The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Have I been Hacked????

Discussion in 'General Discussion' started by connorlong, Sep 29, 2006.

  1. connorlong

    connorlong Member

    Joined:
    Feb 23, 2005
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    :confused:
    1) I started getting an email every minute with the following details:
    Subject: Cron <root@africa> chown root:root /tmp/l.txt && chmod 4755 /tmp/l.txt && rm -rf /etc/cron.d/core && kill -USR1 25640

    Body Message: chown: cannot access `/tmp/l.txt': No such file or directory


    I have found very little info on the web about this. Some posts say this is harmless an others say that I should do a full OS restore.

    2) I then received one email with the following details:
    Subject: [hackcheck] news has a uid 0 account

    Body Message: IMPORTANT: Do not ignore this email.
    This message is to inform you that the account news has user id 0 (root privs).
    This could mean that your system was compromised (OwN3D). To be safe you should verify that your system has not been compromised.

    There is a user in the Manage Wheel Group Users section but does NOT have root access.
    Question 1) How do I sort out this problem?
    Question 2) I backed up and deleted a file called core.25641 in the cron.d folder. It seems this cron file was creating the recuring first emails, they have now stopped. Are there any implications? The server seems to be running fine.
    Question 3) If a user named NEWS with uid 0 exists. How do I find the user and delete them?

    Last Thought (Server Details):
    WHM 10.8.0 cPanel 10.9.0-S35
    Fedora i686 - WHM X v3.1.0
    I should have all latest updates
     
    #1 connorlong, Sep 29, 2006
    Last edited: Sep 29, 2006
  2. BlueZebra

    BlueZebra Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    You have to verify if the box is really compromised.

    Check etc-passwd and verify the uid of the user news

    #grep -i news /etc/passwd

    Check the /tmp directory for any suspicious files

    #ls -al /etc/tmp

    Check the process tree and find if there are any suspicious process

    #ps aux --forest

    Check for any established connections

    #netstat -plan
     
  3. connorlong

    connorlong Member

    Joined:
    Feb 23, 2005
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    RE: Have I been Hacked (Part 1)

    Thank you for your response. I have now run those checks as you requested. On inspection, I can not see anything out of the ordinary. The results are below (Part 1).

    Thanks again for your time.


    #grep -i news /etc/passwd
    Result: news:x:0:0:news:/etc/news:/bin/bash


    #ls -al /etc/tmp
    Result: /bin/ls: /etc/tmp: No such file or directory


    #ps aux --forest
    Result:

    USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
    root 1 0.0 0.0 3432 460 ? S 10:06 0:01 init [3]
    root 2 0.0 0.0 0 0 ? SWN 10:06 0:00 [ksoftirqd/0]
    root 3 0.0 0.0 0 0 ? SW< 10:06 0:00 [events/0]
    root 4 0.0 0.0 0 0 ? SW< 10:06 0:00 \_ [khelper]
    root 16 0.0 0.0 0 0 ? SW< 10:06 0:00 \_ [kacpid]
    root 96 0.0 0.0 0 0 ? SW< 10:06 0:00 \_ [kblockd/0]
    root 158 0.0 0.0 0 0 ? SW 10:06 0:00 \_ [pdflush]
    root 159 0.0 0.0 0 0 ? SW 10:06 0:00 \_ [pdflush]
    root 161 0.0 0.0 0 0 ? SW< 10:06 0:00 \_ [aio/0]
    root 104 0.0 0.0 0 0 ? SW 10:06 0:00 [khubd]
    root 160 0.0 0.0 0 0 ? SW 10:06 0:00 [kswapd0]
    root 254 0.0 0.0 0 0 ? SW 10:06 0:00 [kseriod]
    root 445 0.0 0.0 0 0 ? SW 10:06 0:00 [kjournald]
    root 1104 0.0 0.0 0 0 ? SW 10:06 0:00 [kjournald]
    root 1105 0.0 0.0 0 0 ? SW 10:06 0:00 [kjournald]
    root 1106 0.0 0.0 0 0 ? SW 10:06 0:00 [kjournald]
    root 1107 0.0 0.0 0 0 ? SW 10:06 0:00 [kjournald]
    root 1108 0.0 0.0 0 0 ? SW 10:06 0:00 [kjournald]
    root 1994 0.0 0.1 2972 572 ? S 10:07 0:00 syslogd -m 0
    root 1998 0.0 0.0 2440 444 ? S 10:07 0:00 klogd -x
    root 2041 0.0 0.1 3380 560 ? S 10:07 0:00 rpc.idmapd
    root 2120 0.0 0.1 2772 744 ? S 10:07 0:00 /usr/sbin/smartd
    root 2129 0.0 0.0 2140 460 ? S 10:07 0:00 /usr/sbin/acpid
    named 2139 0.0 0.7 37768 3860 ? S 10:07 0:02 /usr/sbin/named -u named
    root 2167 0.0 0.2 5192 1296 tty8 S 10:07 0:00 /bin/bash
    root 2233 0.0 0.2 4464 1452 ? S 10:07 0:00 /usr/sbin/sshd
    root 8886 0.0 0.4 8292 2232 ? S 11:34 0:00 \_ sshd: root@pts/0
    root 8907 0.1 0.2 4444 1380 pts/0 S 11:34 0:00 \_ -bash
    root 9603 0.0 0.1 3196 748 pts/0 R 11:44 0:00 \_ ps aux --forest
    root 2246 0.0 0.1 3356 828 ? S 10:07 0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
    root 2264 0.0 1.9 14792 9788 ? S 10:07 0:00 chkservd
    mailnull 2338 0.0 0.3 7536 1668 ? S 10:07 0:00 /usr/sbin/exim -bd -q60m
    mailnull 8109 0.0 0.8 8488 4176 ? S 11:21 0:00 \_ /usr/sbin/exim -bd -q60m
    mailnull 9103 0.0 0.6 8344 3452 ? S 11:36 0:00 \_ /usr/sbin/exim -bd -q60m
    mailnull 2343 0.0 0.3 7520 1612 ? S 10:07 0:00 /usr/sbin/exim -tls-on-connect -bd -oX 465
    root 2348 0.1 0.3 5436 1676 ? S 10:07 0:10 antirelayd
    root 2359 1.3 3.0 48604 15688 ? S 10:07 1:16 /usr/sbin/clamd
    root 2361 0.0 5.1 28272 26056 ? S 10:07 0:02 /usr/bin/spamd -d --allowed-ips=127.0.0.1 --pidfile=/var/run/sp
    root 2482 1.0 6.2 34004 31820 ? S 10:07 0:58 \_ spamd child
    root 2488 0.0 5.4 30036 27788 ? S 10:07 0:03 \_ spamd child
    root 2384 0.0 1.5 16272 7900 ? S 10:07 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 2428 0.1 3.8 27480 19680 ? S 10:07 0:10 \_ /usr/local/apache/bin/httpd -DSSL
    nobody 2429 0.1 3.8 27476 19740 ? S 10:07 0:09 \_ /usr/local/apache/bin/httpd -DSSL
    nobody 2430 0.1 3.9 28084 20248 ? S 10:07 0:10 \_ /usr/local/apache/bin/httpd -DSSL
    nobody 2431 0.1 3.8 27448 19652 ? S 10:07 0:11 \_ /usr/local/apache/bin/httpd -DSSL
