My server has been compromised...

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • GFED
    Confirmed User
    • May 2002
    • 8121

    #1

    My server has been compromised...

    and i'm receiving a thousand return mails everyday... :/

    IMPORTANT: Do not ignore this email.
    This message is to inform you that the rpm
    package fileutils did not match the expected checksum. This could mean that
    your system was compromised (OwN3D). The offending files have been removed
    and replaced with the OS default. To be safe you should verify that your
    system has not be compromised.

    https://www.flow.page/savethechildren
  • TheSenator
    Too lazy to set a custom title
    • Feb 2003
    • 13340

    #2
    That sucks... Do you have a sys admin? Or do you do it yourself?
    ISeekGirls.com since 2005

    Comment

    • Tom_PM
      Porn Meister
      • Feb 2005
      • 16443

      #3
      Are you really banned? wtf, lol..

      That does suck, but the email really said (OwN3D)??? thats weird.
      43-922-863 Shut up and play your guitar.

      Comment

      • GFED
        Confirmed User
        • May 2002
        • 8121

        #4
        it's a self managed server at rack shack... yeah thats what the email said... lol...
        https://www.flow.page/savethechildren

        Comment

        • GFED
          Confirmed User
          • May 2002
          • 8121

          #5
          no, i'm not really banned... :p
          https://www.flow.page/savethechildren

          Comment

          • Downtime
            Confirmed User
            • May 2004
            • 7320

            #6
            that sucks man, hope it gets resolved soon
            #27024067

            Comment

            • Manowar
              jellyfish  
              • Dec 2003
              • 71528

              #7
              that sucks dude

              Comment

              • split_joel
                Confirmed User
                • Jan 2005
                • 2270

                #8
                Originally posted by GFED
                and i'm receiving a thousand return mails everyday... :/

                IMPORTANT: Do not ignore this email.
                This message is to inform you that the rpm
                package fileutils did not match the expected checksum. This could mean that
                your system was compromised (OwN3D). The offending files have been removed
                and replaced with the OS default. To be safe you should verify that your
                system has not be compromised.

                what are you paying over there? We will secure and manage your server for you so this will never happen again. Not trying to steal you from anyone but that should never happen.
                E-mail marketing - Automation Scripting - IP Space
                AIM: splitjoelp ICQ: 254759453 skype - splitjoelp 702-941-6465

                Comment

                • split_joel
                  Confirmed User
                  • Jan 2005
                  • 2270

                  #9
                  also i doubt that package did any harm to your system you can read about it here.

                  http://rpm.pbone.net/index.php3/stat....i586.rpm.html
                  E-mail marketing - Automation Scripting - IP Space
                  AIM: splitjoelp ICQ: 254759453 skype - splitjoelp 702-941-6465

                  Comment

                  • fris
                    Too lazy to set a custom title
                    • Aug 2002
                    • 55679

                    #10
                    Originally posted by split_joel
                    what are you paying over there? We will secure and manage your server for you so this will never happen again. Not trying to steal you from anyone but that should never happen.
                    can you beat 170$ a month for 10mbps unmetered?

                    or 265$ a month for 20mbps?
                    Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.

                    Comment

                    • GFED
                      Confirmed User
                      • May 2002
                      • 8121

                      #11
                      all my logs have the intrusion coming from one ip address... can someone check it out for me? how do i block it?

                      81.10.192.58
                      https://www.flow.page/savethechildren

                      Comment

                      • GFED
                        Confirmed User
                        • May 2002
                        • 8121

                        #12
                        Hidden Pid detected! [pid 17811]
                        hidden from ps: [yes]
                        binary location: [/tmp/sh-B1LCCY4ARMS (deleted)]

                        Hidden Pid detected! [pid 17816]
                        hidden from ps: [yes]
                        binary location: [/sbin/ttymon]
                        https://www.flow.page/savethechildren

                        Comment

                        • GFED
                          Confirmed User
                          • May 2002
                          • 8121

                          #13
                          bump....
                          https://www.flow.page/savethechildren

                          Comment

                          • wyldblyss
                            Confirmed User
                            • Nov 2003
                            • 5779

                            #14
                            Originally posted by GFED
                            it's a self managed server at rack shack... yeah thats what the email said... lol...
                            I know you must be going nuts now trying to get things in order and I don't mean to laugh...but the email saying you were OwN3D is too much! hehe

                            Comment

                            • Juicy D. Links
                              So Fucking Banned
                              • Apr 2001
                              • 122992

                              #15
                              GFED i can find the troll for you , cock slapp him and break his hands so he cant type lmk

                              Comment

                              • GFED
                                Confirmed User
                                • May 2002
                                • 8121

                                #16
                                Originally posted by Juicy D. Links
                                GFED i can find the troll for you , cock slapp him and break his hands so he cant type lmk
                                yes please cockslap him for me... :p
                                https://www.flow.page/savethechildren

                                Comment

                                • GFED
                                  Confirmed User
                                  • May 2002
                                  • 8121

                                  #17
                                  i keep getting the emails... grrr...
                                  https://www.flow.page/savethechildren

                                  Comment

                                  • HDTV Bucks
                                    Registered User
                                    • Apr 2006
                                    • 15

                                    #18
                                    I'm been getting spammed a few hundred times a day by some really stupid "Your Message Could Not Be Delivered" type thing, so I feel your pain.

