cpanelwhm

bad shell auto-created bad account on vps

a bad uploaded script auto creating bad cpanel account on my host. i found and terminate that bad file.

but theres is still bad auto-created account in whm. (account not showed in GUI WHM )

is there a way to remove them completely from root access?

here the list of the bad whm account vfs1.zip vfs2.zip vsf3.zip

UPDATED: that problem was from a bad script. do a fresh install fix that.

Solution

  • You can do the following:

    1. check /etc/passwd to ensure that no malicious users where add or if any of the current users was given shell access, if you found any strange users then here is what to do
    2. Check the server with RootKitHunter
    3. Disable SSH access for root and ensure there are no strange SSH Keys and if possible make SSH only for known IPs And don't forget to check the logs either SSH logs e.g /var/log/secure or the web server logs to identify the source as possible.

    Also check this question about how to deal with compromised serve