The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is this a malicious script?

Discussion in 'General Discussion' started by SuperBaby, Sep 21, 2006.

  1. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    I found this script called "back" in the /tmp folder. I deleted it and it came back again after a day. Is it a malicious script?

     
  2. NightStorm

    NightStorm Well-Known Member

    Joined:
    Jul 28, 2003
    Messages:
    286
    Likes Received:
    4
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    In a word, yes. It's a compromise, though not necessarily a root one. You'll need to track down the source of the file, and patch the problem, as well as go over your server's security with a fine-tooth comb and make sure that nothing else bad gets dropped into /tmp
     
Loading...

Share This Page