Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Is this a hack

Discussion in 'General Discussion' started by rootuser, Jul 20, 2006.

  1. rootuser

    rootuser Well-Known Member

    Joined:
    Jan 31, 2005
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    ***INDIA***
    Yesterday onwards lot of sites hosted in server is redirecting to server default home page, after that we checked
    roothkits through rootkit hunter it t is showing some binaries are BAD, is it a hack, how can i fix this
    /bin/ls [ OK ]
    /bin/mount [ OK ]
    /bin/netstat [ OK ]
    /bin/ps [ OK ]
    /bin/su [ OK ]
    /sbin/chkconfig [ BAD ]
    /sbin/depmod [ BAD ]
    /sbin/ifconfig [ OK ]
    /sbin/init [ OK ]
    /sbin/insmod [ BAD ]
    /sbin/modinfo [ BAD ]
    /sbin/runlevel [ OK ]
    /sbin/sysctl [ OK ]
    /sbin/syslogd [ OK ]
    /usr/bin/file [ OK ]
    /usr/bin/find [ BAD ]
    /usr/bin/groups [ OK ]

    MD5
    MD5 compared: 119
    Incorrect MD5 checksums: 5

    File scan
    Scanned files: 310
    Possible infected files: 0
    Possible rootkits:

    Scanning took 228 seconds
     
    #1 rootuser, Jul 20, 2006
  2. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    655
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Canada
    Did you try updating rkhunters database? Sometimes it may give a false positive but its generally pretty accurate.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 ramprage, Jul 20, 2006
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    You need to post your OS, but those look like fmailiar false-positives that the rkhunter developer hasn't updated their database with. I'm finding rkhunter getting further and further out of date with their md5sum databases of late.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 chirpy, Jul 20, 2006
(You must log in or sign up to post here.)
Loading...
Similar Threads - hack
  1. zodiac9797

    cPanel e-mail forwarders hack

    zodiac9797, Apr 12, 2018, in forum: Security
    Replies:
    5
    Views:
    702
    Vinayak
    Aug 10, 2018
  2. JarekN

    Site keeps on getting hacked - infected files

    JarekN, Mar 15, 2018, in forum: Security
    Replies:
    6
    Views:
    625
    cPanelMichael
    Mar 15, 2018
  3. kalexanakis

    Server hacked using pam_fprintd.so?

    kalexanakis, Jun 7, 2017, in forum: Security
    Replies:
    8
    Views:
    1,458
    Jcats
    Jun 23, 2017
  4. Motamedi

    Increase security to prevent hacking?

    Motamedi, May 5, 2017, in forum: Security
    Replies:
    1
    Views:
    675
    cPanelMichael
    May 5, 2017
  5. Vladimir Šebez

    Possible mysql root password hacked

    Vladimir Šebez, Nov 15, 2016, in forum: Security
    Replies:
    6
    Views:
    1,150
    cPanelMichael
    Nov 18, 2016

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice