The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possible root compromise

Discussion in 'Security' started by Shirvo, Dec 29, 2016.

  1. Shirvo

    Shirvo Registered

    Joined:
    Mar 25, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Hi All,

    "Possible root compromise: User account kurd is a superuser (UID 0)"

    I started getting this email this morning and it comes every 30 minutes or so. I have looked at all the users and can't find one called "kurd".

    Is this "kurd" a built in account or should I be worried.

    I did notice that I was not getting root login notifications until I restarted lfd.

    Thanks in advance
     
  2. SysSachin

    SysSachin Well-Known Member

    Joined:
    Aug 23, 2015
    Messages:
    542
    Likes Received:
    39
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    If there is user account with (UID 0) then need to be worry about that.
    You have to change root password and check server with help your server admin.
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    982
    Likes Received:
    75
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    If you do not know of that account then your server is almost certainly root compromised. You should at this point consider re-image (that is, move all your accounts to a new server with a new kernel and fresh root password).
     
  4. joaosavioli

    joaosavioli Member

    Joined:
    Feb 7, 2008
    Messages:
    24
    Likes Received:
    5
    Trophy Points:
    53
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You may also want to consult with a qualified system administrator if you'd like additional investigation. We provide a list of companies offering system administration services at:

    System Administration Services | cPanel Forums

    Thank you.
     
Loading...

Share This Page