Help - Search - Members - Calendar
Full Version: [hackcheck] planetbackup has a uid 0 account
The Planet Forums > Security > General Security
Timz0r
Nov 20 2008, 09:51 AM
um, this morning when i strolled in to work i discovered that i could no longer ssh or log in to whm or cpanel as root

i checked our server email to find the folllowing strange email in our inbox

"IMPORTANT: Do not ignore this email.
This message is to inform you that the account planetbackup has user id 0 (root privs).
This could mean that your system was compromised (OwN3D). To be safe you should verify that your system has not been compromised."

what can i do about this? it sounds pretty serious...
Tomy Durden
Nov 20 2008, 10:43 AM
QUOTE (Timz0r @ Nov 20 2008, 09:51 AM) *
um, this morning when i strolled in to work i discovered that i could no longer ssh or log in to whm or cpanel as root

i checked our server email to find the folllowing strange email in our inbox

"IMPORTANT: Do not ignore this email.
This message is to inform you that the account planetbackup has user id 0 (root privs).
This could mean that your system was compromised (OwN3D). To be safe you should verify that your system has not been compromised."

what can i do about this? it sounds pretty serious...

The Alpha Managed Backup daemon uses that account to run properly.


As far as the inaccessibility, I've notified our TS group to take a look at your ticket.
ajz4221
Nov 20 2008, 11:35 PM
QUOTE
"IMPORTANT: Do not ignore this email.
This message is to inform you that the account planetbackup has user id 0 (root privs).
This could mean that your system was compromised (OwN3D). To be safe you should verify that your system has not been compromised."


Not to distract this topic but does a professional e-mail really say "(OwN3D)?"
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.