Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

malicious files in /var/spool/mail/

Discussion in 'E-mail Discussion' started by Ben, Feb 22, 2004.

  1. Ben

    Ben Well-Known Member

    Joined:
    Aug 19, 2002
    Messages:
    77
    Likes Received:
    0
    Trophy Points:
    156
    Hello,

    More and more we are seeing mailicious files uploaded to our server. This is usually through the use of an insecure PHP script. To combat this, we mounted /tmp noexec. This prevents 95% of the scripts from ever being run. Some of the more experienced crackers however just move the files to a directory chmod'ed to 777. Normally I then just chmod the directory to 755, which at least stops them from from using that directory again.

    I'm writing because they now appear to be using the /var/spool/mail/ directory. This directories permissions are

    drwxrwxrwt

    so I don't think that chmod'ing it to 755 is the correct answer. Much as I had done with /var/tmp/ I thought about symlinking the /var/spool/mail/ directory to /tmp as well.

    Does anyone know of the ramifications of such a fix? Anyone tried it before? Comments?
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice