Community Forums
Connect with us on LinkedIn
lfd on yourserver.com: Suspicious File Alert
  
+ Reply to Thread
Results 1 to 4 of 4
  1. 06-05-2011 10:09 AM #1
    polkocholo
    polkocholo is offline
    Member
    Join Date
    Nov 2010
    Posts
    39

    Default lfd on yourserver.com: Suspicious File Alert

    Time: Sun Jun 5 19:35:35 2011 +0430
    File: /tmp/bds
    Reason: Linux Binary
    Owner: youruser:youruser (821:817)
    Action: Moved into /etc/csf/suspicious.tar


    i received this email from lfd

    could you please help me?


    many thanks
    Reply With Quote Reply With Quote
  2. 06-05-2011 10:22 AM #2
    dalem
    dalem is offline
    cPanel Partner NOC cPanel Partner NOC Badge
    Join Date
    Oct 2003
    Posts
    1,924

    Default Re: lfd on yourserver.com: Suspicious File Alert

    Best to ask this question at the configserver forums as it from csf


    your youruser:youruser has exploitable software running
    Lowest Host/Empire Technology LLC
    Affordable hosting solutions http://empire-hosting.net
    List Your hosting site FREE in http://hostgeneration.com
    Reply With Quote Reply With Quote
  3. 06-09-2011 11:32 PM #3
    kbob
    kbob is offline
    Member kbob's Avatar
    Join Date
    May 2011
    Posts
    17
    cPanel/Enkompass Access Level

    Root Administrator

    Default Re: lfd on yourserver.com: Suspicious File Alert

    @polkocholo The file in question " /tmp/bds " is know to be created from PHP based shell scripts used to compromise security on the server which is the reason it got moved to the suspicions folder .

    And you have all the information you need , the user which was running the script is - youruser: check which domain correspond to the user in question and suspend it accordingly. Or otherwise contact the user if he is a known to you individual.
    Reply With Quote Reply With Quote
  4. 07-07-2011 04:44 PM #4
    system1351
    system1351 is offline
    Member
    Join Date
    May 2010
    Posts
    9

    Default Re: lfd on yourserver.com: Suspicious File Alert

    i suggest delete that file!!!

    rm /tmp/bds
    Reply With Quote Reply With Quote
«   Got 2 Cpanel Servers hacked... root gained, anyone know HOW they did? | SuPHP problem »     
Similar Threads & Tags
Similar threads

  1. lfd on x.x.x Suspicious process running under user news
    By sassou2009 in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 04-12-2011, 09:45 AM
  2. Suspicious File Alert
    By Fakher in forum cPanel and WHM Discussions
    Replies: 4
    Last Post: 10-10-2010, 03:09 PM
  3. Suspicious File Alert /tmp/.wapi
    By wp11b in forum cPanel and WHM Discussions
    Replies: 5
    Last Post: 06-22-2009, 06:44 AM
  4. lfd: Suspicious process running under user nobody
    By RACKSET in forum cPanel and WHM Discussions
    Replies: 4
    Last Post: 02-21-2008, 10:16 AM
  5. lfd: Suspicious process running under user bintanne
    By brendanrtg in forum cPanel and WHM Discussions
    Replies: 3
    Last Post: 05-08-2007, 01:04 PM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube