I got a strange email this morning from CPanel and running a search on here yields no results. The email states
Quote:
[hackcheck] cp4nel has a uid 0 account
IMPORTANT: Do not ignore this email.
This message is to inform you that the account cp4nel has user id 0 (root privs).
This could mean that your system was compromised (OwN3D). To be safe you should
verify that your system has not been compromised.
|
Moreover, running a "top" yields the following result
top - 07:53:40 up 4 days, 22:03, 2 users, load average: 2.23, 2.24, 2.19
Tasks: 149 total, 3 running, 146 sleeping, 0 stopped, 0 zombie
Cpu(s): 99.3% us, 0.3% sy, 0.0% ni, 0.0% id, 0.0% wa, 0.2% hi, 0.2% si
Mem: 2073820k total, 1963448k used, 110372k free, 118008k buffers
Swap: 2096472k total, 648k used, 2095824k free, 1279696k cached
Quote:
Quote:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
28155 root 25 0 7116 5888 516 R 99.9 0.3 2082:33 john
26566 root 25 0 7116 5892 516 R 97.9 0.3 2087:30 john
1 root 16 0 1744 600 516 S 0.0 0.0 0:01.41 init
2 root RT 0 0 0 0 S 0.0 0.0 0:00.09 migration/0
3 root 34 19 0 0 0 S 0.0 0.0 0:00.02 ksoftirqd/0
4 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/0
5 root RT 0 0 0 0 S 0.0 0.0 0:04.39 migration/1
6 root 34 19 0 0 0 S 0.0 0.0 0:00.09 ksoftirqd/1
7 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/1
8 root 10 -5 0 0 0 S 0.0 0.0 0:00.01 events/0
9 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 events/1
10 root 12 -5 0 0 0 S 0.0 0.0 0:00.00 khelper
11 root 12 -5 0 0 0 S 0.0 0.0 0:00.00 kthread
14 root 10 -5 0 0 0 S 0.0 0.0 0:00.59 kblockd/0
15 root 10 -5 0 0 0 S 0.0 0.0 0:00.07 kblockd/1
16 root 14 -5 0 0 0 S 0.0 0.0 0:00.00 kacpid
108 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 khubd
|
|
What is "john"