Show Posts
1
Hacking and Security / hackcheck
« on: February 11, 2014, 02:55:35 pm »
I know just enough to be dangerous, so I would appreciate some help with this matter.
I have a Godaddy Dedicated Server.
Operating System: CentOS 6 x64 Processor: Intel Core i5 - 3.10 GHz RAM: 16 GB Total Disk Space: 2000 GB RAID: None Disk Drive(s): 1000 GB (Drive #1)
1000 GB (Drive #2) Bandwidth Quota: 15000 GB Firewall: ASA 5505
I access via SSH, and WHM.
I'm getting the following message texted to me at 2:15am every night.
IMPORTANT: Do not ignore this email.
This message is to inform you that the account dgc has user id 0 (root privs).
This could mean that your system was compromised (OwN3D). To be safe you should verify that your system has not been compromised.
I've looked at the users and infact I do have a user "dgc" that has root access to my server. Godaddy told me to remove that user, but when I did it completely disabled my entire server locking my "root" user out, shutting off the websites, everything. Godaddy came back and reinstated my root user and I'm able to get back in, but they will not address this hackcheck email.
I'm left to fix this on my own and I don't know what to do.
There is an extra directory that I didn't create located at /home/indexphp which I KNOW is not a directory I created.
Advice?
I have a Godaddy Dedicated Server.
Operating System: CentOS 6 x64 Processor: Intel Core i5 - 3.10 GHz RAM: 16 GB Total Disk Space: 2000 GB RAID: None Disk Drive(s): 1000 GB (Drive #1)
1000 GB (Drive #2) Bandwidth Quota: 15000 GB Firewall: ASA 5505
I access via SSH, and WHM.
I'm getting the following message texted to me at 2:15am every night.
IMPORTANT: Do not ignore this email.
This message is to inform you that the account dgc has user id 0 (root privs).
This could mean that your system was compromised (OwN3D). To be safe you should verify that your system has not been compromised.
I've looked at the users and infact I do have a user "dgc" that has root access to my server. Godaddy told me to remove that user, but when I did it completely disabled my entire server locking my "root" user out, shutting off the websites, everything. Godaddy came back and reinstated my root user and I'm able to get back in, but they will not address this hackcheck email.
I'm left to fix this on my own and I don't know what to do.
There is an extra directory that I didn't create located at /home/indexphp which I KNOW is not a directory I created.
Advice?