    nobody 2432 0.2 3.9 27900 19940 ? S 10:07 0:16 \_ /usr/local/apache/bin/httpd -DSSL
    nobody 2670 0.2 3.9 27892 20052 ? S 10:07 0:15 \_ /usr/local/apache/bin/httpd -DSSL
    nobody 2706 0.0 3.1 24164 16204 ? S 10:08 0:05 \_ /usr/local/apache/bin/httpd -DSSL
    nobody 2716 0.1 4.0 28724 20824 ? S 10:08 0:09 \_ /usr/local/apache/bin/httpd -DSSL
    nobody 2717 0.1 3.2 24224 16524 ? S 10:08 0:06 \_ /usr/local/apache/bin/httpd -DSSL
    nobody 4580 0.1 3.2 24296 16428 ? S 10:29 0:06 \_ /usr/local/apache/bin/httpd -DSSL
    root 2400 0.0 0.1 2776 644 ? S 10:07 0:00 crond
    root 2418 0.0 0.2 4884 1168 ? S 10:07 0:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --pid-fil
    mysql 2468 0.2 3.8 107520 19536 ? S 10:07 0:15 \_ /usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --use
    mailnull 2641 0.0 1.2 10896 6496 ? S 10:07 0:00 eximstats
    root 2691 0.0 0.3 7140 1752 ? S 10:08 0:00 pure-ftpd (SERVER)
    root 2696 0.0 0.1 6172 636 ? S 10:08 0:00 /usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/sbin/pureaut
    root 2709 0.0 1.6 11932 8380 ? SN 10:08 0:03 cpanellogd - sleeping for logs
    root 2755 0.0 2.2 13972 11356 ? S 10:08 0:02 cppop - accepting on port 110 and 995
    dunbarc 9599 2.0 2.2 13992 11404 ? S 11:44 0:00 \_ cppop - serving 165.146.229.49 - TRANSACTION - garth@dunbar
    root 9600 0.0 2.2 13980 11368 ? S 11:44 0:00 \_ cppop - serving 165.146.196.61 - AUTHORIZATION
    inkprint 9601 4.0 2.2 13992 11404 ? S 11:44 0:00 \_ cppop - serving 66.110.111.170 - TRANSACTION - sales@ink-an
    brookesh 9602 4.0 2.2 13992 11408 ? S 11:44 0:00 \_ cppop - serving 66.110.74.174 - TRANSACTION - toni@brookesh
    nobody 2762 0.0 0.5 5724 2860 ? S 10:08 0:00 entropychat
    root 2763 0.0 2.9 17580 14804 ? S 10:08 0:00 cpsrvd - waiting for connections
    nobody 2772 0.0 0.1 1688 560 ? S 10:08 0:00 /usr/local/cpanel/bin/startmelange
    cpanel 2824 0.0 0.3 4536 1664 ? S 10:08 0:00 /usr/bin/stunnel-4.15local /usr/local/cpanel/etc/stunnel/defaul
    dbus 2852 0.0 0.1 2240 808 ? S 10:08 0:00 dbus-daemon-1 --system
    root 2907 0.0 0.0 1492 468 ? S 10:08 0:00 /usr/sbin/portsentry -tcp
    postgres 2946 0.0 0.3 19356 2000 ? S 10:08 0:00 /usr/bin/postmaster -p 5432 -D /var/lib/pgsql/data
    postgres 2954 0.0 0.3 10156 1788 ? S 10:08 0:00 \_ postgres: stats buffer process
    postgres 2955 0.0 0.3 9164 1824 ? S 10:08 0:00 \_ postgres: stats collector process
    root 2957 0.0 0.0 1600 324 ? S 10:08 0:00 mdadm --monitor --scan
    root 2964 0.0 0.0 3300 340 tty1 S 10:08 0:00 /sbin/mingetty tty1
    root 2965 0.0 0.0 2168 344 tty2 S 10:08 0:00 /sbin/mingetty tty2
    root 2966 0.0 0.0 2900 344 tty3 S 10:08 0:00 /sbin/mingetty tty3
    root 2967 0.0 0.0 1740 344 tty4 S 10:08 0:00 /sbin/mingetty tty4
    root 2968 0.0 0.0 2216 344 tty5 S 10:08 0:00 /sbin/mingetty tty5
    root 2969 0.0 0.0 1656 344 tty6 S 10:08 0:00 /sbin/mingetty tty6
     
