My server has been compromised...
 

and i'm receiving a thousand return mails everyday... :/

IMPORTANT: Do not ignore this email.
This message is to inform you that the rpm
package fileutils did not match the expected checksum. This could mean that
your system was compromised (OwN3D). The offending files have been removed
and replaced with the OS default. To be safe you should verify that your
system has not be compromised.

:(

That sucks... Do you have a sys admin? Or do you do it yourself?

Are you really banned? wtf, lol..

That does suck, but the email really said (OwN3D)??? thats weird.

it's a self managed server at rack shack... yeah thats what the email said... lol... :)

no, i'm not really banned... :p

that sucks man, hope it gets resolved soon

that sucks dude

what are you paying over there? We will secure and manage your server for you so this will never happen again. Not trying to steal you from anyone but that should never happen.

also i doubt that package did any harm to your system you can read about it here.

http://rpm.pbone.net/index.php3/stat....i586.rpm.html

can you beat 170$ a month for 10mbps unmetered?

or 265$ a month for 20mbps?

all my logs have the intrusion coming from one ip address... can someone check it out for me? how do i block it?

81.10.192.58

Hidden Pid detected! [pid 17811]
hidden from ps: [yes]
binary location: [/tmp/sh-B1LCCY4ARMS (deleted)]

Hidden Pid detected! [pid 17816]
hidden from ps: [yes]
binary location: [/sbin/ttymon]

bump....

I know you must be going nuts now trying to get things in order and I don't mean to laugh...but the email saying you were OwN3D is too much! hehe

GFED i can find the troll for you , cock slapp him and break his hands so he cant type lmk

yes please cockslap him for me... :p

i keep getting the emails... grrr...

I'm been getting spammed a few hundred times a day by some really stupid "Your Message Could Not Be Delivered" type thing, so I feel your pain. :helpme

See Sig :winkwink:

bump that

fuck... rackshack cant fix it... they told me to back up all my shit and order a reimage... :(

You ought to look into getting a sysadmin

vi /etc/hosts.deny

First of all, your system HAS been compromised and the system utilities probably have been patched, that is, modified so that the hacker can get back in or whatever.

When the OS has been molested like that, the only thing you can do is backup everything, format and start over. Even if you lock the intruder out, you cannot trust the integrity of the OS anymore.

Second, you need to get a sysadmin. Go over to WebHostingTalk.com and post for a sysadmin. You'll get plenty of knowledgeable responses from people who will work for next to nothing via PayPal.

Do you use cPanel, by any chance? I had this happen to a cPanel server about a year ago, it was the biggest fucking headache ever. I eventually laid the blame on a hole in phpBB and/or cPanel.

thats pretty fuckin gay

oh shit hire someone to manage the problem!

I think someone is trying to mess with you. Is there more to that message you're getting? I've been working with unix systems a long time and never, have I ever seen an error message that used the word 'OwN3D'. Granted, I've never been a redhat guy, and for all I know thats an actual redhat error message.

I'm going to be gone most of the day, but if you're still having problems this evening, feel free to hit me up on icq 206-403-725.

Good luck with it!

I guess you don't care too much about that server since 6 days are past and you didn't took care of it.

that message is from a cpanel script and yea it really says OwN3D

i'm working on it... :/