The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possible root compromise detected‏

Discussion in 'General Discussion' started by impe, May 12, 2012.

  1. impe

    impe Registered

    Joined:
    Apr 23, 2012
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    I just receive this email:


    Code:
    Attempts to create new directories or files whose filenames begin with numbers have failed.
    This is indicative of a root compromise of the server.
     
    The exact error encountered was:
     
    Failed to create directory /dev/null: 
    I'm very worried, what i have to do? :(

    thanks.
     
  2. JayFromEpic

    JayFromEpic Well-Known Member

    Joined:
    Apr 2, 2011
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Scottsdale, AZ
    cPanel Access Level:
    Root Administrator
    I suggest creating a cPanel support ticket to see what the staff here suggests. I know normally, you should have a Linux Admin take a closer look at your server to ensure everything is fine and possibly put in a few other methods of security such as changing the SSH port and disabling root logins and only allowing logins from Wheel Group users.
     
  3. ruzbehraja

    ruzbehraja Well-Known Member

    Joined:
    May 19, 2011
    Messages:
    383
    Likes Received:
    7
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    is that the full message??

    To check if there were any root logins, go to SSH and type in:

    Check to see the last 20 logins, into SSH.

    This should give you an idea of who is logging in.

    Also install CSF, to send you more alerts.
     
Loading...

Share This Page