Whostmgrd - Please Advice
Posted by Cyber-A, 06-28-2008, 05:19 PM Hi all When I have checked the 'Current CPU Usage' in root WHM there was a stranger IP with root ownership and command: whostmgrd - serving xxx.xxx.xxx.xxx Also there was my IP with this ownership and command, like every time I am viewing the WHM. I have blocked this IP with apf immediately, and the root password is changed. Does it mean someone was in root WHM? I have a dedicated server with cpanel on centos 4.6 / chkrootkit and rkhunter / all of server's softwares are up to date / compilers disabled for users / php open base dir is enabled and my users do not have SSH access.
Posted by PCS-Chris, 06-28-2008, 06:49 PM No it could just be a normal user. whostmgrd is the Web Host Manager process, thats all. The "serving xx.xx.xx.xx" is the IP of a user currently logged into WHM. I would advise unbanning that IP as you could have banned one of your own customers. Although we all have to start somewhere, it sounds to me like it may also be a good idea to hire a Management company to handle security on your system. It's all well and good being able to follow a few guides but you don't want to continue making mistakes like this.
Posted by Cyber-A, 06-29-2008, 01:42 AM Thanks Chris Great advice Yes we all have to start somewhere and I'm a newbie. I will ask and learn, so forgive me for my amateur questions. Thank you again.