RootCheck scans the system looking for possible  trojans, scans the ports for malicious activity ,and checks for rootkits, and also the logs, permissions and more.

Installation Instructions
Login to your server and su to root.

wget http://www.ossec.net/rootcheck/files/rootcheck-0.4.tar.gz

tar -xvzf rootcheck-0.4.tar.gz
cd rootcheck-0.4
./install

This will take you to an interactive installation. Make sure you have CPAN on your box because rootcheck requires the Perl Modules IO::Interface.

If the installation is finished you will get this message

————————————-
Compilation successful. Ready to go.

That’s it! If everything went ok, you should be ready to run RootCheck. If you any doubts about installation, please refer to INSTALL file.
————————————-

Scanning the System
Now you are ready to run rootcheck.

There are quite a few options butthe simplest one is

./rootcheck.pl

If the installation was perfect you would get a progress screen of the scan after which the results will be written into results.txt the result is quite explanatory and gives details of all suspected files.

Hope that helps you with your dedicated web hosting RootCheck issues.

If you have a dedicated server or are looking into purchasing one for an affordable price, you will likely need to consider how you are going to monitor that server. You have two main choices:

1. Purchase a Managed Hosting Option – these can be fairly affordable and will let your host monitor your server for you. The only downside is that you have to pay a monthly fee and you don’t have access to these monitoring tools.
2. Self-Manage Your Server – Download a server monitoring tool and self-manage the server by checking every so often for server errors, etc.

Here are some of the recommended server monitoring tools for your dedicated web server:

1. Nagios – The most popular server monitoring tool that is even used in the web hosting industry for web hosting clients on dedicated and shared servers alike. Nagios offers amazing tools that are literally unsurpassed in the industry, such as: monitoring of network services (like email, PING, etc), host resources (CPU, disk usage, logs, etc), environmental factors; simple plugin designs; contact notifications via email, pager, or user-defined methods; scheduled downtime to suppress notifications; and more! This is the most highly recommended solution available on the market to help you see what your web host sees.
2. SiteUptime – Choose from 3 different levels of server management: the free account offers more than enough for basic users, while the $5 or $10 per month option offers more features. The free level allows you to monitor in 30 and 60 minute intervals for one site and receive email notifications, monthly reports, online stats, and more.
3. Host-Alert – Check your server’s uptime and errors in increments of 5, 10, or 30 minute intervals, and have these error notifications sent via email, SMS text messaging, or both. Each notification is only sent once, so there’s no need to worry if something goes down about your inbox getting spammed. Plus you can check the status on unlimited databases, pages, and websites.

This dedicated server hosting checklist is designed to help you understand what it takes to run a dedicated server. After all, it’s not just about purchasing a box – you need to know how to manage and work with it too. So here’s what it takes, your checklist for running a dedicated server:

• A powerful web hosting platform
• Managed Hosting
• 24/7 technical support – through email is best, so you can document errors and solutions
• State of the art data centers – the more data centers a provider runs, the better chances of redundant uptime for you and your server
• Guaranteed RAM
• Easy upgrades
• Great dedicated hosting deals – amazing coupons to help lower your monthly costs or incentives for staying longer
• Ability to perform website backups

What is a Rootkit?

Rootkits are programs designed to access your dedicated server systems to intrude on and compromise your server. These rootkits are often designed as Trojans so that you do not suspect but can open a backdoor to your dedicated server so that they can attach and upload suspicious programs and applications to degrade your performance or bring down your website.

What is Rootkit Detection?

Rootkit detection can be handled in two ways:

1. Via Managed Hosting from your dedicated web hosting provider.
2. Via rootkit detection programs, which are a way you can self-manage your web server.

How do rootkit detection programs work?

Rootkit detection software is designed to detect rootkits and distinguish them from normal hidden files that are not suspicious and concealed for a purpose either by you as a webmaster or by the operating system by default. Most often, rootkit detection programs compare various views of your server system to find mismatches. When there is a mismatch, it usually points to something suspicious and the rootkit check will alert you to suspicious software, programs, Trojans, spyware, or malware on your machine.

