OpenVZ Forum

Home » General » Discussions » OpenVZ precreated template root compromised ?
OpenVZ precreated template root compromised ? [message #49783] Sun, 16 June 2013 15:49 Go to previous message
akbardotinfo is currently offline  akbardotinfo
Messages: 1
Registered: June 2013
Junior Member
Dear All,

we're using centos-6.x86_64-devel with cpanel software installed.
the cpanel staff said that my server is root compromised.

But after I redownload the precreated template of openvz, it's same as is. the /lib64/* is on all precreated template of openvz (it exist on precreated centos-5 (/lib64/ also on

Below is the cpanel staff said:


It appears that your server has been compromised with a malicious payload designed to sniff for and steal server passwords. Everything that we know about this payload and identifying it can be found here:

We've essentially used these same steps on that page to confirm that your server has been compromised such as the following:

[root@4246999~]cPs# ls -lah /lib*/libkeyutils*
lrwxrwxrwx 1 root root 20 Apr 24 06:06 /lib64/ ->*
-rwxr-xr-x 1 root root 10K Jun 22 2012 /lib64/*
-rwxr-xr-x 1 root root 32K Jun 22 2012 /lib64/*

[root@4246999~]cPs# rpm -qf /lib64/
file /lib64/ is not owned by any package

Any suggestion ?
Read Message
Read Message
Previous Topic: OpenVZ Containers and ports for domains
Next Topic: Does ioprio work as intended for others?
Goto Forum:

Current Time: Mon Apr 22 16:23:52 GMT 2024

Total time taken to generate the page: 0.01205 seconds