I got this notice from Cpanel that says 'possible hack detected'. This message is to inform you that the account “ ” has user id 0 (root privileges). This may indicate that your system is compromised.
This notice is the result of a request from “hackcheck”.
Honestly I have no idea what to do next. Is there some way to delete this account with WHM or cPanel?
Thanks!
On
I got the same and looked at my passwd file and there was a blank line in there. a thread on cpanel forums said that can trigger a false positive. it seems like cpanel adds new users itself so if you modify the file by hand and leave an extra blank line in there i guess this can happen.
as of now i dont know if server was genuinely compromised but it's possible as there are a number of accounts and I dont have resources to make it bullet proof.
on the isp activity log there isnt unusual traffic or resource consumption.
I think your server is hacked as there are create one user with 0 UID and due to that you have received this alert from server, Please contact your server admin and ask them to update the server security and try to find out root cause of this hack issues.