[hackcheck] mailq has a uid 0 account
Just receive 2 email as below from our WHM:
IMPORTANT: Do not ignore this email.
This message is to inform you that the
account mailq has user id 0 (root privs). This could mean that
your system was compromised (OwN3D). To be safe you should verify that your
system has not be compromised.
**************************************************
Hidden Pid detected! [pid 2939]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/var/spool/.skmail/sk]
Hidden Pid detected! [pid 25950]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/var/spool/.skmail/viagra1.3_beta_2/src/ircd]
Hidden Pid detected! [pid 26961]
hidden from ps: [yes]
hidden from kernel: [yes]
binary location: [/bin/bash]
***************************************************
What should I do?
Andy
