root access alert

[thongster]

I have 2 root access alerts, one from russia and one from usa

Can someone look into it please

[whUK-Reeve]

Please email us at support@webhosting.uk.com with the IP's which you have received in the email notification , so that we can investigate accordingly.

And, If you want we can restrict the SSH access on your server to your and our IP only but for that you will again need to email us from your registered email address along with your local machine IP address.

[thongster]

I am out of the country at the moment, I think it would be prudent to restrict access to your ip only until I get back.

Also please ask ukSam to check the server to see if it has been rooted/compromised in any way

Please reply here, I will check back in a couple of hours

[WHUKSam]

Hello,

I am looking into this, will update you soon.

[WHUK-Brent]

Quote:

Originally Posted by thongster

I am out of the country at the moment, I think it would be prudent to restrict access to your ip only until I get back.

Also please ask ukSam to check the server to see if it has been rooted/compromised in any way

Please reply here, I will check back in a couple of hours

We have restricted cPanel, WHM and SSH access to our IP.
We have also scanned your server using CLAMAV and did not find any hacking/backdor or suspicious shell script.

[thongster]

can you check this cron job, I dont remember seeing it before

run-parts /etc/cron.daily
/etc/cron.daily/freshclam:

thanks

[whuk-cristiano]

Quote:

Originally Posted by thongster

can you check this cron job, I dont remember seeing it before

run-parts /etc/cron.daily
/etc/cron.daily/freshclam:

thanks

This cron is set to execute clam scan daily. Nothing to be worried about.

[thongster]

not sure if your clamscan is working, its emailing the following error....

connect(): No such file or directory