Results 1 to 7 of 7
Thread: system compromise
Hybrid View
-
12-31-2001, 05:55 AM #1Web Hosting Guru
- Join Date
- May 2001
- Posts
- 309
system compromise
Hello and happy new year to you,
I received this from my system, today:
------------
IMPORTANT: Do not ignore this email.
This message is to inform you that the rpm
package mount did not match the expected checksum. This could mean that
your system was compromised (OwN3D). The offending files have been removed
and replaced with the OS default. To be safe you should verify that your
system has not be compromised.
--------------------
I using whm/cpanel any ideas what this is and what i should do?
cheersLast edited by carpman; 12-31-2001 at 06:00 AM.
-
12-31-2001, 05:59 AM #2Root@Bobcares
- Join Date
- Nov 2001
- Location
- India, US, Germany
- Posts
- 1,609
I check out the rpm file that you were trying to install.
I do not see any risks otherwise. This could happen if the rpm file was currupted or not properly downloaded.
Have a great day
regards
amarA student once asked his teacher, "Master, what is enlightenment?"
The master replied, "When hungry, eat. When tired, sleep. When you need care, come to bobcares....
https://bobcares.in
-
12-31-2001, 06:02 AM #3Web Hosting Guru
- Join Date
- May 2001
- Posts
- 309
thanks for reply, i was not trying to install anything, but cpanel does have an autoupdate, which may the reason why.
I have posted this to cpanel.net support forum
-
12-31-2001, 06:47 AM #4Account Disabled
- Join Date
- Apr 2000
- Posts
- 1,726
Alot of hosts been getting this error, I wouldnt sweat it but check out the file anyway
We got it on a freshly installed OS and cpanel....
-
12-31-2001, 11:23 AM #5Junior Guru
- Join Date
- Apr 2001
- Posts
- 230
I got the very same message today on my server running cpanel. I also got a different one about an RPM file a few days ago and I am still not sure what is causing this but it does seem strange this happens on the days when my cron runs the cpanel update.
-
12-31-2001, 02:39 PM #6Web Hosting Master
- Join Date
- Apr 2001
- Location
- Orlando, Florida
- Posts
- 671
What a relief!!
I have been getting the exact same messages on my 2 CPanel boxes. The first ones came about 4 or 5 days ago and I really freaked out. I started checking everything I could, but could not find anything strange. I got a couple of those messages again today and noticed that the hackcheck.db file at the root of each one of the servers was modified this morning again.
Now that I know that you guys have been getting the same errors I feel much better. There is no chance in the world that all CPanel servers got cracked
What I noticed is that CPanel runs a checksum of many RPMs before updating itself and if the checksum does not match it will send that email message, reinstall the RPM and record it in a file called "hackcheck.db" that saves at the root partition. Now, the checksum test might not be passed if there is a network problem or the connection between the server and the CPanel server fails.Bert Kammerer
ProNIC Solutions - pronicsolutions.com
The Smart Internet of the Future (SM)
Hosting on enterprise grade Dell servers with fast & redundant InterNAP bandwidth
-
12-31-2001, 11:41 PM #7NOC DOC :)
- Join Date
- Feb 2001
- Location
- USA
- Posts
- 866
Originally posted by bobcares
This could happen if the rpm file was currupted or not properly downloaded.
BobCares is right, it could possibly be a corrupted file or some files were missing during the download. it happens tho not as often as you think.
I learned it the hard way, after downloading huge files like big ISO files it is good practice to check using md5checksum ,so as not to waste your time burning a corrupted copy of the ISO file.
elijaH