The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Came across this weird folder setup on one of our servers

Discussion in 'Security' started by sahostking, Jul 24, 2014.

  1. sahostking

    sahostking Well-Known Member

    Joined:
    May 15, 2012
    Messages:
    300
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Cape Town, South Africa
    cPanel Access Level:
    Root Administrator
    The below looks like a bunch of symlinks. Luckily we use Cagefs so I doubt anything happened further. Well I hope so. Looks like it has been like this for months. How do I safely fix it?

    Code:
    root@# [/home/complete]# ls -lsah
    total 132K
    4.0K drwx--x--x   4 complete     complete     4.0K Jul 17 12:30 ./
     20K drwx--x--x 775 root         root          20K Jul 24 10:11 ../
     12K -rw-r--r--   1 root         root          11K Nov 27  2013 access-logs
    4.0K -rw-r--r--   1 complete     complete       18 Feb 21  2013 .bash_logout
    4.0K -rw-r--r--   1 complete     complete      176 Feb 21  2013 .bash_profile
    4.0K -rw-r--r--   1 complete     complete      124 Feb 21  2013 .bashrc
    4.0K drwxrwx--x   2 complete     complete     4.0K Jul 16 21:57 .cagefs/
     16K -rw-r--r--   1 root         root          13K Nov 27  2013 .cl.selector
    4.0K -rw-------   1 complete     complete       17 Mar  9  2013 .contactemail
    4.0K dr-xrwxr-x   2 securervsite securervsite 4.0K Nov 25  2013 .cpanel/
    4.0K lrwxrwxrwx   1 cthrufen     securervsite   71 Jun 22  2013 cpanel3-skel -> \n
    4.0K -rw-r-----   1 complete     complete        1 Mar 10  2013 cpbackup-exclude.conf
       0 -rw-r--r--   1 complete     complete        0 Feb  3 15:48 dailyreport_off
    4.0K -rw-r--r--   1 complete     complete       64 Nov 15  2013 delay_spam_lover
    4.0K lrwxrwxrwx   1 condilfs     securervsite   71 Aug 22  2013 etc -> \v
    4.0K lrwxrwxrwx   1 diversec     securervsite   71 Feb 27  2013 .htpasswds -> \b
    4.0K -rw-------   1 complete     complete       15 May 26 10:15 .lastlogin
    4.0K lrwxrwxrwx   1 coareetq     securervsite   71 Jan 13  2013 mail -> \f
    4.0K lrwxrwxrwx   1          541 securervsite   71 Dec  3  2012 public_ftp -> \r
    4.0K lrwxrwxrwx   1 techfive     securervsite   71 Apr 18  2013 public_html -> \016
    4.0K drwxr-xr-x   3 root         root         4.0K Jan  8  2014 .rvglobalsoft/
       0 -rw-r--r--   1 complete     complete        0 Oct 30  2013 s_imapstatus
    4.0K lrwxrwxrwx   1 babysafe     securervsite   71 Jan 30  2013 .softaculous -> \t
    4.0K lrwxrwxrwx   1          972 securervsite   71 Jul 20  2013 ssl -> \017
    4.0K lrwxrwxrwx   1 pcdrcoza     securervsite   71 Nov 20  2012 tmp -> \020
    4.0K drwxr-xr-x   4 root         root         4.0K Sep  5  2013 www/
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Is that an account that you created at some point in the past? I'm not sure that is something that is fixable, but you should likely investigate what happened to determine if your server has been exploited.

    Thank you.
     

Share This Page