Hi all,
soon after installing CP I’ve noticed an unusual user on my server named ‘local4694’. This user has a home directory under /home/localhost.localdomain and uses /bin/bash as its shell, which doesn’t seem typical for system users. I’m uncertain if this was created by CyberPanel during installation or if it’s potentially by something malicious.
It’s a recent installation, so I’m leaning towards it being benign, but wanted to check here, just in case – as I’m a relative newbie to self-hosting and self-managed servers.
My other server was compromised via CyberPanel (although I suspect it was due to insufficient security measures on my part), so I’m testing a secure set up, and I’m trying to rule out any unusual activity related to this user before moving on.
Can anyone confirm if ‘local4694’ is a legitimate user that might be created by CyberPanel during setup, or should I treat this as suspicious?
Thanks for any insights!
Server os version e.g. Ubuntu 20.04
Current Version: 2.3
Build: 9
Current Commit: 6f28d39a591b5e08aac6adfcc59b642a58622ea2
Latest Version: 2.3
Latest Build: 9
Latest Commit: 6f28d39a591b5e08aac6adfcc59b642a58622ea2