The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

hackcheck

Discussion in 'General Discussion' started by purplep, Feb 24, 2002.

  1. purplep

    purplep Well-Known Member

    Joined:
    Feb 6, 2002
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    I have been getting this mail for the last couple of days. I got pweb to take a look and they say things look ok, but I am a bit worried. This is the exact mail I am getting.....

    IMPORTANT: Do not ignore this email.
    This message is to inform you that the
    account
    has user id 0 (root privs). This could mean that
    your system was compromised (OwND). To be safe you should verify that your
    system has not be compromised.

    Any ideas, things I can check and stop the mail coming through?

    Cheers.
     
  2. bdraco

    bdraco Guest

    [quote:874f6638fe][i:874f6638fe]Originally posted by purplep[/i:874f6638fe]

    I have been getting this mail for the last couple of days. I got pweb to take a look and they say things look ok, but I am a bit worried. This is the exact mail I am getting.....

    IMPORTANT: Do not ignore this email.
    This message is to inform you that the
    account
    has user id 0 (root privs). This could mean that
    your system was compromised (OwND). To be safe you should verify that your
    system has not be compromised.

    Any ideas, things I can check and stop the mail coming through?

    Cheers.
    [/quote:874f6638fe]

    Looks like your passwd file is either corrupt or someone cracked your system and created another uid 0 account.
     
  3. purplep

    purplep Well-Known Member

    Joined:
    Feb 6, 2002
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    I did make some changes to the passwd file to prevent some resold accounts having shell access.

    Like I said Jay at pweb has had a look and thinks everything is okay.

    What can I do to ensure this?
     
  4. bdraco

    bdraco Guest

    [quote:be3b60b90c][i:be3b60b90c]Originally posted by purplep[/i:be3b60b90c]

    Hi,

    I did make some changes to the passwd file to prevent some resold accounts having shell access.

    Like I said Jay at pweb has had a look and thinks everything is okay.

    What can I do to ensure this?[/quote:be3b60b90c]


    Can't really tell since I didn't look at it ... you'll have to place your trust with Jay since he is the one who fixed it.
     
  5. purplep

    purplep Well-Known Member

    Joined:
    Feb 6, 2002
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Okay,

    But why am i still getting the warning mail?
     
  6. bdraco

    bdraco Guest

    [quote:3531be8913][i:3531be8913]Originally posted by purplep[/i:3531be8913]

    Okay,

    But why am i still getting the warning mail?[/quote:3531be8913]

    If you are still getting the mail something is still wrong with the file ..
     

Share This Page