hackcheck

P

purplep

Well-Known Member
Feb 6, 2002
59
0
306
I have been getting this mail for the last couple of days. I got pweb to take a look and they say things look ok, but I am a bit worried. This is the exact mail I am getting.....

IMPORTANT: Do not ignore this email.
This message is to inform you that the
account
has user id 0 (root privs). This could mean that
your system was compromised (OwND). To be safe you should verify that your
system has not be compromised.

Any ideas, things I can check and stop the mail coming through?

Cheers.
 
B

bdraco

Guest
[quote:874f6638fe][i:874f6638fe]Originally posted by purplep[/i:874f6638fe]

I have been getting this mail for the last couple of days. I got pweb to take a look and they say things look ok, but I am a bit worried. This is the exact mail I am getting.....

IMPORTANT: Do not ignore this email.
This message is to inform you that the
account
has user id 0 (root privs). This could mean that
your system was compromised (OwND). To be safe you should verify that your
system has not be compromised.

Any ideas, things I can check and stop the mail coming through?

Cheers.
[/quote:874f6638fe]

Looks like your passwd file is either corrupt or someone cracked your system and created another uid 0 account.
 
P

purplep

Well-Known Member
Feb 6, 2002
59
0
306
Hi,

I did make some changes to the passwd file to prevent some resold accounts having shell access.

Like I said Jay at pweb has had a look and thinks everything is okay.

What can I do to ensure this?
 
B

bdraco

Guest
[quote:be3b60b90c][i:be3b60b90c]Originally posted by purplep[/i:be3b60b90c]

Hi,

I did make some changes to the passwd file to prevent some resold accounts having shell access.

Like I said Jay at pweb has had a look and thinks everything is okay.

What can I do to ensure this?[/quote:be3b60b90c]


Can't really tell since I didn't look at it ... you'll have to place your trust with Jay since he is the one who fixed it.
 
B

bdraco

Guest
[quote:3531be8913][i:3531be8913]Originally posted by purplep[/i:3531be8913]

Okay,

But why am i still getting the warning mail?[/quote:3531be8913]

If you are still getting the mail something is still wrong with the file ..
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
B [cPanel hackcheck] has a uid 0 account Security 12
R Two hackcheck notice email Security 14
L Hackcheck Security 4
E [hackcheck] http has a uid 0 account Security 9
A [hackcheck] Possible root compromise detected Security 9
Similar threads
[cPanel hackcheck] has a uid 0 account
Two hackcheck notice email
Hackcheck
[hackcheck] http has a uid 0 account
[hackcheck] Possible root compromise detected
Top Bottom