus Network Monitor Plugin ID 1238


The remote host has been compromised and is running a 'Backdoor' program


The remote system appears to be running the mod_rootme module, this module silently allows a user to gain root shell access to the machine via crafted HTTP requests.


- Remove the mod_rootme module from httpd.conf/modules.conf. Consider reinstalling the computer, as it is likely to have been compromised by an intruder

Plugin Details

Severity: Critical

ID: 1238

File Name: 1238.prm

Family: Web Servers

Published: 2004/08/20

Modified: 2016/01/15

Dependencies: 1442

Risk Information

Risk Factor: Critical

Vulnerability Information

CPE: cpe:/a:apache:http_server