The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help: admin has a uid 0 account

Discussion in 'General Discussion' started by dlewis23, May 10, 2008.

  1. dlewis23

    dlewis23 Member

    Joined:
    Jan 11, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Hello

    I have a new install of cpanel, and for some reason I keep getting emails saying the following.

    Subject: [hackcheck] admin has a uid 0 account

    Code:
    IMPORTANT: Do not ignore this email.
    This message is to inform you that the account admin has user id 0 (root privs).
    This could mean that your system was compromised (OwN3D). To be safe you should
    verify that your system has not been compromised.
    
    I know the box has not been compromised this started right after the install was complete.

    How do I fix this.

    Thanks
     
  2. jpetersen

    jpetersen Well-Known Member

    Joined:
    Dec 31, 2006
    Messages:
    113
    Likes Received:
    4
    Trophy Points:
    18
    How long was it between when the OS was installed and when you installed cPanel? If you just started getting those alerts after cPanel was installed, then the user "admin" probably already existed on the box.

    This command will show you the entry in the password file:

    Code:
    grep ^admin: /etc/passwd
    
    Also, check your syslogs, which are written to when a new user is added via the normal OS methods (e.g., adduser). For example:

    Code:
    zgrep 'new user' /var/log/secure*
     
  3. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    836
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    Some data centers include such a new user on a fresh install when you get a server, and then use that user themselves if you ask them for support. Check with your DC, that's probably the case. They may ask you not to delete the user, or face longer times for support ticket resolution, but if it's your server, then I say it's up to you.
     
Loading...

Share This Page