Results 1 to 6 of 6
Thread: unknown user under /home
-
06-02-2004, 03:32 PM #1Web Hosting Guru
- Join Date
- Aug 2003
- Location
- PA
- Posts
- 303
unknown user under /home
I was going thru my files and i found a folder name 'vadmin' under /home directory. i dont have any users by that name and before i go and delete the folder i want to make sure this is not a file that i need. Does anyone knows anythig about this?
-
06-02-2004, 03:37 PM #2Been around for too long...
- Join Date
- Aug 2002
- Location
- DC
- Posts
- 3,643
Do you have any control panels running? Is there anything contained within that folder?
- Matt
-
06-02-2004, 03:44 PM #3Web Hosting Guru
- Join Date
- Aug 2003
- Posts
- 336
VAdmin is a content management system. But it should not create a user directory, afaik.
-
06-02-2004, 03:54 PM #4Web Hosting Guru
- Join Date
- Aug 2003
- Location
- PA
- Posts
- 303
Cpanel/WHM is running but i dont have any users under that name. I just got this email earlier and thats what cause me to check the server:
IMPORTANT: Do not ignore this email.
This message is to inform you that the
account vadmin has user id 0 (root privs). This could mean that
your system was compromised (OwN3D). To be safe you should verify that your
system has not be compromised.
-
06-02-2004, 03:56 PM #5Tells All!
- Join Date
- Jul 2003
- Location
- UK
- Posts
- 1,887
If you haven't installed anything in the past few days, I suggest you remove the user, test everything, then remove all files relating to it.
-
06-02-2004, 04:23 PM #6Retired Moderator
- Join Date
- Apr 2003
- Location
- London, UK
- Posts
- 4,721
Download and run chkrootkit http://www.chkrootkit.org i think you might have the t0rn rootkit on your server.
Hey JoeLast edited by Ash; 06-02-2004 at 04:26 PM.
Hyperconfused (™)