  4. connorlong

    connorlong Member

    Joined:
    Feb 23, 2005
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    RE: Have I been Hacked (Part 2)

    #netstat -plan
    Result:
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 0.0.0.0:1 0.0.0.0:* LISTEN 2907/portsentry
    tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 2824/stunnel-4.15lo
    tcp 0 0 0.0.0.0:2082 0.0.0.0:* LISTEN 2763/cpsrvd - waiti
    tcp 0 0 0.0.0.0:2083 0.0.0.0:* LISTEN 2763/cpsrvd - waiti
    tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 2755/cppop - accept
    tcp 0 0 0.0.0.0:2084 0.0.0.0:* LISTEN 2762/entropychat
    tcp 0 0 0.0.0.0:2086 0.0.0.0:* LISTEN 2763/cpsrvd - waiti
    tcp 0 0 0.0.0.0:2087 0.0.0.0:* LISTEN 2763/cpsrvd - waiti
    tcp 0 0 0.0.0.0:6666 0.0.0.0:* LISTEN 2772/startmelange
    tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2468/mysqld
    tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 2755/cppop - accept
    tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2907/portsentry
    tcp 0 0 0.0.0.0:2095 0.0.0.0:* LISTEN 2763/cpsrvd - waiti
    tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 2361/spamd.pid --ma
    tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 2246/xinetd
    tcp 0 0 0.0.0.0:2096 0.0.0.0:* LISTEN 2763/cpsrvd - waiti
    tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2384/httpd
    tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 2343/exim
    tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2691/pure-ftpd (SER
    tcp 0 0 65.75.137.33:53 0.0.0.0:* LISTEN 2139/named
    tcp 0 0 65.75.137.32:53 0.0.0.0:* LISTEN 2139/named
    tcp 0 0 65.75.137.31:53 0.0.0.0:* LISTEN 2139/named
    tcp 0 0 65.75.137.30:53 0.0.0.0:* LISTEN 2139/named
    tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2139/named
    tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2338/exim
    tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2139/named
    tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 2384/httpd
    tcp 0 0 65.75.137.30:80 198.54.202.254:43617 TIME_WAIT -
    tcp 0 0 65.75.137.30:110 165.165.245.119:3711 TIME_WAIT -
    tcp 0 0 65.75.137.30:80 198.54.202.254:42216 TIME_WAIT -
    tcp 0 0 65.75.137.30:80 198.54.202.254:43626 TIME_WAIT -
    tcp 0 91476 65.75.137.30:110 165.165.245.119:3063 ESTABLISHED 9606/cppop - servin
    tcp 0 0 127.0.0.1:33631 127.0.0.1:783 TIME_WAIT -
    tcp 0 0 65.75.137.30:110 165.146.223.38:10789 TIME_WAIT -
    tcp 0 0 65.75.137.30:80 198.54.202.254:43635 TIME_WAIT -
    tcp 0 0 65.75.137.30:110 165.145.31.120:1400 TIME_WAIT -
    tcp 0 0 65.75.137.30:25 130.95.128.61:49965 ESTABLISHED 9691/exim
    tcp 0 0 65.75.137.30:80 198.54.202.254:43634 TIME_WAIT -
    tcp 0 0 65.75.137.30:80 198.54.202.254:42610 TIME_WAIT -
    tcp 0 0 65.75.137.30:110 165.165.224.57:2550 TIME_WAIT -
    tcp 0 78 65.75.137.30:25 165.165.245.119:4972 FIN_WAIT1 -
    tcp 0 0 65.75.137.30:110 66.110.74.174:3376 TIME_WAIT -
    tcp 0 0 65.75.137.30:110 66.110.74.174:3378 TIME_WAIT -
    tcp 0 0 65.75.137.30:80 198.54.202.254:43645 TIME_WAIT -
    tcp 0 0 65.75.137.30:110 165.145.25.52:2941 TIME_WAIT -
    tcp 0 0 127.0.0.1:80 127.0.0.1:33634 TIME_WAIT -
