The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

new acccount created by root -> BUT it wasn't us!

Discussion in 'General Discussion' started by aww, Apr 23, 2007.

  1. aww

    aww Well-Known Member

    Joined:
    Feb 10, 2005
    Messages:
    152
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I am not sure if this is a full blown hack or if someone figured out how create new accounts on our VPS but a few hours ago apparently someone created an account and then deleted it 30 minutes later via cpanel as root!

    What do we do next?!?!
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Server security is my primary area of expertise.

    I don't charge anyone to just look over a server especially
    when there is already evidence or strong suspicion that the
    target server may have already compromised by hackers.

    Would you like me to take a quick look?

    .
     
    #2 Spiral, Apr 23, 2007
    Last edited: Apr 23, 2007
  3. aww

    aww Well-Known Member

    Joined:
    Feb 10, 2005
    Messages:
    152
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Thank you for your offer, however we now believe it was done through the firewall (how ironic)

    We installed CSF v2.66 a couple weeks ago and missed the security notice this week:
    http://www.configserver.com/blog/

    Everyone needs to update to ConfigServer Firewall asap to v2.69


    Our host does not believe any files were modified but I'd appreciate any other advice on what to check for, and perhaps cpanel can be forced to re-install itself or check it's own files for modification?
     
Loading...

Share This Page