The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

lfd on yourserver.com: Suspicious File Alert

Discussion in 'Security' started by polkocholo, Jun 5, 2011.

  1. polkocholo

    polkocholo Active Member

    Joined:
    Nov 22, 2010
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    Time: Sun Jun 5 19:35:35 2011 +0430
    File: /tmp/bds
    Reason: Linux Binary
    Owner: youruser:youruser (821:817)
    Action: Moved into /etc/csf/suspicious.tar


    i received this email from lfd

    could you please help me?


    many thanks
     
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    Best to ask this question at the configserver forums as it from csf


    your youruser:youruser has exploitable software running
     
  3. kbob

    kbob Member

    Joined:
    May 30, 2011
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    @polkocholo The file in question " /tmp/bds " is know to be created from PHP based shell scripts used to compromise security on the server which is the reason it got moved to the suspicions folder .

    And you have all the information you need , the user which was running the script is - youruser: check which domain correspond to the user in question and suspend it accordingly. Or otherwise contact the user if he is a known to you individual.
     
  4. system1351

    system1351 Member

    Joined:
    May 17, 2010
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    World Wide Web
    cPanel Access Level:
    Root Administrator
    i suggest delete that file!!!

    rm /tmp/bds
     
Loading...

Share This Page