    tcp 0 0 65.75.137.30:80 198.54.202.254:43650 TIME_WAIT -
    tcp 0 0 65.75.137.30:110 165.146.234.183:1871 TIME_WAIT -
    tcp 0 0 127.0.0.1:783 127.0.0.1:33632 TIME_WAIT -
    tcp 0 0 65.75.137.30:80 198.54.202.254:43652 TIME_WAIT -
    tcp 0 0 65.75.137.30:80 198.54.202.254:43654 ESTABLISHED 9670/httpd
    tcp 0 0 65.75.137.30:110 165.145.25.52:2829 TIME_WAIT -
    tcp 0 0 65.75.137.30:80 198.54.202.254:43663 ESTABLISHED 9672/httpd
    tcp 0 0 65.75.137.30:80 198.54.202.254:43599 TIME_WAIT -
    tcp 0 0 65.75.137.30:80 198.54.202.254:42577 TIME_WAIT -
    tcp 0 0 65.75.137.30:110 165.146.229.49:30056 TIME_WAIT -
    tcp 0 0 65.75.137.30:110 165.146.229.49:30057 TIME_WAIT -
    tcp 0 0 65.75.137.30:25 165.165.245.119:1038 ESTABLISHED 9103/exim
    tcp 0 0 65.75.137.30:80 198.54.202.254:43606 TIME_WAIT -
    tcp 0 0 65.75.137.30:110 165.146.196.61:1358 TIME_WAIT -
    tcp 0 0 65.75.137.30:110 165.146.196.61:1356 TIME_WAIT -
    tcp 0 0 65.75.137.30:80 198.54.202.254:43610 TIME_WAIT -
    tcp 0 0 65.75.137.30:110 165.146.229.49:30055 TIME_WAIT -
    tcp 0 0 65.75.137.30:110 165.146.196.61:1354 TIME_WAIT -
    tcp 0 0 65.75.137.30:110 66.110.111.170:1973 TIME_WAIT -
    tcp 0 0 65.75.137.30:110 165.146.234.183:1298 TIME_WAIT -
    tcp 0 0 65.75.137.30:25 196.41.186.42:59290 ESTABLISHED 8109/exim
    tcp 0 0 :::21 :::* LISTEN 2691/pure-ftpd (SER
    tcp 0 0 :::22 :::* LISTEN 2233/sshd
    tcp 0 10216 ::ffff:65.75.137.30:22 ::ffff:165.165.241:2021 ESTABLISHED 8886/0
    udp 0 0 0.0.0.0:32768 0.0.0.0:* 2139/named
    udp 0 0 127.0.0.1:32771 127.0.0.1:32771 ESTABLISHED 2946/postmaster
    udp 0 0 65.75.137.33:53 0.0.0.0:* 2139/named
    udp 0 0 65.75.137.32:53 0.0.0.0:* 2139/named
    udp 0 0 65.75.137.31:53 0.0.0.0:* 2139/named
    udp 0 0 65.75.137.30:53 0.0.0.0:* 2139/named
    udp 0 0 127.0.0.1:53 0.0.0.0:* 2139/named
    udp 0 0 :::32769 :::* 2139/named
    Active UNIX domain sockets (servers and established)
    Proto RefCnt Flags Type State I-Node PID/Program name Path
    unix 2 [ ACC ] STREAM LISTENING 3311 2359/clamd /var/clamd
    unix 2 [ ACC ] STREAM LISTENING 2615 2129/acpid /var/run/acpid.socket
    unix 2 [ ACC ] STREAM LISTENING 5170 2946/postmaster /tmp/.s.PGSQL.5432
    unix 10 [ ] DGRAM 2404 1994/syslogd /dev/log
    unix 2 [ ACC ] STREAM LISTENING 4362 2696/pure-authd /var/run/ftpd.sock
    unix 2 [ ACC ] STREAM LISTENING 5023 2852/dbus-daemon-1 /var/run/dbus/system_bus_socket
    unix 2 [ ACC ] STREAM LISTENING 3711 2468/mysqld /var/lib/mysql/mysql.sock
    unix 2 [ ] DGRAM 46965 9606/cppop - servin
    unix 2 [ ] DGRAM 4973 2824/stunnel-4.15lo
    unix 2 [ ] DGRAM 4336 2691/pure-ftpd (SER
    unix 3 [ ] STREAM CONNECTED 4153 2468/mysqld /var/lib/mysql/mysql.sock
    unix 3 [ ] STREAM CONNECTED 4152 2641/eximstats
    unix 3 [ ] STREAM CONNECTED 3741 2488/spamd child
    unix 3 [ ] STREAM CONNECTED 3740 2361/spamd.pid --ma
    unix 3 [ ] STREAM CONNECTED 3728 2482/spamd child
    unix 3 [ ] STREAM CONNECTED 3727 2361/spamd.pid --ma
    unix 2 [ ] DGRAM 3459 2400/crond
    unix 2 [ ] DGRAM 3308 2361/spamd.pid --ma
    unix 2 [ ] DGRAM 2780 2246/xinetd
    unix 2 [ ] DGRAM 2649 2139/named
    unix 2 [ ] DGRAM 2412 1998/klogd
     
