The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

System Owned. Help Please

Discussion in 'General Discussion' started by Sohnaych, Mar 24, 2008.

  1. Sohnaych

    Sohnaych Registered

    Joined:
    Aug 28, 2007
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hey I get the following message from WHM everyday

    IMPORTANT: Do not ignore this email.
    This message is to inform you that the account raoul has user id 0 (root privs).
    This could mean that your system was compromised (OwN3D). To be safe you should
    verify that your system has not been compromised.

    what's that? and how do i fix that? help please
     
  2. ReiJu

    ReiJu Well-Known Member

    Joined:
    Mar 14, 2008
    Messages:
    57
    Likes Received:
    1
    Trophy Points:
    6
    First, please check that username with these commands:
    Code:
    $ id raoul
    If the output look something like this:
    Then your system is really compromised. There maybe some combinations, but the point is, when a user (here named raoul) have uid=0 without you knowing it, then your system is compromised. Reformat and reinstall is the best for you.

    If the output is different, then you can try this command:
    Code:
    $ grep -F :0: /etc/passwd
    If it only outputs user root such as this:
    Then the message is just FUD. But still you have to worry about security of your system. Else, reformat is the best idea.

    Other suggestions?
     
Loading...

Share This Page