The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Files found in /tmp owned by nobody, any idea what these could be?

Discussion in 'Security' started by jols, Jan 18, 2013.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    168
    For quite a while I've been finding files like these in /tmp directories on more than one cPanel server:

    -rw------- 1 nobody nobody 96362 Jan 16 19:28 20130116-192813-UPdTrbit3kUAAERtNogAAAAJ-file-qDWxZ4
    -rw------- 1 nobody nobody 9585 Jan 16 18:43 20130116-184309-UPdJHLit3kUAABT-prgAAAAv-file-CZ3axs
    -rw------- 1 nobody nobody 1411672 Jan 15 19:59 20130115-195851-UPYJW7it3kUAAELwBocAAAAT-file-zjfeEP
    -rw------- 1 nobody nobody 794105 Jan 15 19:57 20130115-195747-UPYJG7it3kUAABt27T4AAAAm-file-egNpfP
    -rw------- 1 nobody nobody 1073822 Jan 12 20:47 20130112-204625-UPIgAbit3kUAADQLbPYAAAAv-file-6YQkGb
    -rw------- 1 nobody nobody 579442 Jan 12 20:09 20130112-200919-UPIXT7it3kUAAHo0dh4AAABI-file-l858p4
    -rw------- 1 nobody nobody 277375 Jan 12 20:09 20130112-200914-UPIXSrit3kUAAHnwZaEAAAAH-file-07ROck
    -rw------- 1 nobody nobody 1209774 Jan 12 20:05 20130112-200512-UPIWWLit3kUAAGWeUCcAAAAm-file-alvhwJ
    -rw------- 1 nobody nobody 387296 Jan 12 20:05 20130112-200500-UPIWTLit3kUAAFrZdu0AAAAq-file-TObna0
    -rw------- 1 nobody nobody 322392 Jan 12 20:02 20130112-200207-UPIVn7it3kUAAFeFIdkAAABl-file-y6Y4IZ
    -rw------- 1 nobody nobody 5744 Jan 11 13:41 20130111-134101-UPBqx7it3kUAADWbEHkAAAAV-file-MbnTfX
    -rw------- 1 nobody nobody 1806 Jan 8 15:30 20130108-153007-UOyP3rit3kUAAHsCfv8AAAAG-file-xXpz0v

    Running the strings command only shows indecipherable text, so obviously these are compressed or encrypted files.

    Anyone have any idea what these may be?

    Many thanks.

    - - - Updated - - -

    Okay, nevermind, looks like these are images:

    file 20130108-153007-UOyP3rit3kUAAHsCfv8AAAAG-file-xXpz0v
    20130108-153007-UOyP3rit3kUAAHsCfv8AAAAG-file-xXpz0v: JPEG image data, EXIF standard
     
    #1 jols, Jan 18, 2013
  2. NixTree

    NixTree Well-Known Member

    Joined:
    Aug 19, 2010
    Messages:
    404
    Likes Received:
    2
    Trophy Points:
    143
    Location:
    Gods Own Country
    cPanel Access Level:
    Root Administrator
    Twitter:
    If you find the files are not vulnerable and owned by nobody randowm string files, they will be temporary files generated by Apache like session files, etc
     
    #2 NixTree, Jan 18, 2013
(You must log in or sign up to post here.)
Loading...
Similar Threads - Files found owned
  1. sunilsaini

    Which files are taking most of the bandwidth

    sunilsaini, Aug 18, 2017 at 8:00 AM, in forum: General Discussion
    Replies:
    1
    Views:
    34
    cPanelMichael
    Aug 18, 2017 at 11:42 AM
  2. Techmo9j

    Changing subdomain that will access files

    Techmo9j, Jul 29, 2017, in forum: Bind / DNS / Nameserver Issues
    Replies:
    2
    Views:
    76
    cPanelMichael
    Aug 1, 2017
  3. jndawson

    SOLVED Backup meta files appeared after latest upgrade to v.66

    jndawson, Jul 27, 2017, in forum: Data Protection
    Replies:
    2
    Views:
    145
    jndawson
    Jul 28, 2017
  4. Nirjonadda

    Could not increase number of max_open_files to more than 50000

    Nirjonadda, Jul 25, 2017, in forum: Database Discussions
    Replies:
    3
    Views:
    113
    cPanelMichael
    Jul 25, 2017
  5. segun_nira

    Urgent need to Recover mistakenly deleted files

    segun_nira, Jul 24, 2017, in forum: E-mail Discussions
    Replies:
    7
    Views:
    115
    24x7server
    Jul 25, 2017

Share This Page