Have I been hacked?

W

WildWayz

Well-Known Member
Aug 14, 2001
209
0
316
Hi ya,

I woke up this morning with this server message and am not too sure what to think of it...

[quote:331832ab4a]
& -----Original Message-----
& From: root [mailto:[email protected]]
& Sent: 10 April 2002 05:45
& To: [email protected]
& Subject: [hackcheck] error was encountered while trying to use an
& ErrorDocument to handle the request. failed checksum test
&
&
& IMPORTANT: Do not ignore this email.
& This message is to inform you that the rpm
& package error was encountered while trying to use an
& ErrorDocument to handle the request. did not match the expected
& checksum. This could mean that
& your system was compromised (OwN3D). The offending files have
& been removed
& and replaced with the OS default. To be safe you should verify that your
& system has not be compromised.
&
& Modified Files:
& package error is not installed
& package was is not installed
& package encountered is not installed
& package while is not installed
& package trying is not installed
& package to is not installed
& package use is not installed
& package an is not installed
& package ErrorDocument is not installed
& package to is not installed
& package handle is not installed
& package the is not installed
& package request. is not installed
[/quote:331832ab4a]

Should I be worried? The package errors look a little confused...

James
 
W

WildWayz

Well-Known Member
Aug 14, 2001
209
0
316
I just ran /scripts/findhacks and there were loads of errors... mainly around something like /usr/proc.

Hmmmm getting worried :/

I logged in and SU'd as root but no mention of any other IPs other than mine using ROOT password :/

James
 
W

WildWayz

Well-Known Member
Aug 14, 2001
209
0
316
it appears I am not the only one with this.

If this WAS a joke, it ain't fecking funny!

I spent the morning checking logs looking for any sign of a breach.

--James
 
B

Brownie

Well-Known Member
Aug 10, 2001
143
0
316
I just took a look at findhacks and all it does is:

[quote:31c7e77133]
#!/bin/sh
lsattr -R / |grep -v &\-\-\-\-\-\-\-\-& |grep -v &^/&
[/quote:31c7e77133]

what is it exactly doing?!?!? im no linux expert :p

btw, I didnt get that email
 
B

bdraco

Guest
[quote:27eb6d4da0][i:27eb6d4da0]Originally posted by WildWayz[/i:27eb6d4da0]

Hi ya,

I woke up this morning with this server message and am not too sure what to think of it...

[quote:27eb6d4da0]
& -----Original Message-----
& From: root [mailto:[email protected]]
& Sent: 10 April 2002 05:45
& To: [email protected]
& Subject: [hackcheck] error was encountered while trying to use an
& ErrorDocument to handle the request. failed checksum test
&
&
& IMPORTANT: Do not ignore this email.
& This message is to inform you that the rpm
& package error was encountered while trying to use an
& ErrorDocument to handle the request. did not match the expected
& checksum. This could mean that
& your system was compromised (OwN3D). The offending files have
& been removed
& and replaced with the OS default. To be safe you should verify that your
& system has not be compromised.
&
& Modified Files:
& package error is not installed
& package was is not installed
& package encountered is not installed
& package while is not installed
& package trying is not installed
& package to is not installed
& package use is not installed
& package an is not installed
& package ErrorDocument is not installed
& package to is not installed
& package handle is not installed
& package the is not installed
& package request. is not installed
[/quote:27eb6d4da0]

Should I be worried? The package errors look a little confused...

James[/quote:27eb6d4da0]


Looks like the dns for updates.cpanel.net might be wrong ...
 
P

patchwork

Well-Known Member
Nov 2, 2001
95
0
316
I've just received the same message 10 minutes ago, is this something I need to fix?



IMPORTANT: Do not ignore this email.
This message is to inform you that the rpm
package error was encountered while trying to use an ErrorDocument to handle the request. did not match the expected checksum. This could mean that
your system was compromised (OwN3D). The offending files have been removed
and replaced with the OS default. To be safe you should verify that your
system has not be compromised.

Modified Files:
package error is not installed
package was is not installed
package encountered is not installed
package while is not installed
package trying is not installed
package to is not installed
package use is not installed
package an is not installed
package ErrorDocument is not installed
package to is not installed
package handle is not installed
package the is not installed
package request. is not installed




Pete
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
M Problem about account been hacked Security 1
A Reinitiate Root password / Account have been hacked Security 1
K Website has been hacked Security 3
C Has my server been hacked? Security 8
S Have I been hacked? Security 3
Similar threads
Problem about account been hacked
Reinitiate Root password / Account have been hacked
Website has been hacked
Has my server been hacked?
Have I been hacked?
Top Bottom