[hackcheck] sql has a uid 0 account

krl0s

Registered
Nov 5, 2011
2
0
51
cPanel Access Level
Root Administrator
Hello good day everyone.
days ago I get this message to my email, I know that this message be? someone who knows and can help me see the cause of this message?

are very grateful for the help.

IMPORTANT: Do not ignore this email.
This message is to inform you that the account sql has user id 0 (root privs).
This could mean that your system was compromised (OwN3D). To be safe you should
verify that your system has not been compromised.
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
Did you add a user sql with UID 0 for it?

Code:
grep sql /etc/passwd /etc/group
If you did do that, then that is why you are receiving the message.
 

krl0s

Registered
Nov 5, 2011
2
0
51
cPanel Access Level
Root Administrator
Hello, ah not added any user or anything, not as I started this just to get these messages Comense? I can do something about it?

I think I'm being hacked.
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
If you believe you are hacked, I would suggest getting ahold of your datacenter or service provider immediately for assistance. Otherwise, you might want to hire a system administrator who specializes in server compromise. We have a catalog for such administrative services at the following location:

Dev & Sys Admin Services « Application Catalog

I would not remove anything at this point but gather data on the sql user and what files and folders it owns as well as whether it has any running processes. If you remove the actual user or anything associated, it becomes harder to track down how the server was compromised.