Results 1 to 6 of 6
  1. #1
    Join Date
    Aug 2003
    Location
    PA
    Posts
    303

    unknown user under /home

    I was going thru my files and i found a folder name 'vadmin' under /home directory. i dont have any users by that name and before i go and delete the folder i want to make sure this is not a file that i need. Does anyone knows anythig about this?

  2. #2
    Join Date
    Aug 2002
    Location
    DC
    Posts
    3,643
    Do you have any control panels running? Is there anything contained within that folder?

    - Matt

  3. #3
    VAdmin is a content management system. But it should not create a user directory, afaik.

  4. #4
    Join Date
    Aug 2003
    Location
    PA
    Posts
    303
    Cpanel/WHM is running but i dont have any users under that name. I just got this email earlier and thats what cause me to check the server:
    IMPORTANT: Do not ignore this email.
    This message is to inform you that the
    account vadmin has user id 0 (root privs). This could mean that
    your system was compromised (OwN3D). To be safe you should verify that your
    system has not be compromised.
    This really isnt my day.

  5. #5
    Join Date
    Jul 2003
    Location
    UK
    Posts
    1,887
    If you haven't installed anything in the past few days, I suggest you remove the user, test everything, then remove all files relating to it.

  6. #6
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    4,721
    Download and run chkrootkit http://www.chkrootkit.org i think you might have the t0rn rootkit on your server.

    Hey Joe
    Last edited by Ash; 06-02-2004 at 04:26 PM.
    Hyperconfused (™)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •