account "xxx" has user ID 0 (root privileges)
Hey everyone, i recently started to get mails from my whm says this :
i did some research about this and i found this thread : [cPanel hackcheck] has a uid 0 account i used the command line:
the result was this:
Does this mean im hacked or is it normal thing ? i deleted the line says apache_user, what can i do to avoid this or what can cause this i dont know.
IMPORTANT: Do not ignore this email.
This message is to inform you that the account "apache_user" has user ID 0 (root privileges). This may indicate that your system is compromised. To be safe, you should verify that your system is not compromised.
This notice is the result of a request from "hackcheck".
The system generated this notice on Thursday, July 27, 2017 at 7:59:37 PM UTC.
"Root Compromise Checks" notifications are currently configured to have an importance of "High". You can change the importance or disable this type of notification in WHM"s Contact Manager at: https://xxxx:2087/scripts2/editcontact?event=Check::Hack
Do not reply to this automated message.i did some research about this and i found this thread : [cPanel hackcheck] has a uid 0 account i used the command line:
# cat /etc/passwd | grep 0:0the result was this:
root:x:0:0:root:/root:/bin/bash
apache_user:x:0:0::/home/apache_user:/bin/bashDoes this mean im hacked or is it normal thing ? i deleted the line says apache_user, what can i do to avoid this or what can cause this i dont know.
-
Hi @erdeme61, The /etc/passwd entry you are referring to does sometimes indicate a root-level compromise, but it's difficult to diagnose this type of issue without access to the affected system. Feel free to open a support ticket using the link in my signature and we can run some basic checks to see if there are any obvious signs of a root compromise. There's a document on this topic at: Why can't I clean a hacked machine - cPanel Knowledge Base - cPanel Documentation Thank you. 0
Please sign in to leave a comment.
Comments
1 comment