                                    Comment

                                    • ServerGenius
                                      Confirmed User
                                      • Feb 2002
                                      • 9377

                                      #19
                                      See Sig
                                      | http://www.sinnerscash.com/ | ICQ: 370820 | Skype: SinnersCash | AdultWhosWho |

                                      Comment

                                      • Sven-David
                                        Confirmed User
                                        • Apr 2006
                                        • 161

                                        #20
                                        bump that

                                        Comment

                                        • GFED
                                          Confirmed User
                                          • May 2002
                                          • 8121

                                          #21
                                          fuck... rackshack cant fix it... they told me to back up all my shit and order a reimage...
                                          https://www.flow.page/savethechildren

                                          Comment

                                          • MrQ
                                            Registered User
                                            • Apr 2006
                                            • 91

                                            #22
                                            Originally posted by GFED
                                            and i'm receiving a thousand return mails everyday... :/

                                            IMPORTANT: Do not ignore this email.
                                            This message is to inform you that the rpm
                                            package fileutils did not match the expected checksum. This could mean that
                                            your system was compromised (OwN3D). The offending files have been removed
                                            and replaced with the OS default. To be safe you should verify that your
                                            system has not be compromised.


                                            You ought to look into getting a sysadmin

                                            Comment

                                            • marketsmart
                                              HOMICIDAL TROLL KILLER
                                              • Dec 2004
                                              • 20419

                                              #23
                                              Originally posted by GFED
                                              all my logs have the intrusion coming from one ip address... can someone check it out for me? how do i block it?

                                              81.10.192.58
                                              vi /etc/hosts.deny

                                              Comment

                                              • minusonebit
                                                So Fucking Banned
                                                • Feb 2006
                                                • 7391

                                                #24
                                                First of all, your system HAS been compromised and the system utilities probably have been patched, that is, modified so that the hacker can get back in or whatever.

                                                When the OS has been molested like that, the only thing you can do is backup everything, format and start over. Even if you lock the intruder out, you cannot trust the integrity of the OS anymore.

                                                Second, you need to get a sysadmin. Go over to WebHostingTalk.com and post for a sysadmin. You'll get plenty of knowledgeable responses from people who will work for next to nothing via PayPal.

                                                Do you use cPanel, by any chance? I had this happen to a cPanel server about a year ago, it was the biggest fucking headache ever. I eventually laid the blame on a hole in phpBB and/or cPanel.

                                                Comment

                                                • jacked
                                                  sperm tail
                                                  • May 2004
                                                  • 11019

                                                  #25
                                                  thats pretty fuckin gay
                                                  Got Cam Models?
                                                  icq: 361-607-616

                                                  Comment

                                                  • ffmihai
                                                    keep walking...
                                                    • Jun 2002
                                                    • 7177

                                                    #26
                                                    oh shit hire someone to manage the problem!

                                                    Comment

                                                    • micker
                                                      Confirmed User
                                                      • Nov 2005
                                                      • 748

                                                      #27
                                                      Originally posted by GFED
                                                      and i'm receiving a thousand return mails everyday... :/

                                                      IMPORTANT: Do not ignore this email.
                                                      This message is to inform you that the rpm
                                                      package fileutils did not match the expected checksum. This could mean that
                                                      your system was compromised (OwN3D). The offending files have been removed
                                                      and replaced with the OS default. To be safe you should verify that your
                                                      system has not be compromised.


                                                      I think someone is trying to mess with you. Is there more to that message you're getting? I've been working with unix systems a long time and never, have I ever seen an error message that used the word 'OwN3D'. Granted, I've never been a redhat guy, and for all I know thats an actual redhat error message.

                                                      I'm going to be gone most of the day, but if you're still having problems this evening, feel free to hit me up on icq 206-403-725.

                                                      Good luck with it!

                                                      Comment

                                                      • darksoul
                                                        Confirmed User
                                                        • Apr 2002
                                                        • 4997

                                                        #28
                                                        I guess you don't care too much about that server since 6 days are past and you didn't took care of it.
                                                        1337 5y54|)m1n: 157717888
                                                        BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
                                                        Cambooth

                                                        Comment

                                                        • darksoul
                                                          Confirmed User
                                                          • Apr 2002
                                                          • 4997

                                                          #29
                                                          Originally posted by micker
                                                          I've been working with unix systems a long time and never, have I ever seen an error message that used the word 'OwN3D'. Granted, I've never been a redhat guy, and for all I know thats an actual redhat error message.
                                                          that message is from a cpanel script and yea it really says OwN3D
                                                          1337 5y54|)m1n: 157717888
                                                          BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
                                                          Cambooth

                                                          Comment

                                                          • GFED
                                                            Confirmed User
                                                            • May 2002
                                                            • 8121

                                                            #30
                                                            Originally posted by darksoul
                                                            I guess you don't care too much about that server since 6 days are past and you didn't took care of it.
                                                            i'm working on it... :/
                                                            https://www.flow.page/savethechildren

                                                            Comment

                                                            Working...