Possible root compromise detected‏

impe

Registered
Apr 23, 2012
3
0
51
cPanel Access Level
Root Administrator
Hi,

I just receive this email:


Code:
Attempts to create new directories or files whose filenames begin with numbers have failed.
This is indicative of a root compromise of the server.
 
The exact error encountered was:
 
Failed to create directory /dev/null:
I'm very worried, what i have to do? :(

thanks.
 

JayFromEpic

Well-Known Member
Apr 2, 2011
218
8
68
Scottsdale
cPanel Access Level
Root Administrator
Twitter
I suggest creating a cPanel support ticket to see what the staff here suggests. I know normally, you should have a Linux Admin take a closer look at your server to ensure everything is fine and possibly put in a few other methods of security such as changing the SSH port and disabling root logins and only allowing logins from Wheel Group users.
 

ruzbehraja

Well-Known Member
May 19, 2011
392
11
68
cPanel Access Level
Root Administrator
is that the full message??

To check if there were any root logins, go to SSH and type in:

last -n 20
Check to see the last 20 logins, into SSH.

This should give you an idea of who is logging in.

Also install CSF, to send you more alerts.