Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

[hackcheck] net-tools failed checksum test

Discussion in 'General Discussion' started by ncconquer, May 3, 2005.

  1. ncconquer

    ncconquer Well-Known Member

    Joined:
    Jun 20, 2004
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    156
    this text from my email:
    ---
    IMPORTANT: Do not ignore this email.
    This message is to inform you that the rpm
    package net-tools did not match the expected checksum. This could mean
    that
    your system was compromised (OwN3D). The offending files have been
    removed
    and replaced with the OS default. To be safe you should verify that
    your
    system has not be compromised.

    Modified Files:
    S.?..... /bin/hostname
    S.?..... /bin/netstat
    S.?..... /sbin/arp
    S.?..... /sbin/ether-wake
    S.?..... /sbin/ifconfig
    S.?..... /sbin/ipmaddr
    S.?..... /sbin/iptunnel
    S.?..... /sbin/mii-tool
    S.?..... /sbin/nameif
    S.?..... /sbin/plipconfig
    S.?..... /sbin/route
    S.?..... /sbin/slattach
    ---
    What's that? Please tech me.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    You should install tools such as rkhunter and chkrootkit to see if you have a standard rootkit installed on your server - which would strongly suggest a successful root compromise. If they're OK, and the problem as not been caused by you running chmod somewhere you shouldn't, then you need to establish how the files from those RPMs were changed.

    If you don't know how to do these things, then you really should look for a someone who specialiases in Linux security to check your server for you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice