lfd on yourserver.com: Suspicious File Alert

polkocholo

Active Member
Nov 22, 2010
42
0
56
Time: Sun Jun 5 19:35:35 2011 +0430
File: /tmp/bds
Reason: Linux Binary
Owner: youruser:youruser (821:817)
Action: Moved into /etc/csf/suspicious.tar


i received this email from lfd

could you please help me?


many thanks
 

kbob

Member
May 30, 2011
17
0
51
cPanel Access Level
Root Administrator
@polkocholo The file in question " /tmp/bds " is know to be created from PHP based shell scripts used to compromise security on the server which is the reason it got moved to the suspicions folder .

And you have all the information you need , the user which was running the script is - youruser: check which domain correspond to the user in question and suspend it accordingly. Or otherwise contact the user if he is a known to you individual.