The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Have I been hacked?

Discussion in 'General Discussion' started by WildWayz, Apr 10, 2002.

  1. WildWayz

    WildWayz Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    209
    Likes Received:
    0
    Trophy Points:
    16
    Hi ya,

    I woke up this morning with this server message and am not too sure what to think of it...

    [quote:331832ab4a]
    & -----Original Message-----
    & From: root [mailto:root@insomnia.pcnoc.net]
    & Sent: 10 April 2002 05:45
    & To: wildwayz@clara.co.uk
    & Subject: [hackcheck] error was encountered while trying to use an
    & ErrorDocument to handle the request. failed checksum test
    &
    &
    & IMPORTANT: Do not ignore this email.
    & This message is to inform you that the rpm
    & package error was encountered while trying to use an
    & ErrorDocument to handle the request. did not match the expected
    & checksum. This could mean that
    & your system was compromised (OwN3D). The offending files have
    & been removed
    & and replaced with the OS default. To be safe you should verify that your
    & system has not be compromised.
    &
    & Modified Files:
    & package error is not installed
    & package was is not installed
    & package encountered is not installed
    & package while is not installed
    & package trying is not installed
    & package to is not installed
    & package use is not installed
    & package an is not installed
    & package ErrorDocument is not installed
    & package to is not installed
    & package handle is not installed
    & package the is not installed
    & package request. is not installed
    [/quote:331832ab4a]

    Should I be worried? The package errors look a little confused...

    James
     
  2. WildWayz

    WildWayz Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    209
    Likes Received:
    0
    Trophy Points:
    16
    I just ran /scripts/findhacks and there were loads of errors... mainly around something like /usr/proc.

    Hmmmm getting worried :/

    I logged in and SU'd as root but no mention of any other IPs other than mine using ROOT password :/

    James
     
  3. WildWayz

    WildWayz Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    209
    Likes Received:
    0
    Trophy Points:
    16
    it appears I am not the only one with this.

    If this WAS a joke, it ain't fecking funny!

    I spent the morning checking logs looking for any sign of a breach.

    --James
     
  4. Brownie

    Brownie Well-Known Member

    Joined:
    Aug 10, 2001
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    16
    I just took a look at findhacks and all it does is:

    [quote:31c7e77133]
    #!/bin/sh
    lsattr -R / |grep -v &\-\-\-\-\-\-\-\-& |grep -v &^/&
    [/quote:31c7e77133]

    what is it exactly doing?!?!? im no linux expert :p

    btw, I didnt get that email
     
  5. bdraco

    bdraco Guest

    [quote:27eb6d4da0][i:27eb6d4da0]Originally posted by WildWayz[/i:27eb6d4da0]

    Hi ya,

    I woke up this morning with this server message and am not too sure what to think of it...

    [quote:27eb6d4da0]
    & -----Original Message-----
    & From: root [mailto:root@insomnia.pcnoc.net]
    & Sent: 10 April 2002 05:45
    & To: wildwayz@clara.co.uk
    & Subject: [hackcheck] error was encountered while trying to use an
    & ErrorDocument to handle the request. failed checksum test
    &
    &
    & IMPORTANT: Do not ignore this email.
    & This message is to inform you that the rpm
    & package error was encountered while trying to use an
    & ErrorDocument to handle the request. did not match the expected
    & checksum. This could mean that
    & your system was compromised (OwN3D). The offending files have
    & been removed
    & and replaced with the OS default. To be safe you should verify that your
    & system has not be compromised.
    &
    & Modified Files:
    & package error is not installed
    & package was is not installed
    & package encountered is not installed
    & package while is not installed
    & package trying is not installed
    & package to is not installed
    & package use is not installed
    & package an is not installed
    & package ErrorDocument is not installed
    & package to is not installed
    & package handle is not installed
    & package the is not installed
    & package request. is not installed
    [/quote:27eb6d4da0]

    Should I be worried? The package errors look a little confused...

    James[/quote:27eb6d4da0]


    Looks like the dns for updates.cpanel.net might be wrong ...
     
  6. WildWayz

    WildWayz Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    209
    Likes Received:
    0
    Trophy Points:
    16
    how do I fix it?
     
  7. patchwork

    patchwork Well-Known Member

    Joined:
    Nov 2, 2001
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    16
    I've just received the same message 10 minutes ago, is this something I need to fix?



    IMPORTANT: Do not ignore this email.
    This message is to inform you that the rpm
    package error was encountered while trying to use an ErrorDocument to handle the request. did not match the expected checksum. This could mean that
    your system was compromised (OwN3D). The offending files have been removed
    and replaced with the OS default. To be safe you should verify that your
    system has not be compromised.

    Modified Files:
    package error is not installed
    package was is not installed
    package encountered is not installed
    package while is not installed
    package trying is not installed
    package to is not installed
    package use is not installed
    package an is not installed
    package ErrorDocument is not installed
    package to is not installed
    package handle is not installed
    package the is not installed
    package request. is not installed




    Pete
     
Loading...

Share This Page