OpenVZ Forum

Home » General » Discussions » OpenVZ precreated template root compromised ?
OpenVZ precreated template root compromised ? [message #49783] Sun, 16 June 2013 15:49 Go to next message
akbardotinfo is currently offline  akbardotinfo
Messages: 1
Registered: June 2013
Junior Member
Dear All,

we're using centos-6.x86_64-devel with cpanel software installed.
the cpanel staff said that my server is root compromised.

But after I redownload the precreated template of openvz, it's same as is. the /lib64/* is on all precreated template of openvz (it exist on precreated centos-5 (/lib64/ also on

Below is the cpanel staff said:


It appears that your server has been compromised with a malicious payload designed to sniff for and steal server passwords. Everything that we know about this payload and identifying it can be found here:

We've essentially used these same steps on that page to confirm that your server has been compromised such as the following:

[root@4246999~]cPs# ls -lah /lib*/libkeyutils*
lrwxrwxrwx 1 root root 20 Apr 24 06:06 /lib64/ ->*
-rwxr-xr-x 1 root root 10K Jun 22 2012 /lib64/*
-rwxr-xr-x 1 root root 32K Jun 22 2012 /lib64/*

[root@4246999~]cPs# rpm -qf /lib64/
file /lib64/ is not owned by any package

Any suggestion ?
Re: OpenVZ precreated template root compromised ? [message #49786 is a reply to message #49783] Mon, 17 June 2013 09:09 Go to previous message
Messages: 302
Registered: August 2009
Senior Member
I don't see /lib64/ file in precreated templates. checked: 64-devel.tar.gz 64.tar.gz
please download, extract, and look.
maybe host in which you create CT is compromised?
can you give checksum of precreated template you downloaded?
Previous Topic: OpenVZ Containers and ports for domains
Next Topic: Does ioprio work as intended for others?
Goto Forum:

Current Time: Wed Mar 29 07:51:52 GMT 2023

Total time taken to generate the page: 0.01026 seconds