Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

malicious files in /var/spool/mail/

Discussion in 'E-mail Discussions' started by Ben, Feb 22, 2004.

  1. Ben

    Ben Well-Known Member

    Aug 19, 2002
    Likes Received:
    Trophy Points:

    More and more we are seeing mailicious files uploaded to our server. This is usually through the use of an insecure PHP script. To combat this, we mounted /tmp noexec. This prevents 95% of the scripts from ever being run. Some of the more experienced crackers however just move the files to a directory chmod'ed to 777. Normally I then just chmod the directory to 755, which at least stops them from from using that directory again.

    I'm writing because they now appear to be using the /var/spool/mail/ directory. This directories permissions are


    so I don't think that chmod'ing it to 755 is the correct answer. Much as I had done with /var/tmp/ I thought about symlinking the /var/spool/mail/ directory to /tmp as well.

    Does anyone know of the ramifications of such a fix? Anyone tried it before? Comments?

Share This Page