I got the following message today and am curious if this is real or not. I have read many thread on servers being hacked, but I am not seeing any tail - tail signs that the hack is real. But, here is all the info: Last night, my server memory usage went through the roof. Server had to be rebooted. Again this morning, the mem usage was through the roof. At 5:15 this am, I got these emails: Trojan Horses Detected by (WHM) on genesis.xxxxx.biz Hidden Pid detected! [pid 10] hidden from ps: [yes] hidden from kernel: [yes] binary location: [/sbin/init] [hackcheck] net-tools failed checksum test IMPORTANT: Do not ignore this email. This message is to inform you that the rpm package net-tools did not match the expected checksum. This could mean that your system was compromised (OwN3D). The offending files have been removed and replaced with the OS default. To be safe you should verify that your system has not be compromised. Modified Files: S.5..UG. /bin/netstat S.5..UG. /sbin/ifconfig [hackcheck] findutils failed checksum test Modified Files: S.5..UG. /usr/bin/find Modified Files: S.5..UG. /bin/ls S.5..UG. /usr/bin/dir My datacenter team want a LOAD of money to do a security check. I don't want to pay it unless this is a real threat. How can I determine if the hack is real and is there a way to circumvent it quickly? Box Stats WHM 8.5.4 cPanel 8.5.5-R20 RedHat 7.3 - WHM X v2.1.1 I am very new to all this, so details don't hurt me I am trying to come up the learning curve as quickly as possible.