Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Files found in /tmp owned by nobody, any idea what these could be?

Discussion in 'Security' started by jols, Jan 18, 2013.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    3
    Trophy Points:
    168
    For quite a while I've been finding files like these in /tmp directories on more than one cPanel server:

    -rw------- 1 nobody nobody 96362 Jan 16 19:28 20130116-192813-UPdTrbit3kUAAERtNogAAAAJ-file-qDWxZ4
    -rw------- 1 nobody nobody 9585 Jan 16 18:43 20130116-184309-UPdJHLit3kUAABT-prgAAAAv-file-CZ3axs
    -rw------- 1 nobody nobody 1411672 Jan 15 19:59 20130115-195851-UPYJW7it3kUAAELwBocAAAAT-file-zjfeEP
    -rw------- 1 nobody nobody 794105 Jan 15 19:57 20130115-195747-UPYJG7it3kUAABt27T4AAAAm-file-egNpfP
    -rw------- 1 nobody nobody 1073822 Jan 12 20:47 20130112-204625-UPIgAbit3kUAADQLbPYAAAAv-file-6YQkGb
    -rw------- 1 nobody nobody 579442 Jan 12 20:09 20130112-200919-UPIXT7it3kUAAHo0dh4AAABI-file-l858p4
    -rw------- 1 nobody nobody 277375 Jan 12 20:09 20130112-200914-UPIXSrit3kUAAHnwZaEAAAAH-file-07ROck
    -rw------- 1 nobody nobody 1209774 Jan 12 20:05 20130112-200512-UPIWWLit3kUAAGWeUCcAAAAm-file-alvhwJ
    -rw------- 1 nobody nobody 387296 Jan 12 20:05 20130112-200500-UPIWTLit3kUAAFrZdu0AAAAq-file-TObna0
    -rw------- 1 nobody nobody 322392 Jan 12 20:02 20130112-200207-UPIVn7it3kUAAFeFIdkAAABl-file-y6Y4IZ
    -rw------- 1 nobody nobody 5744 Jan 11 13:41 20130111-134101-UPBqx7it3kUAADWbEHkAAAAV-file-MbnTfX
    -rw------- 1 nobody nobody 1806 Jan 8 15:30 20130108-153007-UOyP3rit3kUAAHsCfv8AAAAG-file-xXpz0v

    Running the strings command only shows indecipherable text, so obviously these are compressed or encrypted files.

    Anyone have any idea what these may be?

    Many thanks.

    - - - Updated - - -

    Okay, nevermind, looks like these are images:

    file 20130108-153007-UOyP3rit3kUAAHsCfv8AAAAG-file-xXpz0v
    20130108-153007-UOyP3rit3kUAAHsCfv8AAAAG-file-xXpz0v: JPEG image data, EXIF standard
     
    #1 jols, Jan 18, 2013
  2. NixTree

    NixTree Well-Known Member

    Joined:
    Aug 19, 2010
    Messages:
    407
    Likes Received:
    3
    Trophy Points:
    143
    Location:
    Gods Own Country
    cPanel Access Level:
    Root Administrator
    Twitter:
    If you find the files are not vulnerable and owned by nobody randowm string files, they will be temporary files generated by Apache like session files, etc
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 NixTree, Jan 18, 2013
(You must log in or sign up to post here.)
Loading...
Similar Threads - Files found owned
  1. monkey64

    SOLVED Custom 404 shows “File not found” for php files instead of redirecting

    monkey64, Jun 27, 2018, in forum: EasyApache
    Replies:
    4
    Views:
    372
    cPanelLauren
    Jul 5, 2018
  2. GoWilkes

    Core files in cgi-bin?

    GoWilkes, Oct 11, 2018 at 1:53 AM, in forum: General Discussion
    Replies:
    5
    Views:
    75
    Infopro
    Oct 13, 2018 at 5:13 AM
  3. Nakshathra

    Remove large number of files?

    Nakshathra, Oct 6, 2018, in forum: General Discussion
    Replies:
    3
    Views:
    68
    Infopro
    Oct 10, 2018
  4. MarkPW

    PHP-FPM and including files outside document root

    MarkPW, Oct 5, 2018, in forum: EasyApache
    Replies:
    2
    Views:
    82
    cPanelLauren
    Oct 10, 2018
  5. Andee

    Permissions on files links not working

    Andee, Sep 29, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    52
    cPanelLauren
    Oct 5, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice