Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Possible root compromise

Discussion in 'Security' started by Shirvo, Dec 29, 2016.

  1. Shirvo

    Shirvo Registered

    Joined:
    Mar 25, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Hi All,

    "Possible root compromise: User account kurd is a superuser (UID 0)"

    I started getting this email this morning and it comes every 30 minutes or so. I have looked at all the users and can't find one called "kurd".

    Is this "kurd" a built in account or should I be worried.

    I did notice that I was not getting root login notifications until I restarted lfd.

    Thanks in advance
     
  2. SysSachin

    SysSachin Well-Known Member

    Joined:
    Aug 23, 2015
    Messages:
    604
    Likes Received:
    43
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    If there is user account with (UID 0) then need to be worry about that.
    You have to change root password and check server with help your server admin.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,011
    Likes Received:
    89
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    If you do not know of that account then your server is almost certainly root compromised. You should at this point consider re-image (that is, move all your accounts to a new server with a new kernel and fresh root password).
     
  4. joaosavioli

    joaosavioli Well-Known Member

    Joined:
    Feb 7, 2008
    Messages:
    49
    Likes Received:
    10
    Trophy Points:
    58
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,442
    Likes Received:
    1,961
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    You may also want to consult with a qualified system administrator if you'd like additional investigation. We provide a list of companies offering system administration services at:

    System Administration Services | cPanel Forums

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice