Results 1 to 11 of 11
  1. #1

    seriuos problems lol server saying im not su when i am

    ok hi guys this is very odd and just started, when I ssh into the server as root and then try and run telinit i get an error (must be super user) so i su into super user and get the same error however I was already root when I ssh'd in and ontop of that I cannot chmod anything, I cannot vi anything and I dont know what to do abou this, im at a loss could anyone help me out here by chance, if you need access to my box i can do that np but yea im totaly lost here. PLEASE HELP, SOS!!!

  2. #2
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,686
    sounds like you've been hacked
    type whoami on any prompt
    If that returns "root", then you've got problems, because your root user is gone. Unless, of course you have a backup user with wheel (or sudo) privs in the system.
    if that returns root, then try to look @ /etc/passwd and /etc/groups. The line for password should be:
    Code:
    root:x:0:0:root:/root:/bin/bash
    If it's not, then someone else has taken over root privs and you're really really screwed, because you no longer root access to your box, and, as such, well, let's just say you can't make any system changes (ie: get your crap back) without root access.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  3. #3
    yes the code is diffrent lol well damn there is no other way then to format to fix it ? and yea I dont have any sudo's set or anything just root as I knew it....

  4. #4
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,686
    what part of the code is different?
    If it's the 0:0 part, then you're somewhat SOL, call the DC and get a format going , unless they can rescue it with a disc (slight possibility, about 1% chance if the root account is gone).

    If it's the /bin/bash part, that's typical, that can be any shell from /bin/bash to /bin/tcsh to /bin/csh (you get the idea), but the typical response is bash..


    If you'll post the code that's somewhat close to what I did, it'll make it easier to determine how badly off you are

    <edit>
    Also, look for a user with 0:0 privs, and try to sudo su (user) . It might be a longshot, but it might help.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  5. #5
    vi /etc/passwd

    root:x:-1:0:root:/root:/bin/bash

  6. #6
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,686
    Ye'r screwed
    try the second suggestion, see if there's a 0:0 user in there.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  7. #7
    yea there is no user with a 0:0 in the /etc/passwd file at all would there be any other file I should check for?

  8. #8
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,686
    Hate to say it but you are officially hosed. 0:0 is root, and only root can change things like passwd, etc. If you have no root user, you're pretty much hosed.

    Now, you have two options at this point, and option A is a longshot.

    A> have your DC try to boot from a rescue disc and edit root to be what it should be.
    IF this is done successfully (not sure how the rescue disc will read passwd), then you'll be able to get through. Create an sudo user immediately so that you have prevention if this happens again.
    As well, if this is successful, you should immediately start searching for hacks in your server, because there's only one way that file was changed, someone editing it. Either you, your staff members , or, you've been hacked.

    B> If A fails (probably will), you'll need to order an O.S. reload
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  9. #9
    hums also I sudo su and then can login however I still cannot preform any actions...

  10. #10
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,686
    Right, because you have no root user
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  11. #11
    lol shaaat lol ok well thanks for your time guy I totaly appericate it ok well ill see what I can do about this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •