administration user?

Support for security such as Firewalls and securing linux
rude2012
Posts: 7
Joined: 2014/10/06 20:17:10

administration user?

Postby rude2012 » 2016/10/24 16:15:59

Hello, it appears that someone has accessed our email server using the administration user. i do not remember setting this use or password. is this a default user and is i change it, what else will that affect? thank you.... they are using this account to log into the email server and sending spam emails out. your help is appreciated.

--rdh

User avatar
TrevorH
Forum Moderator
Posts: 21199
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: administration user?

Postby TrevorH » 2016/10/24 18:10:31

There is no "administration" user called that. The user with power over the entire system is called root and if that has been compromised then you need to take the server offline ASAP and backup your data and reinstall the system. There is no other viable alternative to this as you do not know how many backdoors the hacker has placed inside your system to allow them to regain access if you try to lock them out. Try getent passwd administration (or whatever the username is) and see what that reports.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke