Blocking Port 465 and 1009? For Server SQL Injection Issue

[Mattchicago]

Dear Linux Gods,

1 More Question for the home team here and i am a bit lost as well. Well about a week ago my site got about 5 network violations for infecting and or invading other networks (yeah it was not pretty). It kept showing a Iframe that was 0 x 1 on the website linking in to some malware crappy website and invading people who came to my sites. So i removed all the php files and re-uploaded them again and it curbed the issue for a little bit then they came back. So then as i was talking to my hosting provider my box since it was never updated since 2007 (yeah) it was a very "dated" box so we setup a new box and i have been migrating all files to the new platform i had also re-formatted my computer at home since i think it was a malware on my machine that caused the issue in the beginning attaching to 1 of the files i uploaded during updates.

So now i installed that chkrootkit program on my boxes and for 1 machine it shows bindshell (infected) port 465 and also 1009 and the other box it shows bindshell port 465 as well for being infected. how can i close them open ports if that might be a reason how its getting infected.

Code:

bindshell infected port 465 and 1009

so then i tried to talent the ip address and port and it had connected however its something to do with spamhaus.org i guess for virus scanning or something i am not sure if its needed or a false positive any suggestions?

Matt

[Lazydog]

If you are in fact infected then blocking the ports is not the answer. What you need to do is Wash/Rinse/Repeat. In other words format the drive and start from scratch and install everything new on all infected systems. And if you have infected files on your home drive DO NOT up load them to the fresh install.