The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Unknown scripts in shell ! What are they ? Is Shell Hacked ?

Discussion in 'Security' started by ANKUR KUMAR, Oct 31, 2012.

  1. ANKUR KUMAR

    ANKUR KUMAR Active Member

    Joined:
    Oct 28, 2012
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Time: Wed Oct 31 02:00:24 2012 +0530

    The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:

    /usr/bin/stunnel-4.15local: FAILED
    /usr/sbin/pureauth: FAILED
    /usr/local/sbin/pureauth: FAILED



    What is this notification ...??

    This type of notification i received first time ...
    What is this ?
    How to check genuine scripts running in server shell?
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  3. ANKUR KUMAR

    ANKUR KUMAR Active Member

    Joined:
    Oct 28, 2012
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator

    ya ... I did'nt noticed this :)

    But can you please tell
    stunnel-4.15
    pureauth

    etc are cpanel files ?
    is it included in Cpanel or it is 3rd party file ?
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Not cPanel, operating system files. if it helps any here, I got the same email. :)
     
  5. ANKUR KUMAR

    ANKUR KUMAR Active Member

    Joined:
    Oct 28, 2012
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    :) You are making fun of me in open forum ? kidding :)

    Well your Answer helped .. Thanks to Infopro .
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I would never make fun of anyone on this forum. Not intentionally anyway. ;)

    For the record, I have automatic updates disabled on several servers. Due to that, I wouldn't get these emails, as nothing changes unless I manually update the server and cPanel. In a few minutes after I do a manual update, I'll get one of these emails that you mention. I know why now too, I just updated that server.

    HTH! :)
     
  7. ANKUR KUMAR

    ANKUR KUMAR Active Member

    Joined:
    Oct 28, 2012
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator

    Ya i did manual update , because today morning , WHM was not opening ,

    I called my data center for help , they did what i dont know really .

    But when i had a look of all new WHM ... I was exited ... :)

    It was like a android phone ... lolz ...

    Good Work Cpanel
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Happy to hear you're liking the new style, and cPanel! Me too! :D
     
  9. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    pureauth is installed by cPanel & WHM as part of the Pure-FTPd package.

    stunnel-4.15 is also installed as a standard part of cPanel & WHM. If you recently upgraded to 11.34.0 it's probable something during the upgrade touched those files, modifying them just enough to trigger LFDs sensitivities.
     
  10. cpuser4234

    cpuser4234 Registered

    Joined:
    Nov 13, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Is there a webpage I can check to see what files cPanel is updating?

    Currently I receive the CSF MD5Sum check email but researching whether those were caused by a cPanel update is difficult.
     
Loading...

Share This Page