Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is this an indication I was hacked?

Discussion in 'General Discussion' started by Webmaster Mitch, Oct 28, 2009.

  1. Webmaster Mitch

    Jan 7, 2009
    Likes Received:
    Trophy Points:
    A few days ago I was getting hourly reports that two of the sub-domains on my server had suspicious processes running. I couldn't figure out what they were, so I rebooted the server. Those messages have not returned.

    However, in my Logwatch email, in the Named section, I have the following messages;

    **Unmatched Entries**
    /etc/named.conf:13: using specific query-source port suppresses port randomization and can be insecure.: 1 Time(s)
    adjusted limit on open files from 1024 to 1048576: 1 Time(s)
    network unreachable resolving './NS/IN': 2001:500:2f::f#53: 1 Time(s)
    network unreachable resolving '': 2001:7b8:3:1f:0:2:53:2#53: 1 Time(s)
    network unreachable resolving '': 2001:7b8:3:1f:0:2:53:1#53: 1 Time(s)

    ... 1,071 more entries in between ...

    network unreachable resolving '': 2001:dc7:1000::1#53: 1 Time(s)
    network unreachable resolving '': 2001:dc7::1#53: 1 Time(s)
    the working directory is not writable: 1 Time(s)
    using default UDP/IPv4 port range: [1024, 65535]: 1 Time(s)
    using default UDP/IPv6 port range: [1024, 65535]: 1 Time(s)
    using up to 4096 sockets: 1 Time(s)

    I don't understand what's happening or what I should do about it. Any suggestions will be deeply appreciated.

Share This Page