Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Is this a hack

Discussion in 'General Discussion' started by rootuser, Jul 20, 2006.

  1. rootuser

    rootuser Well-Known Member

    Joined:
    Jan 31, 2005
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    ***INDIA***
    Yesterday onwards lot of sites hosted in server is redirecting to server default home page, after that we checked
    roothkits through rootkit hunter it t is showing some binaries are BAD, is it a hack, how can i fix this
    /bin/ls [ OK ]
    /bin/mount [ OK ]
    /bin/netstat [ OK ]
    /bin/ps [ OK ]
    /bin/su [ OK ]
    /sbin/chkconfig [ BAD ]
    /sbin/depmod [ BAD ]
    /sbin/ifconfig [ OK ]
    /sbin/init [ OK ]
    /sbin/insmod [ BAD ]
    /sbin/modinfo [ BAD ]
    /sbin/runlevel [ OK ]
    /sbin/sysctl [ OK ]
    /sbin/syslogd [ OK ]
    /usr/bin/file [ OK ]
    /usr/bin/find [ BAD ]
    /usr/bin/groups [ OK ]

    MD5
    MD5 compared: 119
    Incorrect MD5 checksums: 5

    File scan
    Scanned files: 310
    Possible infected files: 0
    Possible rootkits:

    Scanning took 228 seconds
     
  2. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    655
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Canada
    Did you try updating rkhunters database? Sometimes it may give a false positive but its generally pretty accurate.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    You need to post your OS, but those look like fmailiar false-positives that the rkhunter developer hasn't updated their database with. I'm finding rkhunter getting further and further out of date with their md5sum databases of late.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice