A module available within Plesk allows you to run a RKHunter scan to find rootkits and malicious software. Whilst the scan does produce a number of false positives due to the way Plesk is installed it is helpful to identify if the server has been "rooted". 


Step 1. 

Login to Plesk and select "Modules" and "Watchdog". If you do not see this module you will need to install it via the Updates and Upgrades feature.


Step 2.

Click the "Security" Tab and then click "Start"


Step 3.

The scan will now start:


As mentioned previously the scan does generate a few false positives. 

The most common false positives on a Plesk server are:

 

Performing trojan specific checks 

 Checking for enabled xinetd services                     [ Warning 

 

Performing Linux specific checks 

 Checking loaded kernel modules                           [ Warning 

 

Checking the local host... 

 Performing system configuration file checks     Checking if SSH root access is allowed                   [ Warning 

 Performing filesystem checks     Checking for hidden files and directories                [ Warning 

 Checking application versions...      Checking version of OpenSSL                              [ Warning 

 Checking version of PHP                                  [ Warning 

 Checking version of OpenSSH                              [ Warning ]


If you have any questions regarding items found during the scan please send the scan log to our support department who will be able to help you.