  5. BlueZebra

    BlueZebra Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    > Result: news:x:0:0:news:/etc/news:/bin/bash

    Shows that the user news is having gid and uid 0 thus have all root privileges and has also got full shell access.

    >#ls -al /etc/tmp was a mistake it was meant to be /tmp
     
  6. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Its possibly a kernel exploit. Check your /tmp or /var/tmp directories for a bad script. You probably have a cron job that runs them in place too so check cron.
     
  7. connorlong

    connorlong Member

    Joined:
    Feb 23, 2005
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    How would I know what can be deleted in the tmp folders? As for the Kernel. I believe it has been updated to the latest.....:eek:
     
  8. connorlong

    connorlong Member

    Joined:
    Feb 23, 2005
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Hacked



    Is it possible to delete the USER News?
     
  9. yapluka

    yapluka Well-Known Member

    Joined:
    Dec 24, 2003
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    France
    cPanel Access Level:
    Root Administrator
    If there is no cpanel account for this user, in SSH, type :
    userdel news
     
  10. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    The minute you have an ID like with full root privledges the server can no longer be trusted to be safe and secure. Ideally you should re-OS the machine and restore accounts from backup. Failing that you should at the very very least hire someone that can do a full security sweep of the server and try to secure it. Personally though, you would be better of re-OSing as you now have no idea what has been done elsewhere on the server.
     
  11. connorlong

    connorlong Member

    Joined:
    Feb 23, 2005
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Hacked


    Hi and thanks for the response. I think / believe I have found the source. A script was run that create a Group called add user. This then created a user called Sky, which failed. A user called News was created. This was successful! I have deleted the 2 user accounts (Thanks to the post above). Should I delete the Group?

    I have no idea what damage if any has been caused. You are right about the Re-install. Is there any good docs on doing this?

    Thanks again.
     
  12. nettigritty

    nettigritty Well-Known Member
    PartnerNOC

    Joined:
    Jan 21, 2004
    Messages:
    194
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Bangalore, India
  13. hamper

    hamper Well-Known Member

    Joined:
    Apr 28, 2006
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
    what does this mean if it is showing?
     
  14. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    Its just showing a tree process list of the parent and child processes run under it.
     
Loading...

Share This Page