Files found in /tmp owned by nobody, any idea what these could be?

jols

Well-Known Member
Mar 13, 2004
1,110
3
168
For quite a while I've been finding files like these in /tmp directories on more than one cPanel server:

-rw------- 1 nobody nobody 96362 Jan 16 19:28 20130116-192813-UPdTrbit3kUAAERtNogAAAAJ-file-qDWxZ4
-rw------- 1 nobody nobody 9585 Jan 16 18:43 20130116-184309-UPdJHLit3kUAABT-prgAAAAv-file-CZ3axs
-rw------- 1 nobody nobody 1411672 Jan 15 19:59 20130115-195851-UPYJW7it3kUAAELwBocAAAAT-file-zjfeEP
-rw------- 1 nobody nobody 794105 Jan 15 19:57 20130115-195747-UPYJG7it3kUAABt27T4AAAAm-file-egNpfP
-rw------- 1 nobody nobody 1073822 Jan 12 20:47 20130112-204625-UPIgAbit3kUAADQLbPYAAAAv-file-6YQkGb
-rw------- 1 nobody nobody 579442 Jan 12 20:09 20130112-200919-UPIXT7it3kUAAHo0dh4AAABI-file-l858p4
-rw------- 1 nobody nobody 277375 Jan 12 20:09 20130112-200914-UPIXSrit3kUAAHnwZaEAAAAH-file-07ROck
-rw------- 1 nobody nobody 1209774 Jan 12 20:05 20130112-200512-UPIWWLit3kUAAGWeUCcAAAAm-file-alvhwJ
-rw------- 1 nobody nobody 387296 Jan 12 20:05 20130112-200500-UPIWTLit3kUAAFrZdu0AAAAq-file-TObna0
-rw------- 1 nobody nobody 322392 Jan 12 20:02 20130112-200207-UPIVn7it3kUAAFeFIdkAAABl-file-y6Y4IZ
-rw------- 1 nobody nobody 5744 Jan 11 13:41 20130111-134101-UPBqx7it3kUAADWbEHkAAAAV-file-MbnTfX
-rw------- 1 nobody nobody 1806 Jan 8 15:30 20130108-153007-UOyP3rit3kUAAHsCfv8AAAAG-file-xXpz0v

Running the strings command only shows indecipherable text, so obviously these are compressed or encrypted files.

Anyone have any idea what these may be?

Many thanks.

- - - Updated - - -

Okay, nevermind, looks like these are images:

file 20130108-153007-UOyP3rit3kUAAHsCfv8AAAAG-file-xXpz0v
20130108-153007-UOyP3rit3kUAAHsCfv8AAAAG-file-xXpz0v: JPEG image data, EXIF standard
 

NixTree

Well-Known Member
Aug 19, 2010
413
5
143
Gods Own Country
cPanel Access Level
Root Administrator
Twitter
If you find the files are not vulnerable and owned by nobody randowm string files, they will be temporary files generated by Apache like session files, etc