[rkhunter] Warnings after plesk upgrade to 11.5.3

[ArmandoC]

hi, after i have done the upgrade to 11.5.3, i have received 2 watchdog's emails:
1 - the first (at 00.59) war this

Watchdog was stopped at ago 19, 2013 01:00 .
Security scans number: 0.
No events registered for the period.

2 - the second (at 1.01) warns me that my machine may be infected;
in the report i have seen same raw like this

[01:00:49] /usr/bin/GET [ Warning ]
[01:00:49] Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: a /usr/bin/perl -w script text executable

[01:01:04] /sbin/ifdown [ Warning ]
[01:01:04] Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable

and so on...

in addition to this i have these problems:
- I have seen also that there are a lot http get access to server from a machine with the same server's ip
- And i can't access via ssh on my server

All the other server services (https....) run fine.

Can you help me?

 

[IgorG]

It is recommended that you add the following directives into the RKHunter configuration file:

/usr/local/psa/etc/modules/watchdog/rkhunter.conf
--->8---
SCRIPTWHITELIST=/usr/bin/GET
SCRIPTWHITELIST=/usr/bin/groups
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/sbin/ifdown
SCRIPTWHITELIST=/sbin/ifup
---8<---

 

[ArmandoC]

but is an attack??
i can't access via ssh on my server...the connection go in timeout!

 

[TakisV]

Same issue, is it an attack?? what's going on. I just upgraded to 11.5 today, may be a security hole?

 

[ArmandoC]

no, is a heartbeat to test server http....all ok!