The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[hackcheck] syncd has a uid 0 account

Discussion in 'General Discussion' started by SWR, Apr 6, 2003.

  1. SWR

    SWR Member

    Joined:
    Jul 22, 2002
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    ===8<==============Original message text===============
    IMPORTANT: Do not ignore this email.
    This message is to inform you that the
    account syncd has user id 0 (root privs). This could mean that
    your system was compromised (OwN3D). To be safe you should verify that your
    system has not be compromised.


    ===8<===========End of original message text===========

    I run locate syncd and come up with:
    /usr/share/man/man3/wsyncdown.3x.gz
    /usr/share/man/man5/rsyncd.conf.5.gz
    /var/spool/mail/syncd

    Seems to be something that shouldn't be.

    Have I been compromised?
     
    #1 SWR, Apr 6, 2003
    Last edited: Apr 6, 2003
  2. mitul

    mitul Well-Known Member

    Joined:
    Feb 8, 2003
    Messages:
    291
    Likes Received:
    0
    Trophy Points:
    16
    scan your server using chkrootkit and check for any rootkits installed.
     

Share This Page