Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Files found in /tmp owned by nobody, any idea what these could be?

Discussion in 'Security' started by jols, Jan 18, 2013.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    168
    For quite a while I've been finding files like these in /tmp directories on more than one cPanel server:

    -rw------- 1 nobody nobody 96362 Jan 16 19:28 20130116-192813-UPdTrbit3kUAAERtNogAAAAJ-file-qDWxZ4
    -rw------- 1 nobody nobody 9585 Jan 16 18:43 20130116-184309-UPdJHLit3kUAABT-prgAAAAv-file-CZ3axs
    -rw------- 1 nobody nobody 1411672 Jan 15 19:59 20130115-195851-UPYJW7it3kUAAELwBocAAAAT-file-zjfeEP
    -rw------- 1 nobody nobody 794105 Jan 15 19:57 20130115-195747-UPYJG7it3kUAABt27T4AAAAm-file-egNpfP
    -rw------- 1 nobody nobody 1073822 Jan 12 20:47 20130112-204625-UPIgAbit3kUAADQLbPYAAAAv-file-6YQkGb
    -rw------- 1 nobody nobody 579442 Jan 12 20:09 20130112-200919-UPIXT7it3kUAAHo0dh4AAABI-file-l858p4
    -rw------- 1 nobody nobody 277375 Jan 12 20:09 20130112-200914-UPIXSrit3kUAAHnwZaEAAAAH-file-07ROck
    -rw------- 1 nobody nobody 1209774 Jan 12 20:05 20130112-200512-UPIWWLit3kUAAGWeUCcAAAAm-file-alvhwJ
    -rw------- 1 nobody nobody 387296 Jan 12 20:05 20130112-200500-UPIWTLit3kUAAFrZdu0AAAAq-file-TObna0
    -rw------- 1 nobody nobody 322392 Jan 12 20:02 20130112-200207-UPIVn7it3kUAAFeFIdkAAABl-file-y6Y4IZ
    -rw------- 1 nobody nobody 5744 Jan 11 13:41 20130111-134101-UPBqx7it3kUAADWbEHkAAAAV-file-MbnTfX
    -rw------- 1 nobody nobody 1806 Jan 8 15:30 20130108-153007-UOyP3rit3kUAAHsCfv8AAAAG-file-xXpz0v

    Running the strings command only shows indecipherable text, so obviously these are compressed or encrypted files.

    Anyone have any idea what these may be?

    Many thanks.

    - - - Updated - - -

    Okay, nevermind, looks like these are images:

    file 20130108-153007-UOyP3rit3kUAAHsCfv8AAAAG-file-xXpz0v
    20130108-153007-UOyP3rit3kUAAHsCfv8AAAAG-file-xXpz0v: JPEG image data, EXIF standard
     
  2. NixTree

    NixTree Well-Known Member

    Joined:
    Aug 19, 2010
    Messages:
    404
    Likes Received:
    3
    Trophy Points:
    143
    Location:
    Gods Own Country
    cPanel Access Level:
    Root Administrator
    Twitter:
    If you find the files are not vulnerable and owned by nobody randowm string files, they will be temporary files generated by Apache like session files, etc
     
Loading...

Share This Page