Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Trojan/Backdoor - Apache mod_rootme Detection

Critical

Synopsis

The remote host has been compromised and is running a 'Backdoor' program

Description

The remote system appears to be running the mod_rootme module, this module silently allows a user to gain root shell access to the machine via crafted HTTP requests.

Solution

- Remove the mod_rootme module from httpd.conf/modules.conf. Consider reinstalling the computer, as it is likely to have been compromised by an intruder