Originally, rootkit checks would perform a check on the entire dedicated server system to view all files while inside the OS and then boot the Recovery Console to see that file list for comparison. In the second list, the rootkit program will search for files that do not show up in the first list. These hidden files are often rootkit culprits!

Do they work?

As with all software programs, it depends. Rootkit management programs are not meant to be used as a standalone system for customers new to dedicated server hosting. If you fall into that category, you are still better off purchasing Managed Hosting from your dedicated service provider, as they are professionals who will know the difference between default hidden files and corrupted malware.

Also, take note that rootkit programs are sold or downloaded AS IS, so there is never any guarantee of their success.

As a webmaster, you know the importance of a good spam blocking and virus protection program, and maybe you have learned from our dedicated server tutorials how to set con jobs for scheduled tasks, how to protect your system or administer backups, but did you know that there may be things you are unaware of trying to hack your server?

One of these necessary evils of dedicated server hosting is called a rootkit. A rootkit is simply a program usually designed by hackers who attempt to take control of your dedicated server without authorization. They can gain complete access to your system or install themselves as drivers, kernel modules, or other malware. They often go undetected and can seize control of your operating system and obscure the presence of potentially harmful viruses, commands, or Trojans.

Oftentimes, once a rootkit has hidden utility programs in your system, they open a backdoor to your server at any time of the day and can thus be severely harmful to the health of your dedicated server.

If your dedicated web host has a Managed Hosting option, you should look into it, as they often perform rootkit checks to ensure the security of your dedicated server. Remember, a good dedicated web hosting provider doesn’t want your server brought down either and will do everything in their power to keep you a happy customer.

You may be thinking why do I want to block IP addresses from my dedicated server? If you have never run a dedicated server before, you might not be aware that there are people who attempt to hack entire servers to bring websites down. There are many types of server attacks, and one of the most popular can occur from a single dedicated IP address – a DdoS attack!

In order to subdue the attacker and ban them from coming back, you will need to block their IP address from your dedicated server entirely. Luckily, you can do this in one simple step.

Add the following code to your .htaccess file, which can be found in your web server’s document root directory. More than likely this is named public_html, httpdocs, or webdocs.

<Limit GET>
order deny,allow
deny from 209.23.123.110
</Limit>

Adding this to .htaccess will block a single IP across your entire website and server! Be aware though: spammers and hackers alike can change their IP addresses very easily and most IPs that come from a home computer, for example, are not static and may update often. You can always add more IPs to your server, but this really showcases the importance of having a workable managed hosting solution on your dedicated server.

Do you want to keep yourself updated to know what you’re using on your dedicated server and when? This kind of information can be especially helpful if you are allotting a certain amount of disk space, bandwidth, or email accounts to specific clients on your dedicated server. Plus, knowing what you are using and how often will assist you in keeping your server up to date and if you need to upgrade, you will know before any issues arise.

In Plesk, via Windows or Linux hosting, you can find this information easily.

First, click on Limits

Limits displays the resource limits allocated to your account. For example, it shows you the maximum number of subdomains allowed, disk space, maximum traffic or bandwidth, maximum number of web users, maximum number of databases, maximum number of mailboxes, mailbox quota, maximum number of mail redirects, maximum number of mail groups, maximum number of mail autoresponders, maximum number of mailing lists, and a ton more.

To see account resources limits and usage, click on Report.

Report options will display all resource limits and usages, as well as users and a full list of all available scripts, utilities, and resources. For example, you’ll see Web Statistics, Web Stats, Web Stats SSL, FTP Stats, Traffic History, and can manage Report Delivery.

If you click on FTP Stats, this will show you a history of FTP activity in your website, both in upload as well as download.

If you click on Traffic History, this will display information on traffic usage by Months and Years.

To view detailed traffic statistics used by various services at the domain, click on the Traffic button.

If you’d like to keep yourself updated, you can also choose to send a copy of the report to any email you specify.

