hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : system compromise
Reply

Forum Jump

system compromise

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old
Web Hosting Guru
 
Join Date: May 2001
Posts: 302

system compromise


Hello and happy new year to you,

I received this from my system, today:

------------
IMPORTANT: Do not ignore this email.
This message is to inform you that the rpm
package mount did not match the expected checksum. This could mean that
your system was compromised (OwN3D). The offending files have been removed
and replaced with the OS default. To be safe you should verify that your
system has not be compromised.
--------------------

I using whm/cpanel any ideas what this is and what i should do?


cheers


Last edited by carpman; 12-31-2001 at 06:00 AM.


Sponsored Links
  #2  
Old
Root@Bobcares
 
Join Date: Nov 2001
Location: India, US, Germany
Posts: 1,591
I check out the rpm file that you were trying to install.
I do not see any risks otherwise. This could happen if the rpm file was currupted or not properly downloaded.

Have a great day

regards
amar

__________________
A student once asked his teacher, "Master, what is enlightenment?"
The master replied, "When hungry, eat. When tired, sleep. When you need care, come to bobcares...."


  #3  
Old
Web Hosting Guru
 
Join Date: May 2001
Posts: 302
thanks for reply, i was not trying to install anything, but cpanel does have an autoupdate, which may the reason why.

I have posted this to cpanel.net support forum

Sponsored Links
  #4  
Old
Account Disabled
 
Join Date: Apr 2000
Posts: 1,726
Alot of hosts been getting this error, I wouldnt sweat it but check out the file anyway

We got it on a freshly installed OS and cpanel....

  #5  
Old
Junior Guru
 
Join Date: Apr 2001
Posts: 230
I got the very same message today on my server running cpanel. I also got a different one about an RPM file a few days ago and I am still not sure what is causing this but it does seem strange this happens on the days when my cron runs the cpanel update.

  #6  
Old
Web Hosting Master
 
Join Date: Apr 2001
Location: Orlando, Florida
Posts: 671
* What a relief!!

I have been getting the exact same messages on my 2 CPanel boxes. The first ones came about 4 or 5 days ago and I really freaked out. I started checking everything I could, but could not find anything strange. I got a couple of those messages again today and noticed that the hackcheck.db file at the root of each one of the servers was modified this morning again.

Now that I know that you guys have been getting the same errors I feel much better. There is no chance in the world that all CPanel servers got cracked

What I noticed is that CPanel runs a checksum of many RPMs before updating itself and if the checksum does not match it will send that email message, reinstall the RPM and record it in a file called "hackcheck.db" that saves at the root partition. Now, the checksum test might not be passed if there is a network problem or the connection between the server and the CPanel server fails.

__________________
Bert Kammerer
ProNIC Solutions - pronicsolutions.com
The Smart Internet of the Future (SM)
Hosting on enterprise grade Dell servers with fast & redundant InterNAP bandwidth

  #7  
Old
NOC DOC :)
 
Join Date: Feb 2001
Location: USA
Posts: 866
Smile

Quote:
Originally posted by bobcares
This could happen if the rpm file was currupted or not properly downloaded.

BobCares is right, it could possibly be a corrupted file or some files were missing during the download. it happens tho not as often as you think.

I learned it the hard way, after downloading huge files like big ISO files it is good practice to check using md5checksum ,so as not to waste your time burning a corrupted copy of the ISO file.



elijaH

Reply

Related posts from TheWhir.com
Title Type Date Posted
Cyber Criminals Exploit Password Managers to Gain Access to Master Passwords Web Hosting News 2014-11-20 21:03:23
Microsoft Issues Patch for Windows Server Permissions Vulnerability Web Hosting News 2014-11-19 18:26:34
Cloud Price Cuts Leave Customers Confused, Annoyed: Peer 1 Report Web Hosting News 2014-10-30 12:30:52
Drupal Tells Users to Assume Drupal 7 Websites are Compromised Web Hosting News 2014-10-30 10:14:12
Data Center Firm RagingWire Receives Patent for Phased-Build Power Delivery Web Hosting News 2012-12-20 15:09:22


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?