I reveived this e-mail from cPanel.. IMPORTANT: Do not ignore this email. This message is to inform you that the account bob has user id 0 (root privs). This could mean that your system was compromised (OwN3D). To be safe you should verify that your system has not been compromised. In the file "/etc/passwd" I removed the line 'bob:x:0:0::/home/pas:/bin/sh' Is there anyway to determine what the history for that user was to see what he might have been doing in the server? What steps do we need to take to harden the server to make sure that this does not happen again?