Or, you can setup a schedule for automatic delivery of reports by clicking on Report Delivery.

Accessing this information can assist you in self-managing your dedicated web hosting.

We have already gone over the importance of using cronjobs to manage your Dedicated Server, as these scheduled tasks assist you in self-managing. This will save you time, staff, and money in the long run, especially because they are so incredibly easy to setup! Crontab will allow you to automatically run scheduled tasks on the server, and if selected, receive automatic emails showing the results. These email updates can really save you hassle, as you will know that each task has been completed and what the results were immediately.

Using Plesk on Linux or Windows dedicated servers, you can manage your crontabs effeciently by simply following these easy steps:

Click on Crontab and then select the name of user who you want to manage the crontab. There should be a dropdown box of all the users listed on your dedicated server. You can also choose as an optional step to have emails sent to whatever address you provide. If you don’t want emails, don’t enter an address in this box:

Next, click on Add New Task which is the small Clock Icon you see in the upper left.

From there, you’ll need to enter the specific paramaters to set the frequency of the task. Enter * to select all. For example, you can set options to run crontabs every minute, every 2 hours, every Monday of each week, and every month of the year. Then simply enter the path to the file that will execute the crontab: i.e. /usr/bin/python-s/var/mailman/cron/checkdbs and click OK:

Afterwards, you’ll be able to assure the task has been successfully setup. If you ever need to modify an existing task, simply click on the name of the cronjob listed under “Command”. To delete existing tasks, check the box next to the command and click on “Remove selected”:

Even if you have hosted on a dedicated server before, you may not know all the dedicated server terminology out there. One of the downsides to technology is one of its best features as well – it is ever-changing. This means that what you knew yesterday won’t be the same as what you’ll need to learn tomorrow. So here are some helpful dedicated server terms you should know when choosing a reliable, affordable dedicated web host.

Access – Microsoft-based applicable that helps you create, edit, and maintain databases. If you’re a web developer running in the Windows environment, this is what you use to manage online MS SQL databases.

Apache – The most common Linux web server in the world. Okay, I’m being melodramatic but it’s incredibly popular and very powerful, secure, and best of all free!

Co-Location – If you want to own your own dedicated server but aren’t confident that you can host your site using your own internet connection or power supply, co-location assures you own the hardware (the server) and the web hosting provider supplies the rack to store the server and the internet connection to keep your website up and online.

IIS – IIS stands for Internet Information Server and is Microsoft’s branded server software. Just like Apache is the most popular web server for Linux, IIS is the #1 choice for Windows Dedicated Hosting.

Load-Balancing – If you are running a website like Myspace, Digg, or Facebook, odds are you already know what load balancing is. If you plan to create a website like this, you need load balancing 100%! Load balancing merely means distributing the traffic and resources evenly across two or more dedicated servers to increase and optimize performance.

Managed Hosting – The best idea for new dedicated hosters, managed hosting assures that your web host will take care of technical support, setup, maintenance, and monitoring of your dedicated server.

RAID – Also known as Redundant Array of Independent Disks, and if you say it that way, it sounds more like what it is. Basically, RAIDing your dedicated server will help you store data across a number of hard drives. If one disk fails, the other will restore the site or database so you don’t lose data.

Telnet – Just like SSH, a command line interface that allows you to communicate across your web server.

Upstream Provider – A large ISP (internet service provider) that provides dedicated web hosts with reliable internet access. However, the word ‘upstream’ actually can mean how fast or reliable the data connection is between two ISPs.

When it comes to dedicated hosting, there is no doubt that it doesn’t hurt to have a few more resources at your fingertips.  Here are a few good ones to bookmark:

Web Hosting Talk – the biggest web host message boards out there today.

The Web Hosting Show – a weekly radio show and podcast about the web hosting and development worlds.

The WHIR – a web site dedicated to the news inside of the web hosting industry.

Each of these links should be more than helpful to help you learn more about the dedicated web hosting industry.  Of course, you can’t forget the web site you are on right now – Dedicated Server Hosting either.