Knowledgebase

Portal Home > Knowledgebase > Articles Database > danger account or what plz help


danger account or what plz help




Posted by rs2host, 08-20-2008, 02:15 AM
hello i have adedicateded server and when i list my accounts i found that site Domain: whmr-11cacdcfd1.com Account was setup by: root it is strange as i do not make this account i have terminate it yesterday now i found that report on my mail +===================================+ | New Account Info | +===================================+ | Domain: whmr-11cacdcfd1.com | Ip: 69.162.66.2 (n) | HasCgi: n | UserName: whmrback | PassWord: ***HIDDEN*** | CpanelMod: x | HomeRoot: /home | Quota: 10000 Meg | NameServer1: ns1.rock2host.com | NameServer2: ns2.rock2host.com | NameServer3: ns3.rock2host.com | NameServer4: ns4.rock2host.com | Contact Email: | Package: default | Feature List: default | Language: english +===================================+ Account was setup by: root (root) the account listed on my WHm what is it , it is a ahack or what ???????
Posted by david510, 08-20-2008, 03:57 AM
Have a check of the cpanel logs and find out the IP which created this account. Block that one. Also see the activities done by this IP to gain the root access. Immediately change the root password of your server.
Posted by TheITAdvisory, 08-20-2008, 08:06 AM
It's very possible you have been compromised in some way, shape, or form. You should hire a professional security audit service to do a pen test of your server.
Posted by VPSSQUAD, 08-20-2008, 09:31 AM
That account is for WHMReseller, did you install it recently?
Posted by rs2host, 08-20-2008, 10:08 AM
i have install - Setup Spamd Startup Configuration - WHM Master reseller does any one of them related to the issue ?
Posted by VPSSQUAD, 08-20-2008, 04:04 PM
The account belongs to WHM Master Reseller. you would need to install it again if you have been using it unless you can restore the account from backup.
Posted by jpetersen, 08-20-2008, 04:13 PM
The password for that account was aab0b6bh6a (and no, I don't have, or have ever had access to your server). If you want that issue and other much more severe security issues addressed in WHMReseller, you should contact the vendor and demand fixes.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Switched to HostGator... (Views: 631)
ban IP range oracle attack vps (Views: 580)
VPS Latch down about an hour (Views: 652)
500 internal error server (Views: 629)
Server City provides hosting infrastructure for Midway Games Ltd (Views: 633)