The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

malacious code in tmp folder

Discussion in 'General Discussion' started by neonix, Apr 5, 2007.

  1. neonix

    neonix Well-Known Member

    Joined:
    Oct 21, 2004
    Messages:
    124
    Likes Received:
    2
    Trophy Points:
    0
    Hi,

    I just saw this in the tmp folder...

    -rwx--x--x 1 nobody nobody 12359 Mar 26 16:08 sys*

    my tmp folder is protected and this is the first time in i have seen an executable file in tmp...

    What can I do to investigate further?

    Thanks,
    Neonix
     
  2. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Start grepping your apache logs for sys and around that date/time. Since it's owned by nobody there is a script on your server with an exploit in which someone used to upload this.
     
  3. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    I can give you a free WHM addon that scans various tmp folders and partitions for malicious files - just contact me by PM and I'll share with you :)
     
Loading...

Share This Page