administration user?

Support for security such as Firewalls and securing linux
Post Reply
rude2012
Posts: 7
Joined: 2014/10/06 20:17:10

administration user?

Post by rude2012 » 2016/10/24 16:15:59

Hello, it appears that someone has accessed our email server using the administration user. i do not remember setting this use or password. is this a default user and is i change it, what else will that affect? thank you.... they are using this account to log into the email server and sending spam emails out. your help is appreciated.

--rdh

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: administration user?

Post by TrevorH » 2016/10/24 18:10:31

There is no "administration" user called that. The user with power over the entire system is called root and if that has been compromised then you need to take the server offline ASAP and backup your data and reinstall the system. There is no other viable alternative to this as you do not know how many backdoors the hacker has placed inside your system to allow them to regain access if you try to lock them out. Try getent passwd administration (or whatever the username is) and see what that reports.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply