Results 1 to 7 of 7
  1. #1
    Join Date
    Apr 2009

    Did I get hacked?

    While running top I see this command:
    proftpd: USER Administrator

    Did someone successfully logged into FTP with Administrator username?

  2. #2
    Join Date
    Feb 2008
    Houston, Texas, USA
    That's most likely not the case. Review the logs in /var/log to make sure the authentication failed. Check /var/log/secure and /var/log/messages

    UNIXy - Fully Managed Servers and Clusters - Established in 2006
    [ cPanel Varnish Nginx Plugin ] - Enhance LiteSpeed and Apache Performance - Los Angeles | Houston | Atlanta | Rotterdam
    Love to help pro bono (time permitting). joe >

  3. #3
    Join Date
    Sep 2004
    Miami, FL
    Erm... Administrator in Linux basically means nothing. It's just another username and there's nothing special to it.

    However if you see someone logging into your server with "root" then you'll need to start jumping. LOL. This should not be a problem however you would still need to check if there's a user called "Administrator" on the system and if there is what is its privileges and etc.

    Better be safe than sorry.
    Aaron Ong
    Dedicated Servers - 100TB Servers - 100Mbps Unmetered Servers - Web Hosting - CDN Network
    Servers in Central, East/West Coast USA, EUROPE and ASIA
    Welltodo Century

  4. #4
    Join Date
    Oct 2004
    We get this all the time. They're just bots that try various username combinations like Administrator, Staff, Manager, etc. until they get banned by the firewall. Nothing to worry about, but you can still check the logs to make sure.
    MaxterHostsimply different.
    cPanel Shared Hosting, WHM Reseller Accounts, Xen VPS Hosting & more
    10+ Years of Experience | Enhanced Security | 24x7 Support | 99.99% Uptime
    Pure SSD Hosting and CloudFlare Railgun™

  5. #5
    Join Date
    Mar 2002
    Philadelphia, PA
    More than likely what was stated above.

    See if the account exists.

    cat /etc/passwd | grep -i administrator -or- id Administrator
    Linux junkie |

  6. #6
    Join Date
    Oct 2003
    The Netherlands
    You should add something like CSF to take care of tracking bogus logins and blocking bots.
    It can also send you emails whenever somebody logs in (or becomes root through root login/su/sudo)

  7. #7
    would def give the user a check but agree it is probably a bot I would bet the ip originates from china seen it thousands of times lol anyways check it out better safe then sorry. "Where the client comes first!"
    Ultra Fast Unmetered Dedicated Servers
    Ultra Fast VPS's
    Budget Line Shared Hosting

Similar Threads

  1. Can my blog be hacked on shared hosting if my neighbour is hacked?
    By zobe in forum Hosting Security and Technology
    Replies: 17
    Last Post: 03-10-2011, 04:09 AM
  2. Paypal got Hacked or my paypal acct got hacked
    By chefwong in forum Web Hosting Lounge
    Replies: 14
    Last Post: 09-23-2008, 02:48 PM
  3. Replies: 77
    Last Post: 04-03-2007, 09:57 AM
  4. I have been maybe HACKED, help.
    By lachtan in forum Hosting Security and Technology
    Replies: 34
    Last Post: 12-22-2004, 08:38 PM
  5. Are We Hacked
    By joubarani in forum Dedicated Server
    Replies: 3
    Last Post: 01-03-2003, 01:10 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts