Results 1 to 7 of 7
  1. #1

    system compromise

    Hello and happy new year to you,

    I received this from my system, today:

    ------------
    IMPORTANT: Do not ignore this email.
    This message is to inform you that the rpm
    package mount did not match the expected checksum. This could mean that
    your system was compromised (OwN3D). The offending files have been removed
    and replaced with the OS default. To be safe you should verify that your
    system has not be compromised.
    --------------------

    I using whm/cpanel any ideas what this is and what i should do?


    cheers
    Last edited by carpman; 12-31-2001 at 06:00 AM.

  2. #2
    Join Date
    Nov 2001
    Location
    India, US, Germany
    Posts
    1,609
    I check out the rpm file that you were trying to install.
    I do not see any risks otherwise. This could happen if the rpm file was currupted or not properly downloaded.

    Have a great day

    regards
    amar
    A student once asked his teacher, "Master, what is enlightenment?"
    The master replied, "When hungry, eat. When tired, sleep. When you need care, come to bobcares....
    https://bobcares.in

  3. #3
    thanks for reply, i was not trying to install anything, but cpanel does have an autoupdate, which may the reason why.

    I have posted this to cpanel.net support forum

  4. #4
    Alot of hosts been getting this error, I wouldnt sweat it but check out the file anyway

    We got it on a freshly installed OS and cpanel....

  5. #5
    Join Date
    Apr 2001
    Posts
    230
    I got the very same message today on my server running cpanel. I also got a different one about an RPM file a few days ago and I am still not sure what is causing this but it does seem strange this happens on the days when my cron runs the cpanel update.

  6. #6
    Join Date
    Apr 2001
    Location
    Orlando, Florida
    Posts
    671

    * What a relief!!

    I have been getting the exact same messages on my 2 CPanel boxes. The first ones came about 4 or 5 days ago and I really freaked out. I started checking everything I could, but could not find anything strange. I got a couple of those messages again today and noticed that the hackcheck.db file at the root of each one of the servers was modified this morning again.

    Now that I know that you guys have been getting the same errors I feel much better. There is no chance in the world that all CPanel servers got cracked

    What I noticed is that CPanel runs a checksum of many RPMs before updating itself and if the checksum does not match it will send that email message, reinstall the RPM and record it in a file called "hackcheck.db" that saves at the root partition. Now, the checksum test might not be passed if there is a network problem or the connection between the server and the CPanel server fails.
    Bert Kammerer
    ProNIC Solutions - pronicsolutions.com
    The Smart Internet of the Future (SM)
    Hosting on enterprise grade Dell servers with fast & redundant InterNAP bandwidth

  7. #7
    Join Date
    Feb 2001
    Location
    USA
    Posts
    866

    Smile

    Originally posted by bobcares
    This could happen if the rpm file was currupted or not properly downloaded.

    BobCares is right, it could possibly be a corrupted file or some files were missing during the download. it happens tho not as often as you think.

    I learned it the hard way, after downloading huge files like big ISO files it is good practice to check using md5checksum ,so as not to waste your time burning a corrupted copy of the ISO file.



    elijaH

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •