Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Files found in /tmp owned by nobody, any idea what these could be?

Discussion in 'Security' started by jols, Jan 18, 2013.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    3
    Trophy Points:
    168
    For quite a while I've been finding files like these in /tmp directories on more than one cPanel server:

    -rw------- 1 nobody nobody 96362 Jan 16 19:28 20130116-192813-UPdTrbit3kUAAERtNogAAAAJ-file-qDWxZ4
    -rw------- 1 nobody nobody 9585 Jan 16 18:43 20130116-184309-UPdJHLit3kUAABT-prgAAAAv-file-CZ3axs
    -rw------- 1 nobody nobody 1411672 Jan 15 19:59 20130115-195851-UPYJW7it3kUAAELwBocAAAAT-file-zjfeEP
    -rw------- 1 nobody nobody 794105 Jan 15 19:57 20130115-195747-UPYJG7it3kUAABt27T4AAAAm-file-egNpfP
    -rw------- 1 nobody nobody 1073822 Jan 12 20:47 20130112-204625-UPIgAbit3kUAADQLbPYAAAAv-file-6YQkGb
    -rw------- 1 nobody nobody 579442 Jan 12 20:09 20130112-200919-UPIXT7it3kUAAHo0dh4AAABI-file-l858p4
    -rw------- 1 nobody nobody 277375 Jan 12 20:09 20130112-200914-UPIXSrit3kUAAHnwZaEAAAAH-file-07ROck
    -rw------- 1 nobody nobody 1209774 Jan 12 20:05 20130112-200512-UPIWWLit3kUAAGWeUCcAAAAm-file-alvhwJ
    -rw------- 1 nobody nobody 387296 Jan 12 20:05 20130112-200500-UPIWTLit3kUAAFrZdu0AAAAq-file-TObna0
    -rw------- 1 nobody nobody 322392 Jan 12 20:02 20130112-200207-UPIVn7it3kUAAFeFIdkAAABl-file-y6Y4IZ
    -rw------- 1 nobody nobody 5744 Jan 11 13:41 20130111-134101-UPBqx7it3kUAADWbEHkAAAAV-file-MbnTfX
    -rw------- 1 nobody nobody 1806 Jan 8 15:30 20130108-153007-UOyP3rit3kUAAHsCfv8AAAAG-file-xXpz0v

    Running the strings command only shows indecipherable text, so obviously these are compressed or encrypted files.

    Anyone have any idea what these may be?

    Many thanks.

    - - - Updated - - -

    Okay, nevermind, looks like these are images:

    file 20130108-153007-UOyP3rit3kUAAHsCfv8AAAAG-file-xXpz0v
    20130108-153007-UOyP3rit3kUAAHsCfv8AAAAG-file-xXpz0v: JPEG image data, EXIF standard
     
    #1 jols, Jan 18, 2013
  2. NixTree

    NixTree Well-Known Member

    Joined:
    Aug 19, 2010
    Messages:
    407
    Likes Received:
    3
    Trophy Points:
    143
    Location:
    Gods Own Country
    cPanel Access Level:
    Root Administrator
    Twitter:
    If you find the files are not vulnerable and owned by nobody randowm string files, they will be temporary files generated by Apache like session files, etc
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 NixTree, Jan 18, 2013
(You must log in or sign up to post here.)
Loading...
Similar Threads - Files found owned
  1. monkey64

    SOLVED Custom 404 shows “File not found” for php files instead of redirecting

    monkey64, Jun 27, 2018, in forum: EasyApache
    Replies:
    4
    Views:
    905
    cPanelLauren
    Jul 5, 2018
  2. Cristian Samuel Vargas

    Cannot Email PDF Files

    Cristian Samuel Vargas, Dec 6, 2018, in forum: E-mail Discussion
    Replies:
    6
    Views:
    450
    cPanelMichael
    Dec 13, 2018 at 1:26 PM
  3. webnix

    counter files not included in backup

    webnix, Dec 6, 2018, in forum: Data Protection
    Replies:
    1
    Views:
    87
    cPanelLauren
    Dec 7, 2018
  4. xprt007

    What could these giant files in .cagefs/tmp be?

    xprt007, Dec 5, 2018, in forum: General Discussion
    Replies:
    5
    Views:
    246
    cPanelLauren
    Dec 7, 2018
  5. alvdev

    Separate server storage for media files

    alvdev, Nov 27, 2018, in forum: General Discussion
    Replies:
    2
    Views:
    121
    cPanelLauren
    Nov 28, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice