Now i would teach you how to install Root kit and scan manually or automatically (Using cron jobs). This what basically does is that it will allow you to check if there is anyone who has hacked your server or not.
How does Hackers or Spammers done this?
Well basically hackers and spammers will try to find insecure upload forms on your/clients’ websites and then with injection methods, try to upload the root kit on your server.
What happens then?
How to install it?
To install chrootkit, Login as root via SSH
At command prompt type:
cd /root/
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit-0.44
make sense
After that enter this in command prompt:
/root/chkrootkit-0.44/chkrootkit
How to run the scan?
I use these three commands the most.
./chkrootkit
./chkrootkit -q
./chkrootkit -x | more
You can add these commands into cronjob so that it will execute scan automatically!