IMPORTANT: Do not ignore this email.This message is to inform you that the account xxxxxx has user id 0 (root privs).This could mean that your system was compromised (OwN3D). To be safe you shouldverify that your system has not been compromised.
If any one get the above message in your inbox as WHM notification, it is an indication of server compromise.
Now you may check which account has UID 0 in ssh command line
>> cat /etc/passwd | grep 0:0
in result you must seen same these line ...root:x:0:0:root:/root:/bin/bash
any account more than root must be deleted to fix, in this server we have xxxxx more than root, then we remove it
2-Go to this address >> /etc3-nano -w passwd4-Find >> admin:x:0:0:xxxx:/home/xxxx:/bin/bash , and remove that line <<<<<<<<<<<<<<<<<<<<user dgc doesn't show in this list. care full fore remove account , and sure that which account must be remove5-CTRL + X6-for save file >> press Y7-check fix this by >> cat passwd8-restart apache9- Finished
Please feel free to contact me for any further clarifications
mail me - firstname.lastname@example.org