rootuser

Well-Known Member
Jan 31, 2005
124
0
166
***INDIA***
Yesterday onwards lot of sites hosted in server is redirecting to server default home page, after that we checked
roothkits through rootkit hunter it t is showing some binaries are BAD, is it a hack, how can i fix this
/bin/ls [ OK ]
/bin/mount [ OK ]
/bin/netstat [ OK ]
/bin/ps [ OK ]
/bin/su [ OK ]
/sbin/chkconfig [ BAD ]
/sbin/depmod [ BAD ]
/sbin/ifconfig [ OK ]
/sbin/init [ OK ]
/sbin/insmod [ BAD ]
/sbin/modinfo [ BAD ]
/sbin/runlevel [ OK ]
/sbin/sysctl [ OK ]
/sbin/syslogd [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ BAD ]
/usr/bin/groups [ OK ]

MD5
MD5 compared: 119
Incorrect MD5 checksums: 5

File scan
Scanned files: 310
Possible infected files: 0
Possible rootkits:

Scanning took 228 seconds
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
You need to post your OS, but those look like fmailiar false-positives that the rkhunter developer hasn't updated their database with. I'm finding rkhunter getting further and further out of date with their md5sum databases of late.