The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

File uploaded in tmp by PHP

Discussion in 'General Discussion' started by aress, Jul 18, 2006.

  1. aress

    aress Active Member

    Joined:
    May 5, 2004
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    I have a cPanel server. Recently we had a user spamming arround from the server by uploading some scripts in /tmp. Since we had PHPSuExe enabled we were easily able to identify the user, spamming was in control as soon as we deleted the scripts from tmp.

    Now the user claims that he has not uploaded any file..? So my question is.. Is there a way to find out which PHP file has been used from that users site to upload the scripts in TMP.

    Any suggestion would be appreciated.

    Thanks in advance.
     
  2. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Try checking the creation date on the file and then looking at your suexec log to see what was run at that time.
     
  3. aress

    aress Active Member

    Joined:
    May 5, 2004
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    thanks.. this should definitely help.
     
  4. chae

    chae Well-Known Member

    Joined:
    Apr 19, 2003
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Auckland, New Zealand
    If it helps any we have a dose of that last month and it ended up that the script were being uploaded through an old version of PHPBB. As soon as we disabled the board loads dropped and no more scripts were being uploaded.
     
Loading...

Share This Page