hackcheck problem

[nameste]

In the daily update email I am getting the following message

findutils fails checksum !!!
send to CONTACTEMAIL (3) [3]
warning: /var/tmp/rpm-xfer.lvcpwy: V3 DSA signature: NOKEY, key ID db42a60e
Retrieving http://updates.cpanel.net/pub/hackch...1.7-9.i386.rpm
Preparing... ##################################################
findutils ##################################################
error: unpacking of archive failed: cpio: lstat failed - Invalid argument

and

cvs: current version is 1.11.2-24.legacy, will be updated to 1.11.2-25.legacy.
warning: /var/tmp/rpm-xfer.2Fz5Zq: V3 DSA signature: NOKEY, key ID 731002fa
Retrieving http://updates.cpanel.net/redhat/upd...egacy.i386.rpm
Preparing... ##################################################
cvs ##################################################
error: unpacking of archive failed: cpio: lstat failed - Invalid argument

then i get an email from hackcheck telling me some files are missing


IMPORTANT: Do not ignore this email.
This message is to inform you that the rpm
package findutils did not match the expected checksum. This could mean that
your system was compromised (OwN3D). The offending files have been removed
and replaced with the OS default. To be safe you should verify that your
system has not be compromised.

Modified Files:
missing /usr/share/doc/findutils-4.1.7
missing d /usr/share/doc/findutils-4.1.7/NEWS
missing d /usr/share/doc/findutils-4.1.7/README

My host hasn't seen this errors before and pointed me here, can anyone shed any light please

[chirpy]

Presuming that you've checked that your server has indeed not suffered a root hack and has a rootkit installed, it would help to know what OS you are running. A starting point would be to reinstall the findutils rpm.

[Website Rob]

To be safe you should verify that your system has not be compromised.

And that is exactly what you should do!

Either yourself, your DC, or pay someone but at this point, I would say your Server has been compromised. The only question is to what extent.

[AndyReed]

This error message has only one meaning, your server has been compromised. It is very likely that your server will go offline soon, if no immediate action is taken.

[cPanelBilly]

This error message has only one meaning, your server has been compromised. It is very likely that your server will go offline soon, if no immediate action is taken.

not quite true, it means that some base utilities are different from the RPM installs. This may happen if you chose to update them from source.