Possible root compromise...super user

Discussion in 'Security' started by coldgansta, Sep 5, 2009.

0
  1. #1
    I have a dedicated server..
    I keep getting this email from the server..

    Possible root compromise: User account ###### is a superuser (UID 0)

    I have never seen this b4 and there's not much help on google..
    I figure this is ssh superuser
    I have blocked all ips from ssh apart from my own..

    Is there a way to remove the superuser
     
    coldgansta, Sep 5, 2009 IP
  2. SecureCP

    SecureCP Guest

    Messages:
    226
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Have you considered searching for rootkits?
     
    SecureCP, Sep 8, 2009 IP
  3. coldgansta

    coldgansta Guest

    Messages:
    1,614
    Likes Received:
    29
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Yes i have done that and found none..
    The problem remains i still keep getting emails from the server saying the user may be superuser..

    How do i find the user? i have searched high and low.
     
    coldgansta, Sep 8, 2009 IP