The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Important - Hackcheck problems - GLIB and FINDUTILS and NET-TOOLS

Discussion in 'General Discussion' started by stftk14, Nov 15, 2003.

  1. stftk14

    stftk14 Well-Known Member

    Joined:
    Jul 10, 2003
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    I have ran into several problems today.

    Let me describe my situation:
    - Last night I upgraded my cpanel to the EDGE version that screwed everything up, cpanel wouldnt start, etc.
    - Last night after it got messed up, I downgraded to the Stable 3 version and all was fine.
    - This morning I upgrade to E74 because the changelog shows the problems are fixed.

    Now cpanel is working alright. But EVERY TIME I run Update Cpanel or /scripts/hackcheck, i get one of these emails:

    "IMPORTANT: Do not ignore this email.
    This message is to inform you that the rpm package findutils did not match the expected checksum. This could mean that your system was compromised (OwN3D). The offending files have been removed and replaced with the OS default. To be safe you should verify that your system has not be compromised.

    Modified Files:
    Unsatisfied dependencies for findutils-4.1.7-9: libc.so.6, libc.so.6(GLIBC_2.0), libc.so.6(GLIBC_2.1), libc.so.6(GLIBC_2.2), libc.so.6(GLIBC_2.2.3), libc.so.6(GLIBC_2.3)"


    I went into my server and checked /lib, and of course, libc.so.6 IS there.

    So it looks like for some reason, RPM cannot find the correct location of libc.so.6 file .

    My questions:
    - Was I hacked or was this just a issue with the update problems last night?
    - How can I fix this problem with it not finding libc.so.6 ?


    Thank you, I appreciate any help given.
     
  2. reddrake

    reddrake Well-Known Member

    Joined:
    Apr 2, 2003
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Wisconsin,Usa
    I can not duplicate (As we spoke already) Anyone else have the same problems?
    Run
    /scripts/hackcheck
    mine checks out fine

    Regards,
    Brian
     
  3. stftk14

    stftk14 Well-Known Member

    Joined:
    Jul 10, 2003
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    anyone have ideas?
     
  4. DWHS.net

    DWHS.net Well-Known Member
    PartnerNOC

    Joined:
    Jul 28, 2002
    Messages:
    1,569
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    LA, Costa RIca
    cPanel Access Level:
    Root Administrator
    Yep I got it a couple days back but the server is clean.

    I wouldn't worry about it as much, it used to be accurate but now it may be a glitch. I think these are more like flags to check out.

    They have told about hacked servers in the past and where correct.
     
  5. BuffaloWeb

    BuffaloWeb Well-Known Member

    Joined:
    Jul 1, 2003
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Same issue here:

    IMPORTANT: Do not ignore this email.
    This message is to inform you that the rpm
    package findutils did not match the expected checksum. This could mean that
    your system was compromised (OwN3D). The offending files have been removed
    and replaced with the OS default. To be safe you should verify that your
    system has not be compromised.

    Modified Files:
    Unsatisfied dependencies for findutils-4.1.7-9: libc.so.6(GLIBC_2.2.3)
     
  6. ripbud

    ripbud Registered

    Joined:
    Jan 15, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Just got this message... freaking out...slightly

    I really don't know what I should check out...
    Am I hacked or is this as this older thread indicates a "glicth" What exactly am I looking for to see if i'm hacked?

    Thanks...

    Messages:

    IMPORTANT: Do not ignore this email.
    This message is to inform you that the rpm
    package net-tools did not match the expected checksum. This could mean that
    your system was compromised (OwN3D). The offending files have been removed
    and replaced with the OS default. To be safe you should verify that your
    system has not be compromised.

    Modified Files:
    S.5..UG. /bin/netstat
    S.5..UG. /sbin/ifconfig

    and

    IMPORTANT: Do not ignore this email.
    This message is to inform you that the rpm
    package findutils did not match the expected checksum. This could mean that
    your system was compromised (OwN3D). The offending files have been removed
    and replaced with the OS default. To be safe you should verify that your
    system has not be compromised.

    Modified Files:
    S.5..UG. /usr/bin/find
     
Loading...
Similar Threads - Important Hackcheck problems
  1. John Tadros
    Replies:
    2
    Views:
    163

Share This Page