bindshell infected

2025-04-15

Hi guys,

I'm a newbie, so any help is appreciated.
Running chkrootkit on one of my CP server gives me this result... What should i do? Is this really a security flaw? Please help...!!!

Checking `bindshell'... INFECTED (PORTS: 114 145 465)

Here is my netstat result

# netstat -lpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 24047/stunnel-4.04l
tcp 0 0 0.0.0.0:1 0.0.0.0:* LISTEN 10080/portsentry
tcp 0 0 0.0.0.0:2082 0.0.0.0:* LISTEN 24062/cpsrvd - wait
tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN 9872/xinetd
tcp 0 0 0.0.0.0:2083 0.0.0.0:* LISTEN 24047/stunnel-4.04l
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 24047/stunnel-4.04l
tcp 0 0 0.0.0.0:2086 0.0.0.0:* LISTEN 24062/cpsrvd - wait
tcp 0 0 0.0.0.0:2087 0.0.0.0:* LISTEN 24047/stunnel-4.04l
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 8278/mysqld
tcp 0 0 0.0.0.0:6666 0.0.0.0:* LISTEN 10018/startmelange
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 5767/cppop - accept
tcp 0 0 0.0.0.0:2095 0.0.0.0:* LISTEN 24062/cpsrvd - wait
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 17157/spamd.pid --m
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 9872/xinetd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 10080/portsentry
tcp 0 0 0.0.0.0:2096 0.0.0.0:* LISTEN 24047/stunnel-4.04l
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 31860/httpd
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 592/exim
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 8035/pure-ftpd (SER
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 5622/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 586/exim

Thankyou.