Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Unknown scripts in shell ! What are they ? Is Shell Hacked ?

Discussion in 'Security' started by ANKUR KUMAR, Oct 31, 2012.

  1. ANKUR KUMAR

    ANKUR KUMAR Active Member

    Joined:
    Oct 28, 2012
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Time: Wed Oct 31 02:00:24 2012 +0530

    The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:

    /usr/bin/stunnel-4.15local: FAILED
    /usr/sbin/pureauth: FAILED
    /usr/local/sbin/pureauth: FAILED



    What is this notification ...??

    This type of notification i received first time ...
    What is this ?
    How to check genuine scripts running in server shell?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,517
    Likes Received:
    425
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. ANKUR KUMAR

    ANKUR KUMAR Active Member

    Joined:
    Oct 28, 2012
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator

    ya ... I did'nt noticed this :)

    But can you please tell
    stunnel-4.15
    pureauth

    etc are cpanel files ?
    is it included in Cpanel or it is 3rd party file ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,517
    Likes Received:
    425
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Not cPanel, operating system files. if it helps any here, I got the same email. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. ANKUR KUMAR

    ANKUR KUMAR Active Member

    Joined:
    Oct 28, 2012
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    :) You are making fun of me in open forum ? kidding :)

    Well your Answer helped .. Thanks to Infopro .
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,517
    Likes Received:
    425
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I would never make fun of anyone on this forum. Not intentionally anyway. ;)

    For the record, I have automatic updates disabled on several servers. Due to that, I wouldn't get these emails, as nothing changes unless I manually update the server and cPanel. In a few minutes after I do a manual update, I'll get one of these emails that you mention. I know why now too, I just updated that server.

    HTH! :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. ANKUR KUMAR

    ANKUR KUMAR Active Member

    Joined:
    Oct 28, 2012
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator

    Ya i did manual update , because today morning , WHM was not opening ,

    I called my data center for help , they did what i dont know really .

    But when i had a look of all new WHM ... I was exited ... :)

    It was like a android phone ... lolz ...

    Good Work Cpanel
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,517
    Likes Received:
    425
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Happy to hear you're liking the new style, and cPanel! Me too! :D
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,565
    Likes Received:
    43
    Trophy Points:
    308
    cPanel Access Level:
    Root Administrator
    pureauth is installed by cPanel & WHM as part of the Pure-FTPd package.

    stunnel-4.15 is also installed as a standard part of cPanel & WHM. If you recently upgraded to 11.34.0 it's probable something during the upgrade touched those files, modifying them just enough to trigger LFDs sensitivities.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. cpuser4234

    cpuser4234 Registered

    Joined:
    Nov 13, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Is there a webpage I can check to see what files cPanel is updating?

    Currently I receive the CSF MD5Sum check email but researching whether those were caused by a cPanel update is difficult.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice