My server has been compromised... - GoFuckYourself.com

GFED · 04-21-2006, 11:11 AM

and i'm receiving a thousand return mails everyday... :/

IMPORTANT: Do not ignore this email.
This message is to inform you that the rpm
package fileutils did not match the expected checksum. This could mean that
your system was compromised (OwN3D). The offending files have been removed
and replaced with the OS default. To be safe you should verify that your
system has not be compromised.

TheSenator · 04-21-2006, 11:12 AM

That sucks... Do you have a sys admin? Or do you do it yourself?

Tom_PM · 04-21-2006, 11:14 AM

Are you really banned? wtf, lol..

That does suck, but the email really said (OwN3D)??? thats weird.

GFED · 04-21-2006, 02:12 PM

it's a self managed server at rack shack... yeah thats what the email said... lol...

GFED · 04-21-2006, 02:13 PM

no, i'm not really banned... :p

Downtime · 04-21-2006, 02:15 PM

that sucks man, hope it gets resolved soon

Manowar · 04-21-2006, 02:23 PM

that sucks dude

split_joel · 04-21-2006, 02:43 PM

Quote:

Originally Posted by GFED

and i'm receiving a thousand return mails everyday... :/

IMPORTANT: Do not ignore this email.
This message is to inform you that the rpm
package fileutils did not match the expected checksum. This could mean that
your system was compromised (OwN3D). The offending files have been removed
and replaced with the OS default. To be safe you should verify that your
system has not be compromised.

what are you paying over there? We will secure and manage your server for you so this will never happen again. Not trying to steal you from anyone but that should never happen.

split_joel · 04-21-2006, 02:50 PM

also i doubt that package did any harm to your system you can read about it here.

http://rpm.pbone.net/index.php3/stat....i586.rpm.html

fris · 04-21-2006, 02:54 PM

Quote:

Originally Posted by split_joel

what are you paying over there? We will secure and manage your server for you so this will never happen again. Not trying to steal you from anyone but that should never happen.

can you beat 170$ a month for 10mbps unmetered?

or 265$ a month for 20mbps?

GFED · 04-22-2006, 01:38 AM

all my logs have the intrusion coming from one ip address... can someone check it out for me? how do i block it?

81.10.192.58

GFED · 04-22-2006, 01:39 AM

Hidden Pid detected! [pid 17811]
hidden from ps: [yes]
binary location: [/tmp/sh-B1LCCY4ARMS (deleted)]

Hidden Pid detected! [pid 17816]
hidden from ps: [yes]
binary location: [/sbin/ttymon]

GFED · 04-23-2006, 05:46 AM

bump....

wyldblyss · 04-23-2006, 05:51 AM

Quote:

Originally Posted by GFED

it's a self managed server at rack shack... yeah thats what the email said... lol...

I know you must be going nuts now trying to get things in order and I don't mean to laugh...but the email saying you were OwN3D is too much! hehe

Juicy D. Links · 04-23-2006, 05:58 AM

GFED i can find the troll for you , cock slapp him and break his hands so he cant type lmk

GFED · 04-25-2006, 11:23 PM

Quote:

Originally Posted by Juicy D. Links

GFED i can find the troll for you , cock slapp him and break his hands so he cant type lmk

yes please cockslap him for me... :p

GFED · 04-27-2006, 01:40 AM

i keep getting the emails... grrr...

HDTV Bucks · 04-27-2006, 01:47 AM

I'm been getting spammed a few hundred times a day by some really stupid "Your Message Could Not Be Delivered" type thing, so I feel your pain.

ServerGenius · 04-27-2006, 01:49 AM

See Sig

Sven-David · 04-27-2006, 04:00 AM

bump that

GFED · 04-27-2006, 08:09 AM

fuck... rackshack cant fix it... they told me to back up all my shit and order a reimage...

MrQ · 04-27-2006, 08:12 AM

Quote:

Originally Posted by GFED

and i'm receiving a thousand return mails everyday... :/

IMPORTANT: Do not ignore this email.
This message is to inform you that the rpm
package fileutils did not match the expected checksum. This could mean that
your system was compromised (OwN3D). The offending files have been removed
and replaced with the OS default. To be safe you should verify that your
system has not be compromised.

You ought to look into getting a sysadmin

marketsmart · 04-27-2006, 08:12 AM

Quote:

Originally Posted by GFED

all my logs have the intrusion coming from one ip address... can someone check it out for me? how do i block it?

81.10.192.58

vi /etc/hosts.deny

minusonebit · 04-27-2006, 08:25 AM

First of all, your system HAS been compromised and the system utilities probably have been patched, that is, modified so that the hacker can get back in or whatever.

When the OS has been molested like that, the only thing you can do is backup everything, format and start over. Even if you lock the intruder out, you cannot trust the integrity of the OS anymore.

Second, you need to get a sysadmin. Go over to WebHostingTalk.com and post for a sysadmin. You'll get plenty of knowledgeable responses from people who will work for next to nothing via PayPal.

Do you use cPanel, by any chance? I had this happen to a cPanel server about a year ago, it was the biggest fucking headache ever. I eventually laid the blame on a hole in phpBB and/or cPanel.

jacked · 04-27-2006, 08:32 AM

thats pretty fuckin gay

ffmihai · 04-27-2006, 08:50 AM

oh shit hire someone to manage the problem!

micker · 04-27-2006, 09:05 AM

Quote:

Originally Posted by GFED

and i'm receiving a thousand return mails everyday... :/

IMPORTANT: Do not ignore this email.
This message is to inform you that the rpm
package fileutils did not match the expected checksum. This could mean that
your system was compromised (OwN3D). The offending files have been removed
and replaced with the OS default. To be safe you should verify that your
system has not be compromised.

I think someone is trying to mess with you. Is there more to that message you're getting? I've been working with unix systems a long time and never, have I ever seen an error message that used the word 'OwN3D'. Granted, I've never been a redhat guy, and for all I know thats an actual redhat error message.

I'm going to be gone most of the day, but if you're still having problems this evening, feel free to hit me up on icq 206-403-725.

Good luck with it!

darksoul · 04-27-2006, 09:11 AM

I guess you don't care too much about that server since 6 days are past and you didn't took care of it.

darksoul · 04-27-2006, 09:14 AM

Quote:

Originally Posted by micker

I've been working with unix systems a long time and never, have I ever seen an error message that used the word 'OwN3D'. Granted, I've never been a redhat guy, and for all I know thats an actual redhat error message.

that message is from a cpanel script and yea it really says OwN3D

GFED · 04-27-2006, 09:51 AM

Quote:

Originally Posted by darksoul

I guess you don't care too much about that server since 6 days are past and you didn't took care of it.

i'm working on it... :/

04-21-2006, 11:11 AM	#1
GFED Confirmed User Industry Role: Join Date: May 2002 Posts: 8,120	My server has been compromised... and i'm receiving a thousand return mails everyday... :/ IMPORTANT: Do not ignore this email. This message is to inform you that the rpm package fileutils did not match the expected checksum. This could mean that your system was compromised (OwN3D). The offending files have been removed and replaced with the OS default. To be safe you should verify that your system has not be compromised. __________________ https://www.flow.page/savethechildren

04-21-2006, 11:12 AM	#2
TheSenator Too lazy to set a custom title Industry Role: Join Date: Feb 2003 Location: NJ Posts: 13,336	That sucks... Do you have a sys admin? Or do you do it yourself? __________________ ISeekGirls.com since 2005

04-21-2006, 11:14 AM	#3
Tom_PM Porn Meister Industry Role: Join Date: Feb 2005 Posts: 16,443	Are you really banned? wtf, lol.. That does suck, but the email really said (OwN3D)??? thats weird. __________________ 43-922-863 Shut up and play your guitar.

04-21-2006, 02:12 PM	#4
GFED Confirmed User Industry Role: Join Date: May 2002 Posts: 8,120	it's a self managed server at rack shack... yeah thats what the email said... lol... __________________ https://www.flow.page/savethechildren

04-21-2006, 02:13 PM	#5
GFED Confirmed User Industry Role: Join Date: May 2002 Posts: 8,120	no, i'm not really banned... :p __________________ https://www.flow.page/savethechildren

04-21-2006, 02:15 PM	#6
Downtime Confirmed User Industry Role: Join Date: May 2004 Location: America. Posts: 7,320	that sucks man, hope it gets resolved soon __________________ #27024067

