The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is this a hack

Discussion in 'General Discussion' started by rootuser, Jul 20, 2006.

  1. rootuser

    rootuser Well-Known Member

    Joined:
    Jan 31, 2005
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    ***INDIA***
    Yesterday onwards lot of sites hosted in server is redirecting to server default home page, after that we checked
    roothkits through rootkit hunter it t is showing some binaries are BAD, is it a hack, how can i fix this
    /bin/ls [ OK ]
    /bin/mount [ OK ]
    /bin/netstat [ OK ]
    /bin/ps [ OK ]
    /bin/su [ OK ]
    /sbin/chkconfig [ BAD ]
    /sbin/depmod [ BAD ]
    /sbin/ifconfig [ OK ]
    /sbin/init [ OK ]
    /sbin/insmod [ BAD ]
    /sbin/modinfo [ BAD ]
    /sbin/runlevel [ OK ]
    /sbin/sysctl [ OK ]
    /sbin/syslogd [ OK ]
    /usr/bin/file [ OK ]
    /usr/bin/find [ BAD ]
    /usr/bin/groups [ OK ]

    MD5
    MD5 compared: 119
    Incorrect MD5 checksums: 5

    File scan
    Scanned files: 310
    Possible infected files: 0
    Possible rootkits:

    Scanning took 228 seconds
     
    #1 rootuser, Jul 20, 2006
  2. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    655
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Canada
    Did you try updating rkhunters database? Sometimes it may give a false positive but its generally pretty accurate.
     
    #2 ramprage, Jul 20, 2006
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,472
    Likes Received:
    20
    Trophy Points:
    463
    Location:
    Go on, have a guess
    You need to post your OS, but those look like fmailiar false-positives that the rkhunter developer hasn't updated their database with. I'm finding rkhunter getting further and further out of date with their md5sum databases of late.
     
    #3 chirpy, Jul 20, 2006
(You must log in or sign up to post here.)
Loading...
Similar Threads - hack
  1. kalexanakis

    Server hacked using pam_fprintd.so?

    kalexanakis, Jun 7, 2017, in forum: Security
    Replies:
    8
    Views:
    239
    Jcats
    Jun 23, 2017
  2. Motamedi

    Increase security to prevent hacking?

    Motamedi, May 5, 2017, in forum: Security
    Replies:
    1
    Views:
    182
    cPanelMichael
    May 5, 2017
  3. Vladimir Šebez

    Possible mysql root password hacked

    Vladimir Šebez, Nov 15, 2016, in forum: Security
    Replies:
    6
    Views:
    489
    cPanelMichael
    Nov 18, 2016
  4. Tatchan

    Ayuda! Me han hackeado varias cuentas

    Tatchan, Sep 27, 2016, in forum: Discusión en Español
    Replies:
    1
    Views:
    328
    cPanelMichael
    Oct 5, 2016
  5. ruzbehraja

    Standard Operating Procedure for dealing with email abuse or hacked email accounts

    ruzbehraja, Aug 23, 2016, in forum: E-mail Discussions
    Replies:
    1
    Views:
    393
    cPanelMichael
    Aug 24, 2016

Share This Page