var sidebar_align = 'right';
var content_container_margin = parseInt('350px');
var sidebar_width = parseInt('330px');
[hackcheck] http has a uid 0 account
I got this email recently just after doing a cpanel update (/script/upcp)
What should I do next? Was this because of the update, or should I reinstall the system?
IMPORTANT: Do not ignore this email.
This message is to inform you that the account http has user id 0 (root privs).
This could mean that your system was compromised (OwN3D). To be safe you should
verify that your system has not been compromised.
It sounds like you were compromised. What you need to do next is determine how you were compromised.
Lastlog showed the http account login as the same time as I did on the root account from the same ip. Odd.
I've just removed it for now; and from what I can tell nothing horrible has happened yet
Root accounts just don't happen. It got there somewhere, if you didn't do it. Someone else did, and if you don't patch how they did it, they will just do it again.
<< removed by request >>
Originally Posted by
I will get the DC to reinstall my OS then update and restore from backups. << removed by request >>
Last edited by writespeak; 07-11-2009 at
Reason: Edited by request
The root user or the super user has access to all resources on the server...I mean complete access to whatever it wants to.
Now the root user runs under a UID equal to 0. This can be seen on the first line in the file /etc/passwd(not to be changed or edited unless you know what your doing).
Now the "httpd" process...being the daemon running for Apache. You can check the UID for this user under the same file.
The file would have a syntax like :
So you would be looking at the third field.
Sr. Systems Engineer
We grow by helping you grow.
By rrsnider in forum Hosting Security and Technology
Last Post: 01-18-2006, 04:20 AM
By steeee in forum Hosting Security and Technology
Last Post: 05-13-2005, 04:51 PM
By andy18 in forum Hosting Security and Technology
Last Post: 07-07-2003, 04:26 PM
By kevinpham in forum Hosting Security and Technology
Last Post: 04-26-2003, 11:08 AM
By Tazzman in forum Hosting Security and Technology
Last Post: 01-06-2003, 02:00 PM