The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

%CECURE.txt

Discussion in 'Security' started by GoWilkes, Aug 25, 2011.

  1. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    In my /tmp/ file, I have 2 directories:

    /tmp/msg-1299191773-31904-0
    /tmp/msg-1299191737-31750-0

    In both of these directories, there is an identical file:

    %CECURE.txt

    Each file contains one word: test

    The time stamp on these files are 3/3/11; one is 6:35pm, the other is 6:36pm.

    Any idea what these files might be? Are they a symptom of a compromised server, or a legitimate test file from something installed back in March?
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Who owns the files?
     
  3. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    They are assigned to root/root. But, I did have a server hack on 8/18/11 (there's another thread about it from yesterday), where someone apparently had gained root access. I don't THINK that dates back to March, but I'm trying to find their original entry point so I'm not 100% sure.
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    I don't see how a file with test in it would be a concern, since there isn't anything in the file with malicious content. I cannot say what caused it to be placed into that folder.
     
Loading...

Share This Page