Support for security such as Firewalls and securing linux
2 posts • Page 1 of 1
Hello, it appears that someone has accessed our email server using the administration user. i do not remember setting this use or password. is this a default user and is i change it, what else will that affect? thank you.... they are using this account to log into the email server and sending spam emails out. your help is appreciated.
There is no "administration" user called that. The user with power over the entire system is called root and if that has been compromised then you need to take the server offline ASAP and backup your data and reinstall the system. There is no other viable alternative to this as you do not know how many backdoors the hacker has placed inside your system to allow them to regain access if you try to lock them out. Try getent passwd administration (or whatever the username is) and see what that reports.