hosted by liquidweb

Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : system compromise

Forum Jump

system compromise

Reply Post New Thread In Hosting Security and Technology Subscription
Send news tip View All Posts Thread Tools Search this Thread Display Modes
Web Hosting Guru
Join Date: May 2001
Posts: 302

system compromise

Hello and happy new year to you,

I received this from my system, today:

IMPORTANT: Do not ignore this email.
This message is to inform you that the rpm
package mount did not match the expected checksum. This could mean that
your system was compromised (OwN3D). The offending files have been removed
and replaced with the OS default. To be safe you should verify that your
system has not be compromised.

I using whm/cpanel any ideas what this is and what i should do?


Last edited by carpman; 12-31-2001 at 06:00 AM.

Sponsored Links
Join Date: Nov 2001
Location: India, US, Germany
Posts: 1,591
I check out the rpm file that you were trying to install.
I do not see any risks otherwise. This could happen if the rpm file was currupted or not properly downloaded.

Have a great day


A student once asked his teacher, "Master, what is enlightenment?"
The master replied, "When hungry, eat. When tired, sleep. When you need care, come to bobcares...."

Web Hosting Guru
Join Date: May 2001
Posts: 302
thanks for reply, i was not trying to install anything, but cpanel does have an autoupdate, which may the reason why.

I have posted this to support forum

Sponsored Links
Account Disabled
Join Date: Apr 2000
Posts: 1,726
Alot of hosts been getting this error, I wouldnt sweat it but check out the file anyway

We got it on a freshly installed OS and cpanel....

Junior Guru
Join Date: Apr 2001
Posts: 230
I got the very same message today on my server running cpanel. I also got a different one about an RPM file a few days ago and I am still not sure what is causing this but it does seem strange this happens on the days when my cron runs the cpanel update.

Web Hosting Master
Join Date: Apr 2001
Location: Orlando, Florida
Posts: 671
* What a relief!!

I have been getting the exact same messages on my 2 CPanel boxes. The first ones came about 4 or 5 days ago and I really freaked out. I started checking everything I could, but could not find anything strange. I got a couple of those messages again today and noticed that the hackcheck.db file at the root of each one of the servers was modified this morning again.

Now that I know that you guys have been getting the same errors I feel much better. There is no chance in the world that all CPanel servers got cracked

What I noticed is that CPanel runs a checksum of many RPMs before updating itself and if the checksum does not match it will send that email message, reinstall the RPM and record it in a file called "hackcheck.db" that saves at the root partition. Now, the checksum test might not be passed if there is a network problem or the connection between the server and the CPanel server fails.

Bert Kammerer
ProNIC Solutions -
The Smart Internet of the Future (SM)
Hosting on enterprise grade Dell servers with fast & redundant InterNAP bandwidth

Join Date: Feb 2001
Location: USA
Posts: 866

Originally posted by bobcares
This could happen if the rpm file was currupted or not properly downloaded.

BobCares is right, it could possibly be a corrupted file or some files were missing during the download. it happens tho not as often as you think.

I learned it the hard way, after downloading huge files like big ISO files it is good practice to check using md5checksum ,so as not to waste your time burning a corrupted copy of the ISO file.



Related posts from
Title Type Date Posted
Cyber Criminals Exploit Password Managers to Gain Access to Master Passwords Web Hosting News 2014-11-20 21:03:23
Microsoft Issues Patch for Windows Server Permissions Vulnerability Web Hosting News 2014-11-19 18:26:34
Cloud Price Cuts Leave Customers Confused, Annoyed: Peer 1 Report Web Hosting News 2014-10-30 12:30:52
Drupal Tells Users to Assume Drupal 7 Websites are Compromised Web Hosting News 2014-10-30 10:14:12
Cisco Researcher Discovers Possible Exploit Vector for DarkLeech Attacks Web Hosting News 2013-04-26 10:19:35

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Log in with your username and password

Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Web Hosting News:
WHT Membership
WHT Membership



Welcome to

Create your username to jump into the discussion! is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.

(4 digit year)

Already a member?