04-21-2006, 02:23 PM	#7
Manowar jellyfish Join Date: Dec 2003 Posts: 71,528	that sucks dude

04-21-2006, 02:50 PM	#9
split_joel Confirmed User Join Date: Jan 2005 Posts: 2,270	also i doubt that package did any harm to your system you can read about it here. http://rpm.pbone.net/index.php3/stat....i586.rpm.html __________________ E-mail marketing - Automation Scripting - IP Space AIM: splitjoelp ICQ: 254759453 skype - splitjoelp 702-941-6465

04-22-2006, 01:38 AM	#11
GFED Confirmed User Industry Role: Join Date: May 2002 Posts: 8,120	all my logs have the intrusion coming from one ip address... can someone check it out for me? how do i block it? 81.10.192.58 __________________ https://www.flow.page/savethechildren

04-22-2006, 01:39 AM	#12
GFED Confirmed User Industry Role: Join Date: May 2002 Posts: 8,120	Hidden Pid detected! [pid 17811] hidden from ps: [yes] binary location: [/tmp/sh-B1LCCY4ARMS (deleted)] Hidden Pid detected! [pid 17816] hidden from ps: [yes] binary location: [/sbin/ttymon] __________________ https://www.flow.page/savethechildren

04-23-2006, 05:46 AM	#13
GFED Confirmed User Industry Role: Join Date: May 2002 Posts: 8,120	bump.... __________________ https://www.flow.page/savethechildren

04-23-2006, 05:58 AM	#15
Juicy D. Links So Fucking Banned Industry Role: Join Date: Apr 2001 Location: N.Y. -Long Island -- Posts: 122,992	GFED i can find the troll for you , cock slapp him and break his hands so he cant type lmk

04-27-2006, 01:40 AM	#17
GFED Confirmed User Industry Role: Join Date: May 2002 Posts: 8,120	i keep getting the emails... grrr... __________________ https://www.flow.page/savethechildren

04-27-2006, 01:47 AM	#18
HDTV Bucks Registered User Join Date: Apr 2006 Posts: 15	I'm been getting spammed a few hundred times a day by some really stupid "Your Message Could Not Be Delivered" type thing, so I feel your pain.

04-27-2006, 01:49 AM	#19
ServerGenius Confirmed User Join Date: Feb 2002 Location: Amsterdam Posts: 9,377	See Sig __________________ \| http://www.sinnerscash.com/ \| ICQ: 370820 \| Skype: SinnersCash \| AdultWhosWho \|

04-27-2006, 04:00 AM	#20
Sven-David Confirmed User Join Date: Apr 2006 Posts: 161	bump that

04-27-2006, 08:09 AM	#21
GFED Confirmed User Industry Role: Join Date: May 2002 Posts: 8,120	fuck... rackshack cant fix it... they told me to back up all my shit and order a reimage... __________________ https://www.flow.page/savethechildren

04-27-2006, 08:25 AM	#24
minusonebit So Fucking Banned Join Date: Feb 2006 Location: [email protected] Posts: 7,391	First of all, your system HAS been compromised and the system utilities probably have been patched, that is, modified so that the hacker can get back in or whatever. When the OS has been molested like that, the only thing you can do is backup everything, format and start over. Even if you lock the intruder out, you cannot trust the integrity of the OS anymore. Second, you need to get a sysadmin. Go over to WebHostingTalk.com and post for a sysadmin. You'll get plenty of knowledgeable responses from people who will work for next to nothing via PayPal. Do you use cPanel, by any chance? I had this happen to a cPanel server about a year ago, it was the biggest fucking headache ever. I eventually laid the blame on a hole in phpBB and/or cPanel.

04-27-2006, 08:32 AM	#25
jacked sperm tail Industry Role: Join Date: May 2004 Location: nj Posts: 11,019	thats pretty fuckin gay __________________ Got Cam Models? icq: 361-607-616

04-27-2006, 08:50 AM	#26
ffmihai keep walking... Industry Role: Join Date: Jun 2002 Posts: 7,177	oh shit hire someone to manage the problem! __________________

04-27-2006, 09:11 AM	#28
darksoul Confirmed User Join Date: Apr 2002 Location: /root/ Posts: 4,997	I guess you don't care too much about that server since 6 days are past and you didn't took care of it. __________________ 1337 5y54\|)m1n: 157717888 BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN Cambooth