rkhunter started reported this just over a week ago:
Warning: Hidden ports found:
Port number: 42208
Port number: 55731
I downloaded and ran chkrootkit and that showed nothing. The data centre
have had a look and they can't see anything suspicious and searching for
the phrase "Hidden ports found" hasn't turned up anything.
The server is a RHEL5.6 box that runs MySQL/Apache/PHP. There is an
iptables firewall set up blocking pretty much everything other than
http/s to the general public. It's running Webmin but that port is
locked down (along with ssh) to specific admin IP addresses only.
We can't see any evidence of any processes running that are using those
ports. Is this a FP? Any ideas of what else to try/where else to look?
OMN hosting is a trading name of oxfordmusic.net Ltd
Registered Office: Unit 13 King's Meadow,
Ferry Hinksey Road, Oxford.OX2 0DP
Company Registration Number: 04265491